Updated: May 25, 2018
1. Information on the collection of personal data
(2) The responsible party as per Art. 4 no. 7 of the EU General Data Protection Regulation (GDPR) is
BRABUS Automotive GmbH
Brabus-Allee, 46240 Bottrop, Germany
Our Data Protection Officer can be reached at email@example.com or by letter to our company (please add “Attn: Data Protection Officer“).
(3) When you contact us by email or contact form, we will store the data you disclose to us there (your email address, possibly your name and telephone number) to answer your questions. We delete the data collected in this context when its storage is no longer necessary, or we restrict the processing of this data if statutory retention periods apply.
(4) If we rely on commissioned service providers to perform certain individual tasks in the context of the services we offer or if we want to use your data for advertising purposes, we will inform you about the details of the relevant processes below. In this context, we will also inform you about the defined criteria for data retention.
2. Your rights
(1) As to your personal data, you are entitled to the following rights in the relationship with us:
− Right of access by the data subject (Art. 15 GDPR),
− Right to rectification and erasure (Art. 16 and Art. 17 GDPR),
− Right to restriction of processing (Art. 18 GDPR),
− Right to object (Art. 21 GDPR),
− Right to data portability (Art. 20 GDPR).
(2) Moreover, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 subs. 1 e) GDPR (data processing in the public interest) or Art. 6 subs. 1 f) GDPR (data processing based on the weighing of interests), including profiling based on those provisions (Art. 21 GDPR). If you object to the processing, we will only continue to process your data if we can prove compelling legitimate reasons for the processing that override your interests, rights and freedoms or when the processing serves to establish, exercise or defend legal claims.
(3) If you have given your consent to our processing of your personal data, you have the right to revoke this consent at any time. The revocation of your consent is however without prejudice to the lawfulness of the processing of your personal data that has taken place until the time of your revocation. Moreover, the revocation is without prejudice to any further processing of this data that is based on a different legal basis such as for compliance with legal obligations.
(4) Finally, you have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority.
(5) We kindly ask you to communicate your claims or declarations to the following address, if possible: firstname.lastname@example.org.
3. Collection of personal data when you visit our website
(1) When you use our website for mere information purposes, which means when you do not register or otherwise disclose or transfer information to us, we only collect the personal data, which your browser transfers to our server. If you want to visit our website, we collect the following data which are technically necessary for us to display our website to you and ensure its stability and security (the legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR):
− IP address
− Date and time of the inquiry
− Time zone difference compared to Greenwich Mean Time (GMT)
− Content accessed (specific page accessed)
− Access status / http status code
− Data volume transferred in each case
− Website from which the request comes
− Operating system and user interface
− Language and version of the browser software.
(2) In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files which are allocated to the browser you use and stored on your hard drive and which provide the institution which places the cookie (here: our company) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to render the Internet content more user-friendly and more effective overall.
a) This website uses the following types of cookies the extent and functionality of which are described in the following:
− Temporary cookies (see b)
− Persistent cookies (see c).
b) Temporary cookies are deleted automatically as soon as you close the browser. They include in particular session cookies. These store a so-called session ID that enables various browser requests to be allocated to the same session. This allows recognition of your computer when you visit our website again. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are deleted after three months at the latest. You can delete the cookies at any time in the security settings of your browser.
d) You can configure your browser settings as you wish, and you can reject third-party cookies, for example, or all cookies. Please be aware that, in this case, you might be unable to use all functions and features of this website.
f) The flash cookies we use are not managed by your browser but by your Flash plug-in. In addition, we use HTML5 storage objects, which are stored on your device. These objects store the required data, regardless of the browser you use, and they do not expire automatically. If you do not want Flash cookies to be managed, you have to install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects if you set your browser to private mode. We also recommend that you delete your cookies and the browser history manually at regular intervals.
4. Use of our web shop
(1) When you want to place an order in our web shop, it is necessary for the purposes of contract conclusion that you enter your personal data, which we need for processing and executing your order. Required fields that are indispensable for executing the contracts are specifically marked. All other information is voluntary. We process the data you have disclosed to us for fulfilling your order. For this purpose, we may also transfer your payment data to our main bank. The legal basis for this is Art. 6 subs. 1 sentence 1 b) GDPR.
You can also voluntarily open a customer account, which enables us to store your data for subsequent purchase orders. If you create an account under “My account”, the data you enter there is stored until consent is revoked by you. You can delete all other data including your user account in the customer area at any time.
We may also process the data you have entered to inform you about other interesting products from our portfolio or send you emails with technical information.
(2) We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years, we will restrict the processing of your data, i.e. your data is then used for no purpose other than compliance with the applicable statutory obligations.
(3) To prevent unauthorized third-party access to your personal data, in particular your financial data, the order process is encrypted by means of TLS technology.
(1) You can subscribe to our newsletter by giving your consent and we will then inform you in the newsletter about our current interesting offers. The goods and services, which are advertised in the newsletter, are specified in the declaration of consent.
(2) To enable subscription to our newsletter, we use the so-called double opt-in procedure; this means that after you have subscribed, we will send you an email to the email address you have entered for the subscription in which we will ask you to confirm that you want us to send you the newsletter. If you do not confirm your subscription within 24 hours, the data you have entered will be blocked and deleted automatically after one month. In addition, we also store the IP address you have used from time to time as well as the time of subscription and confirmation. The purpose of this procedure is to evidence your subscription and, where required, clarify any potential misuse of your data.
(3) The only mandatory field you need to fill out to enable transmission of the newsletter is your email address. The entry of any other specifically marked data is voluntary and we use such data to be able to address you personally. After you have confirmed the subscription, we will store your email address for sending you the newsletter. The legal basis for this is Art. 6 subs. 1 sentence 1 a) GDPR.
(4) You may at any time revoke your consent to the transmission of the newsletter and unsubscribe. You can revoke your consent by clicking the link, which is contained in every newsletter email or via this form on the website or by sending an email to email@example.com or by sending an appropriate message to the contact data stated in the legal notice on our website.
(5) Please be aware that we analyze your user behavior when we send you the newsletter. For such purpose, the email sent to you contains so-called web beacons or tracking pixels, which are one-pixel image files that are stored on our website. For analyzing your user behavior, we combine the data mentioned in § 3 and the web beacons with your email address and a personal ID. In addition, the links which you have received in the newsletter contain this ID. Based on the data we have obtained by these procedures, we prepare a user profile to tailor the newsletter to your personal interests. We thereby gather information about when you read our newsletters, which links you click and we conclude therefrom what are your personal interests. We combine this data with your activities on our website.
You may at any time object to the tracking by clicking the special link, which is contained in every email or by communicating your objection to us via any other contact channel. The information is stored as long as you stay subscribed to our newsletter. After you have unsubscribed, we will only store the data for mere statistical purposes and in anonymized form. The said tracking is also impossible when the standard settings of your email program are such that the display of images is generally deactivated. In this case, you cannot see the complete newsletter and you may possibly be unable to use all functions and features. When you activate the display of images manually, the aforementioned tracking is initiated.
6. Use of Google Analytics
(1) This website uses Google Analytics which is a web analysis service of Google Inc. (”Google”). Google Analytics uses so-called “cookies,” small text files that are stored on your computer and makes it possible to analyze how you use the website. The information generated by the cookie about how you use this website is, as a rule, transferred to a server of Google in the USA and stored there. However, if the IP anonymization feature is activated on this website, Google will shorten your IP address within the EU Member States or in other countries party to the Agreement on the European Economic Area before it is transferred. Only in exceptional cases will the full IP address be transferred to a server of Google in the USA and shortened there. Google, acting on instruction and behalf of the operator of this website, uses this information to analyze how you use the website, to compile reports about the website activities and render further services relating to the use of the website and the use of the Internet to the website operator.
(2) The IP address, which is transferred by your browser in the context of Google Analytics, will not be combined with other data of Google.
(3) You can set your browser software to prevent the storage of cookies; please be aware that in this case you might be unable to use all functions and features of the website without restrictions. You can also prevent the collection and transfer of the data generated by the cookie regarding your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
(4) This website uses Google Analytics with the supplementary feature “_anonymizeIp()“. This makes sure that only shortened IP addresses are processed further, which prevents IP addresses from being allocated to specific persons. This means that, if and to the extent the data collected from you refer to you personally, allocation of the data to you personally is prevented right from the beginning and the personal data is thus deleted immediately.
(5) We use Google Analytics to be able to analyze and continuously improve the use of our website. The statistics we gain thereby help us to improve our presentation and services and to offer you as the user a more interesting design. As to the exceptional cases where personal data is transferred to the USA, Google has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 subs. 1 sentence 1 f) GDPR.
(7) This website uses Google Analytics also for the purposes of cross-device analysis of visitors, i.e. when they access the website from different terminals, which is implemented by means of a user ID. You can deactivate this analysis of your user behavior in your customer account under “My data”, “Personal data”.
7. Use of social media plug-ins
(2) We can influence neither the collected data nor the data processing activities nor are we fully aware of the scope of data collection, the purposes of the processing or the duration of data storage. We do not know about the deletion of the collected data by the plug-in provider either.
(3) The plug-in provider stores the data collected from you as a user profile and uses it for the purposes of advertising, market research and/or customized design of the provider’s website. This analysis serves in particular (also with regard to users who are not logged in) to provide customized advertising and inform other users of the social network about your activities on our website. You may oppose the preparation of these user profiles; if you want to exercise your right to oppose, you have to address your opposition to the relevant plug-in provider. We offer you the opportunity, via the plug-ins, to interact with the social networks and other users such that we can improve our presentation and services and offer you as the user a more interesting design. The legal basis for the use of plug-ins is Art. 6 subs. 1 sentence 1 f) GDPR.
(4) The data is transferred regardless of whether or not you have an account with the plug-in provider or are logged in there. When you are logged in to the plug-in provider, the data we have collected from you is directly allocated to your account with the plug-in provider. When you click the activated button and, for instance, place a link on the page, the plug-in provider will store this information in your user account, too, and will also publicly communicate this information to your contacts. We therefore recommend that you always log out after you have used a social network and especially before you activate the button because thereby you can prevent the allocation of the information to your profile with the plug-in provider.
(5) More information about the purpose and scope of data collection and data processing by the plug-in provider is available in the privacy policies of the providers at the addresses listed below. They also contain further information on your rights and the possible settings to protect your privacy.
(6) Addresses of the relevant plug-in providers and URLs and the information they provide on privacy:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://facebook.com/policy.php; further information on data collection is available at: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on- other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 9 00, San Francisco, California 9 4103, USA; https://twitter.com/privacy. Twitter has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework.
c) Instagram LLC, 1601 Willow Rd Menlo Park CA 94025 USA, https://help.instagram.com/155833707900388
d) YouTube LLC, 901 Cherry Ave San Bruno, CA 94066 USA, https://policies.google.com/privacy?hl=de&gl=de
8. Integration of YouTube videos
(1) We have integrated YouTube videos in our online presentation, which are stored at http://www.YouTube.com and can be started and played back directly from our website. All videos are integrated in an “enhanced data protection mode,” which means that no data concerning you as the user are transferred to YouTube if you do not play the videos. Only when you play the videos, will the data mentioned in subs. (2) be transferred to YouTube. We cannot influence this data transfer.
9 . Integration of Google Maps
(1) We use the services of Google Maps on our website. This enables us to show you interactive maps directly on our website and thus enables you to use the maps feature conveniently.
(3) More information about the purpose and scope of data collection and data processing by the plug-in provider is available in the provider’s privacy policies, which also contain more information about your rights and the possible settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has agreed to respect and comply with the EU-US Privacy Shield: https://www.privacy-shield.gov/EU-US-Framework.
10. Security measures
(1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood of risk realization and the varying severity of the risks for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.
(2) These measures include in particular but are not limited to the ability to ensure the confidentiality, integrity and availability of data by controlling physical access to the data as well as actual data access, data entry, data transfer, and the ability to ensure data availability and data separation. In addition, we have established procedures that ensure the protection of the rights of data subjects, the erasure of data and reaction to an endangerment of the data. Moreover, we consider the protection of personal data already in the development and/or selection of hardware, software and processes, according to the principle of data protection by design and by default (Art. 25 GDPR).
11. Cooperation with processors and third parties
(1) Where we disclose, transfer or otherwise grant access to data to other persons and companies (processors or third parties) in the context of our data processing, it is always done on the basis of a statutory authorization (e.g. where the transfer of data to third parties such as payment services providers is necessary for contract execution according to Art. 6 subs. 1 b) GDPR, or when you have given your consent to the processing or the processing is necessary for compliance with a legal obligation or the processing is carried out for the purposes of our legitimate interests, e.g. when we engage agents, web hosting companies etc.).
(2) When we engage third parties to process data based on a so-called contract for data processing on behalf, this is done on the basis of Art. 28 GDPR.
12. Transfer to third countries
If we process data in a third country, i.e. a country outside the European Union (EU) or the European Economic Area (EEA) or such data processing in a third country occurs in the context of services provided by third parties engaged by us or in the context of disclosure or transfer of data to third parties, this is done only if this is required for the performance of our (pre-)contractual duties or based on your consent or to comply with a legal obligation or for the purposes of our legitimate interests. Subject to any existing statutory or contractual authorizations, we only process data or have data processed in a third country, if the special requirements under Art. 44 et seqq. GDPR are satisfied. This means that the processing is based, for instance, on special safeguards such as the official recognition that the data protection level in the third country satisfies EU standards (which is for instance the case with the “Privacy Shield” for the USA) or on compliance with special officially recognized contractual obligations (so-called standard contractual clauses).