Data privacy statement

Thank you for your interest in our company and for visiting our website www.auto1.com (hereinafter the “Website”).
AUTO1.com GmbH (hereinafter “AUTO1.com” or “we”) takes the protection of your personal data very seriously.

Should personal data (e.g. the name, address, e-mail address or telephone number of a person affected [such person hereinafter the “Data Subject”]) be processed, then this is done exclusively in accordance with the EU General Data Protection Regulation (hereinafter “GDPR”) and the country-specific data protection provisions applicable to AUTO1.com.
Any processing of personal data for which there is no statutory legal basis will occur (if at all) only with the Data Subject’s consent. This data privacy statement provides information to you on the nature, scope and purpose of the personal data processed by AUTO1.com as well as the rights to which you are entitled.

1. THE CONTROLLER RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA
The controller responsible for the processing of your personal data within the meaning of the GDPR and other provisions of data-protection law is
  • AUTO1.com GmbH
  • Bergmannstr. 72
  • 10961 Berlin
  • Germany
  • Phone: +49 (0)30 / 201 63 405
  • E-Mail: info@auto1.com

2. DATA PROTECTION OFFICER
Should you have any questions and/or suggestions with regard to data protection, you may contact our data protection officer directly at any time.
Our data protection officer can be contacted at:
  • AUTO1.com GmbH
  • Bergmannstr. 72
  • 10961 Berlin
  • Germany
  • Phone: +49 (0)30 / 201 63 405
  • E-Mail: datenschutz@auto1.com

3. PROCESSING OF USAGE DATA
Every time this Website is accessed by a user, this Website collects general data and information. This general data and information is stored in the log files of the server. This concerns the following data:
  • browser types and versions used,
  • the operating system used by the accessing system,
  • the webpage from which an accessing system arrived on this Website (known as a referrer),
  • the sub-websites that are accessed on this Website via an accessing system,
  • the date and time of an access to the Website,
  • the IP address,
  • the internet service provider of the accessing system
and
  • other similar data and information aimed at averting danger in the event of attacks directed at our IT systems.

When processing this usage data, AUTO1.com does not draw any conclusions as to the Data Subject.

AUTO1.com needs this data in order to
  • correctly deliver the content of this Website,
  • optimize the content of and the advertising for this Website,
  • ensure the permanent functionality of our IT systems and the technology underlying this Website
as well as
  • provide to law-enforcement authorities the information necessary for purposes of conducting criminal proceedings in the event of a cyberattack.
The legal basis for this processing activity is Art. 6(1)(f) GDPR.
This data in anonymised form is analyzed by AUTO1.com statistically, on the one hand, and with the aim of increasing data protection and data security, on the other. The anonymous data of the server log files is stored separately from all personal data provided by a Data Subject.

4. PROCESSING OF DATA THAT YOU HAVE PROVIDED TO US

We collect and store data that you provide to us when using the Website, and more specifically when using the Website’s applications, services or tools.

Such data includes:
  • data that you provide upon registration or upon signing up for one of our services, such as name, email address, telephone number, mobil phone number;
  • data that you have provided to us for purposes of entering into a purchase contract regarding a used vehicle;
  • The legal basis for this processing activity is Art. 6 (1)(b) GDPR.
  • data that is transmitted in the context of resolving any problems and of correspondence/feedback on the Website or via email / fax / postal mail / telephone;
  • additional personal data which we request from you and which we need for the authentication
or
  • for verification purposes in the case of a suspected breach of our terms of use.

The legal basis for this processing activity is Art. 6 (1) (f) GDPR.

5. TRANSFER OF PERSONAL DATA TO EXTERNAL SERVICE PROVIDERS

AUTO1.com receives assistance from outside service providers for certain technical data analysis, processing or storage processes (e.g. to obtain aggregated, non-personal statistics from data bases or for the storage of backup copies). These service providers are carefully selected and meet high data protection and data security standards. They are obligated to maintain strict confidentiality and process personal data only when commissioned to do so by AUTO1.com and according to AUTO1.com‘s instructions. The legal basis for the involvement of such service providers is Article 28 GDPR.
AUTO1.com cooperates with companies and other entities which provide specialized expertise with regard to special areas (e.g. tax consultants, legal counsel, accounting firms, logistics companies). These entities are either legally or contractually obliged to maintain confidentiality. If a transmission of personal data to these entities is necessary, the legal basis is, depending on the respective kind of cooperation, Article 6(1)(b) or, (f) GDPR.

6. NEWSLETTER SIGN-UP
If you sign up for a newsletter, we will use your e-mail address to send the respective issue of our newsletter, through which we regularly provide information to you about interesting topics. In order to ensure your proper sign-up to the newsletter — that is to say, in order to prevent unauthorized sign-ups on behalf of third parties —, after your initial newsletter sign-up we will, as part of a double-opt-in procedure, send you a confirmation e-mail in which we ask you to confirm that you have signed up. We will also store your IP address and the date and time of the newsletter sign-up and the confirmation in order to be able to track and produce evidence of the sign-up at a later date. We will store your e-mail address in order to send you the newsletter unless and until you unsubscribe or we stop sending you the newsletter. For purposes of statistical analyses of our newsletter campaigns, the newsletters contain what is known as tracking pixels. This a thumbnail graphic embedded in the e-mail formatted in HTML which allows us to detect whether and when you have opened an e-mail and which links contained within the e-mail were clicked on. As part of this process, your IP address, too, is transmitted to our servers. We do not, however, store this IP address nor do we store any other personal data. The legal basis for this processing activity is your consent according to Art. 6(1)(a) GDPR. You may, at any time, withdraw your consent with effect for the future to any types of newsletters without incurring any costs other than base rate transmission costs (i.e., for example, the costs of your internet service provider).In this case, we unfortunately cannot send you the newsletter any longer.
If we do receive a withdrawal from you, we add your personal contact data to a blocking list which we use to make sure that we do not send you any advertising that is no longer welcome. The legal basis for this processing activity is Art. 6(1)(f) GDPR.

7. COOKIES

The Website uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser. Cookies are stored on the hard drive of the user’s computer and do not cause any damage there. The cookies of the Website contain personal data about the user. Cookies save the user of the Website the trouble of, for example, having to re-enter data, simplify the transmission of specific content and help AUTO1.com in identifying particularly popular areas of the Website.

This enables AUTO1.com, among other things, to adjust the contents of the Website exactly to the needs of its users. The legal basis for this processing activity is Art. 6(1)(f) GDPR. The user may, at any time, prevent this Website from placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby permanently objecting to the placing of cookies. Furthermore, any cookies that have already been placed may be deleted at any time via an internet browser or other software programs. This is possible in all the commonly-used internet browsers. If the user deactivates the placing of cookies in the internet browser used, potentially not all functions of this Website will be usable to their full extent.

8. GOOGLE ANALYTICS

This Website uses Google Analytics. Google Analytics is a web-analytics service. Web analytics is the collection, compilation and analysis of data regarding the behavior of visitors to webpages. A web-analysis service collects, among other things, data as to the question from which webpage a Data Subject has arrived on a webpage (known as a referrer), which sub-sites of the website were accessed or how often and for which length of stay a sub-site was viewed. A web analysis is primarily used to optimize a webpage and to carry out a cost-benefit analysis of internet advertising.

The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

GoogleLLC has been certified under the Privacy-Shield framework and thereby offers a guarantee that it is in compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

For web analysis via Google Analytics AUTO1.com uses the suffix “_gat._anonymizeIp”. By means of this suffix, the IP address of the internet connection of the Data Subject is truncated and anonymized by Google if our Website is accessed from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area. The purpose of the Google-Analytics component is the analysis of the flow of visitors on the Website. Google uses the data and information collected, among other things, to analyze the use of the Website in order to compile online reports for us that show the activities on the Website and to provide additional services connected to the use of the Website. Google Analytics uses what is known as “cookies”, i.e. text files that are stored on your computer and enable an analysis of how you have used the website. Each time that one of the individual pages of this Website — which is operated by the controller responsible for the processing and on which a Google-Analytics component has been integrated —is accessed, the internet browser on the IT system of the Data Subject is automatically induced by the respective Google-Analytics component to transmit data to Google for purposes of online analysis.

In the context of this technical process, Google will learn of personal data — such as the IP address of the Data Subject —, which enables Google, among other things, to trace the provenance of the visitors and clicks and as a result to allow commissions to be invoiced. By means of the cookie, personal data — for example the time of access, the place from which our Website was accessed, and the number of times that the Data Subject visited our Website — is stored. Each time our Website is visited, this personal data, including the IP address of the internet connection used by the Data Subject, is transferred to Google in the US. This personal data is stored by Google in the US.

Google potentially transmits this personal data, which was collected via the technical process, to third parties. As has already been set out above, the Data Subject may, at any time, prevent our Website from placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby permanently object to the placing of cookies. Such an adjustment to the settings of the internet browser used would also prevent Google from placing a cookie on the IT system of the Data Subject. In addition, a cookie that has already been placed by Google Analytics can be deleted at any time via the internet browser or other software programs. Besides, the Data Subject has the option of objecting to the collection of the data produced by Google Analytics and related to the use of this Website as well as of objecting to the processing of such data by Google and of preventing such collection and processing.

In order to do this, the Data Subject needs to download a browser add-on at https://tools.google.com/dlpage/gaoptout and install it. This browser add-on lets Google Analytics know via JavaScript that no data and information about the visits of webpages may be transmitted to Google Analytics. Google considers the installation of the browser add-on to constitute an objection. If the IT system of the Data Subject is deleted, formatted or reinstalled at a later date, then the Data Subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is deinstalled or deactivated by the Data Subject or by any other person who is attributable to the Data Subject’s sphere of control, there is an option of reinstalling or reactivating the browser add-on. For more information and the applicable data protection provisions of Google please see https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html abgerufen werden.

Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/ .The legal basis for this processing activity is Art. 6(1)(f) GDPR.

9. GOOGLE TAG MANAGER

This Website uses Google Tag Manager. This service allows website tags to be managed via an interface. Tags are small code elements which serve, among other things, to measure traffic and visitor behavior. Google Tag Manager only implements tags. No cookies are used, and hence no personal data is collected, as part of that process. Google Tag Manager triggers other tags, which in turn potentially collect data. Google Tag Manager does not, however, access this data. If a deactivation was effected at the level of the domain or cookie, it remains in place for all tracking tags provided that they are implemented with Google Tag Manager.

10. AMAZON CLOUDFRONT

This Website uses Amazon CloudFront, a CDN (content delivery network) of Amazon Web Services, Inc. (hereinafter “Amazon”).

Using a CDN shortens the loading time of the Website. Amazon operates numerous servers in Europe (including in Frankfurt am Main, Germany, and Milan, Italy) in order to be able to send our data to you as quickly as possible. However, in technical terms it cannot be ruled out that your browser may access a server outside the EU (e.g. because you access this Website from outside the EU, or for some other reason). In such a case, data is sent from your browser directly to the respective country and/or region (North and South America, Asia, Australia). Amazon has been certified under the Private-Shield framework and thereby offers a guarantee that it is in compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4). For more information on Amazon CloudFront see https://aws.amazon.com/de/cloudfront/.

You can find the Amazon privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.

11. CRAZYEGG.COM
This Website uses the tracking tool CrazyEgg.com in order to record randomly selected individual visits (only with an anonymized IP address). Using cookies, this tracking tool allows an analysis of the way in which you use the Website (e.g. what content is being clicked on). To that end, a user profile is displayed visually. The tool creates user profiles using pseudonyms.The legal basis for this processing activity is Art. 6(1)(f) GDPR. You may at any time object to the processing of the data generated by CrazyEgg.com by following the instructions at http://www.crazyegg.com/opt-out. For further information on data protection at CrazyEgg.com please see http://www.crazyegg.com/privacy.

12. ERASURE AND BLOCKING OF PERSONAL DATA

AUTO1.com processes and stores other personal data only for such period of time as is required in order to achieve the purpose of the storage. Once the purpose of the storage has ceased to exist, the personal data is erased or anonymized as a matter of routine and in accordance with legal provisions. Usage data is generally erased after 30 days.

13. RIGHTS OF THE DATA SUBJECT

Should you wish to exercise any of the rights listed in this clause, you may at any time send a message using the contact details referred to in clause 1 or clause 2 (e.g. by e-mail or letter).

a. Right to confirmation

You have the right to request confirmation whether personal data concerning you is being processed.

b. Right of access

You have the right to obtain information about the following in particular:
  • the personal data stored on you;
  • the purposes of the processing;
  • the categories of personal data that is being processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed;
  • the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period;
  • the right to lodge a complaint with a supervisory authority;
  • the existence of automated decision-making;
  • whether personal data has been transferred to a third country or to an international organization.

c. Right to rectification

You have the right to demand
  • the rectification of inaccurate personal data concerning you
and
  • the completion of incomplete personal data concerning you.

d. Right to erasure

You have the right for any personal data concerning you to be erased without undue delay in particular if
  • the purpose for which personal data was collected or otherwise processed has ceased to exist;
  • you withdraw your consent on which the processing was based and there is no other legal basis for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing;
and/or
  • the personal data has been unlawfully processed.

e. Right to restriction of processing

You have the right to demand a restriction of the processing if
  • you contest the accuracy of the personal data, namely for a period which enables AUTO1.com to verify the accuracy of the personal data;
  • the processing is unlawful and instead of the erasure of the personal data you demand the restriction of the use of the personal data;
  • the personal data is no longer needed for the purposes of the processing, but you require the personal data for the establishment, exercise or defense of legal claims;
  • you have objected to the processing and it has not yet been clarified whether your objection will lead to the data processing being stopped.

f. Right to data portability

You have the right to receive the personal data concerning you in a structured, commonly-used and machine-readable format.
In addition, you have the right to have the personal data transmitted directly to another controller to the extent that this is technically feasible and if this does not adversely affect the rights and freedoms of others.

g.Right to object

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you, if the processing is based on the following ground:
  • processing is necessary for the purposes of the legitimate interests pursued by AUTO1.com or by a third party.

In the event of an objection, AUTO1.com will no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the aim of the processing is to establish, exercise or defend against legal claims.

Should you wish to exercise a right of objection, you may at any time send a message using the contact details referred to in clause 1 or clause 2 (e.g. by e-mail, fax, letter).

Version as at September 2018