Data protection at Elektronische Fahrwerksysteme GmbH

 

The protection of your personal data is very important to us. For this reason, we handle your data responsibly in all data processing procedures and take into account the legal requirements of data protection, in particular the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. Scope

In particular, this privacy statement provides you with an overview of the following information:

• Which of your data is processed via our app "Treedex" (hereinafter also referred to as "offer")?
• In what way, to what extent, for what purposes and on what legal basis are these data used?
• What security measures are taken to protect your data?
• How can you object to individual data processing via our websites?
• How can you obtain information about the information disclosed to us and, if applicable, assert other data subject rights to which you are entitled vis-à-vis us?

2. Who is your contact person (responsible person) for your data protection concern?

The person responsible in the sense of the data protection regulations for all data processing processes carried out via our offer is:

Elektronische Fahrwerksysteme GmbH
Dr.-Ludwig-Kraus-Str. 6
85080 Gaimersheim

Phone: +49 8458 39730-00
Fax: +49 8458 39730-099

www.efs-auto.com

Data protection officer: Nataliya Petrov

Inquiries on the subject of data protection as well as the assertion of data subject rights (cf. below in this data protection declaration) should be sent to the attention of our data protection officer at the above address.

3. What is the legal basis for data processing on our websites?

If we obtain your consent for the processing of personal data, Article 6 (1) a DS-GVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which you as the data subject are a party, Article 6(1)(b) DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject as the controller, Article 6 (1) lit. c DSGVO serves as the legal basis.

In the event that vital interests of you or of another natural person make it necessary to process personal data, Article 6(1)(d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of us or a third party and if your interests, fundamental rights and freedoms as a data subject do not outweigh the former interest, Article 6(1)(f) DSGVO serves as the legal basis for the processing.

The relevant legal basis for the respective processing can be found in the corresponding section of this data protection declaration.

4. What data is collected and stored when using our offer?
5. Registration data

In addition, personal data is only collected via our offer if you provide it to us voluntarily, for example in the context of a registration for our offer.

When registering, you must provide the following information (mandatory fields):

1. Registration via e-mail

• User name, e-mail address, password

The remaining information provided during registration is voluntary.

After submitting the registration form, you will receive a registration confirmation to the e-mail address you provided. The activation of the offer takes place after you have clicked on the link contained in the registration confirmation and thus confirmed your e-mail address. With the data entered by you, a user account will be set up through which you can use our offer and its functions. Your data will be retained for further use as long as you maintain your registration. You have the right to access, correct and delete your registration data at any time.

1. Registration via Apple, Facebook or Google login

• Passwords
• E-mail addresses
• Telephone numbers
• User agents
• IP addresses

With this type of registration, we use Firebase authentication. Firebase authentication uses the data to enable end user authentication and simplify end user account management. It also uses user agent strings and IP addresses to provide additional security and prevent misuse during login and authentication.

The legal basis for the processing of the data is Article 6 (1) a DS-GVO if the user has given his consent. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Article 6 (1) lit. b DS-GVO.

A registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Firebase authentication stores logged IP addresses for a few weeks. Other authentication information is retained until you initiate deletion of the associated user. After that, the data is removed from live and backup systems within 180 days.

This is the case for the data stored during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. To do so, please contact us at the above address. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible insofar as contractual or legal obligations do not oppose a deletion.

1. GPS data

Our offer collects and processes your location (GPS data). The legal basis for the processing of the data is Article 6(1)(a) DS-GVO if the user has given his consent. If the processing serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Article 6 (1) lit. b DS-GVO. The processing of your location data is necessary for the functionality of the offer.

5. Specific uses

We use the data you provide exclusively for the following purposes:

1. technical administration of our offer
2. The data you provide in the course of registration will be processed for the purposes stated in point 4a.
3. GPS data is processed to determine your location within the event area (geo-fence), as the app will only function properly on this area.
4. Contact

When contacting us (for example, by e-mail), your information will be stored for the purpose of processing the request and in the event that follow-up questions arise.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DS-GVO. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR.

The processing of personal data from the contact serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Right of objection The user has the possibility at any time to object to the processing of his personal data to the above address. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.

7. Who gets my data?

We will only pass on your personal data to third parties if this is necessary for the fulfilment of the contract, if we or the third party have a justified interest in passing on the data or if we have your consent to do so.

In addition, data may be transferred to third parties if we are required to do so by law or by an enforceable official or court order. We would like to point out that we are entitled to provide information about data in individual cases by order of the competent authority, insofar as this is necessary for the purposes of criminal prosecution, for the prevention of danger by the police authorities of the federal states, for the fulfilment of the statutory tasks of the federal and state authorities for the protection of the constitution, the Federal Intelligence Service or the Military Counter-Intelligence Service or for the enforcement of intellectual property rights. The legal basis for this is Article 6(1)(c) DS-GVO.

8. Will data be transferred to a third country?

We process your data in Germany. As a rule, we do not transfer your data to other countries or third countries (countries that are neither members of the European Union nor the European Economic Area) or to international organisations.

A data transfer to third countries (i.e. countries which are neither members of the European Union nor of the European Economic Area) may exceptionally take place, as far as this is necessary for the execution of services towards you, is required by law or you have given us your consent.

Please note that not all third countries have a level of data protection that is recognised as adequate by the European Commission. For data transfers to third countries that do not have an adequate level of data protection, we ensure before the transfer that either an adequate level of data protection exists at the recipient (e.g. through self-certification of the recipient for the EU-US Privacy Shield or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or an explicit consent of our users is available. Please use the contact information above for this purpose.

You can obtain a copy of the specific applicable or agreed regulations for ensuring the appropriate level of data protection from us. Please use the details in the Contact Us section for this purpose.

9. What security measures have we taken to protect your data?

We maintain current technical measures to ensure data security, in particular to protect your personal data from dangers during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art.

The databases of our offer are protected by physical and technical measures as well as procedural measures that limit access to the information to specifically authorized persons in accordance with this privacy policy. The information system of our offer is located behind a software firewall to prevent access from other networks connected to the Internet. Only employees and agents who need this information to perform a specific task are granted access to personally identifiable information. Employees and agents are trained in security and privacy practices.

Standard SSL encryption technology is used for the collection and transmission of data via our website.

In the case of communication by e-mail, complete data security cannot be guaranteed.

10. What rights do you have as a data subject?

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

• Information, rectification, restriction of processing and erasure

You have the right at any time to receive information free of charge about the data we have stored about you, its origin and recipient, as well as the purpose of the data processing via our websites. In addition, you have the right to correction, deletion and restriction of the processing of your personal data, provided that the legal requirements for this are met.

• Right to data portability

You have the right to receive the personal data concerning you that you have provided to us as the controller in a structured, commonly used and machine-readable format. We can fulfil this right by providing a csv export of the customer data processed about you. You may also request that we send this to a third party.

• Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

• Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DS-GVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

• Revocability of declarations of consent under data protection law

In addition, you can revoke your consent at any time with effect for the future by contacting us using the contact details given above.

• Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the EU General Data Protection Regulation.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

All requests for information, the exercise of other data subject rights or objections to data processing can be sent to the attention of our data protection officer at the above address.