Data Privacy Statement

Thank you for your interest in our company and for visiting our website www.auto1.com (hereinafter the “Website”).

This data privacy statement provides information to you on the nature, scope and purpose of the personal data processed by AUTO1.com as well as the rights to which you are entitled.

This data privacy statement applies accordingly to the use of Apps operated by AUTO1.com or its affiliated companies.

1. THE CONTROLLER RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA;

Responsible for the processing of your personal data within the meaning of the EU General Data Protection Regulation (hereinafter the "GDPR") and other data protection regulations is;

  • AUTO1.com GmbH
  • Bergmannstraße 72
  • 10961 Berlin
  • Deutschland
  • Tel.: +49 (0)30 / 201 63 405
  • E-Mail : info@auto1.com
2. DATA PROTECTION OFFICER;

Should you have any questions and/or suggestions with regard to data protection, you may contact our data protection team directly at any time.

You can reach our data protection officer at the following contact details:

  • AUTO1.com GmbH
  • Bergmannstraße 72
  • 10961 Berlin
  • Deutschland
  • Tel.: +49 (0)30 / 2016 38 8100
  • E-Mail: datenschutz@auto1.com
3. PROCESSING OF USAGE DATA

Every time this Website is accessed by a user, this Website collects general data and information. This general data and information is stored in the log files of the server. This concerns the following data: 

  • browser types and versions used,;
  • the operating system used by the accessing system,;
  • the webpage from which an accessing system arrived on this Website (known as a referrer),;
  • the sub-websites that are accessed on this Website via an accessing system,
  • the date and time of an access to the Website,;
  • the IP address,;
  • the internet service provider of the accessing system and
  • other similar data and information aimed at averting danger in the event of attacks directed at our IT systems.

AUTO1.com needs this data to:;

  • correctly deliver the content of this Website and to ensure the permanent functionality of our IT systems and the technology underlying this Website.

The legal basis for this processing activity is Art. 6 (1)(b) GDPR.

  • optimize the content of and the advertising for this Website.

The legal basis for this processing activity is Art. 6 (1)(f) GDPR. Our legitimate interest is to adjust the website to individual user needs and to improve our services.

  • as well as to provide to law-enforcement authorities the information necessary for purposes of conducting criminal proceedings in the event of a cyberattack.

The legal basis for this processing activity is Art. 6 (1)(c)(f) GDPR. AUTO1.com has an overriding legitimate interest in ensuring the security of the Website and preventing misuse.

4. PROCESSING OF DATA THAT YOU HAVE PROVIDED TO US;

We collect and store data that you provide to us when using the Website, and more specifically when using the Website’s applications, services or tools.

Such data includes:

  • data that you provide upon registration or upon signing up for one of our services, such as name, email address, telephone number, mobil phone number;;
  • data that you have provided to us for purposes of entering into a purchase contract regarding a used vehicle;;
  • Data that you submit to us via the website for the purpose of deregistering a vehicle that is imported from the Netherlands.
  • Data that you transmit to us for the purpose of car financing.

The legal basis for this processing activity is Art. 6 (1)(b) GDPR.

  • data that is transmitted in the context of resolving any problems and of correspondence/feedback on the Website or via email / fax / postal mail / telephone;;
  • additional personal data which we request from you and which we need for the authentication or for verification purposes.

The legal basis for this processing activity is Art. 6 (1) (b) (f) GDPR. We have a legitimate interest in improving our services and protecting ourselves against misuse.

5. TRANSFER OF PERSONAL DATA TO AFFILIATED COMPANIES;

Companies affiliated with AUTO1.com (hereinafter collectively "AUTO1 Group") may have access to or process your personal data if this is necessary to achieve the processing purposes stated in this data privacy statement or if this is necessary to fulfil the contractual or legal obligations of AUTO1 Group. AUTO1 Group contractually ensures that each company complies with high data protection and data security standards. The legal basis for this processing is Art. 6 (1) (f) GDPR, whereby our legitimate interest is to outsource internal administrative purposes to affiliated companies and thus improve our services.

If AUTO1.com transfers personal data to affiliated companies outside the European Union or the European Economic Area, Section 6. para. 3 applies accordingly.

6. TRANSFER OF PERSONAL DATA TO EXTERNAL SERVICE PROVIDERS;

AUTO1.com receives assistance from outside service providers for certain technical data analysis, processing or storage processes (e.g. to obtain aggregated, non-personal statistics from data bases or for the storage of backup copies). These service providers are carefully selected and meet high data protection and data security standards. They are obligated to maintain strict confidentiality and process personal data only when commissioned to do so by AUTO1.com and according to AUTO1.com’s instructions.

AUTO1.com cooperates with companies and other entities which provide specialized expertise with regard to special areas (e.g. tax consultants, legal counsel, accounting firms, logistics companies, collaboration tools). These entities are either legally or contractually obliged to maintain confidentiality. If a transmission of personal data to these entities is necessary, the legal basis is, depending on the respective kind of cooperation is Article 6(1)(b) or, (f) GDPR. AUTO1.com has a legitimate interest in improving services by using external expertise.

If we transfer personal data to recipients outside the European Union or the European Economic Area (so-called "third countries"), we ensure that the appropriate level of data protection is guaranteed in the respective third country or by the respective recipient in the third country. The transfer may be based on an "adequacy decision" of the European Commission or appropriate safeguards, such as EU standard contractual clauses or binding corporate rules.

7. Free text search

AUTO1.com allows you to search for vehicles on the website using a free text search. AUTO1.com uses ChatGPT from OpenAI (OpenAI Ireland Ltd.) to provide this search function. To generate search results, the user's input text is forwarded to OpenAI. The transfer of personal data of the user by OpenAI is not intended and only takes place if the user enters personal data in the free text field. OpenAI does not use data entered by the user in the free text field for its own purposes. The legal basis is Art. 6 para. 1 lit. b, f GDPR. If we rely on a legitimate interest, this is to optimize the search function on the website for the user. EU standard contractual clauses have been agreed with OpenAI to ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPR.

8. Newsletter mailing

If you register for a newsletter and give your consent to receive further information, we will use your information, we will use your email address to send you the respective newsletter, in which we regularly inform you about interesting topics (e.g. product updates, auction notifications, transaction information). The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Our newsletter is sent by the mailing service provider MessageBird B.V. (Trompenburgstraat 2C, 1079 TX Amsterdam, Netherlands). A transfer of data to the USA cannot be ruled out. We have concluded an order processing contract with MessageBird, which contains the standard contractual clauses of the European Commission. Further information can be found in MessageBird's privacy policy https://messagebird.com/legal/privacy.

In order to ensure your proper registration for the newsletter - i.e. to prevent unauthorized registrations on behalf of third parties - we will send you a confirmation email after your first newsletter registration using the double opt-in procedure, in which we ask you to confirm your registration.

We also store your IP address and the date and time of the newsletter registration and confirmation so that we can trace and prove the registration at a later date. We store your e-mail address in order to send you the newsletter until you unsubscribe or we stop sending you the newsletter. The newsletters contain so-called tracking pixels for the statistical evaluation of our newsletter campaigns. This is a miniature graphic embedded in the HTML-formatted email that allows us to recognize whether and when you have opened an email and which links in the email have been accessed. Your IP address is also transmitted to our servers. However, we do not store this or any other personal data. The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent for all types of newsletters at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates (i.e. the costs of your Internet provider, for example). In this case, we will no longer be able to send you the newsletter. If we receive a revocation from you, we will add your personal contact data to a blacklist, which we use to ensure that we do not send you any advertising that is no longer wanted. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the avoidance of unwanted newsletters.

This website uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser. Cookies are stored on the hard disk of the user's computer and do not cause any damage there. The website's cookies contain personal data about the user. In addition to cookies, this website also uses so-called local storage technologies (hereinafter: "object"). These store data locally in the browser cache, which remains in place and can be read even after the browser window has been closed, unless the cache is deleted. Both the objects and the cookies (hereinafter collectively referred to as "technologies") may be technically necessary, as certain website functions would not work without them. would not work without them. Other technologies, on the other hand, are used to evaluate user behavior or to display advertising.

We divide the technologies we use into three categories according to function and intended use: Necessary technologies, analytical technologies and marketing technologies.

The processing of data through the use of necessary technologies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of our services. If the user deactivates the setting of cookies in their Internet browser, not all functions of this website may be fully usable.

The processing of personal data through the use of analytical and marketing technologies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time for the future under this link.

a. Necessary technologies

The use of necessary technologies ensures the functionality of our website. Without these, the website cannot be used as intended. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. These technologies are listed below:

  • Name: auto1_locale

Description: This cookie is used to display the website in the local language of the respective user and thus serves the user-friendliness.

  • Name: APP_VERSION

Description: This object ensures that users always use the latest version of our app. By automatically detecting and deleting outdated data in local storage, potential problems can be avoided and application updates made easier.

  • Name: consent_needed, consent_time, cookieBannerClosed

Description: These cookies cause the appearance of the consent banner, which allows users to manage their preferences regarding the technologies used on the website.

  • Name: conversionRate.SEK

Description: This cookie stores the current currency rate on the website. This allows users to display prices in their preferred currency.

  • Name: country

Description: This cookie stores the user's location in order to display website content and information related to country or location.

  • Name: hl

Description: The cookie is used to store the language selected by the user or preferred on the website. Without this cookie, the website would not be able to retain the user's language settings.

  • Name: isUserLogged

Description: This cookie is used to recognize the user's login status and ensure that they can access the relevant content and functions. It contributes to the security and personalization of the user experience.

  • Name: JSESSIONID, MPSESSID

Description: These cookies are used to maintain a user's session on the website. They contain a unique identifier that is retained for the duration of the user's session on the website. They help to ensure that our website functions properly and that users can move around the website without any problems.

  • Name: redux-cache-*

Description: This object is used to temporarily store data and increase the performance of the website, especially when processing search queries and filters. This helps speed up the website and provides users with a smoother and faster user experience.

  • Name: searchQuery*

Description: This object stores the user filter settings for vehicles. By saving the filter settings, users do not have to re-enter all filter criteria for each new search or can retrieve the previously entered filter settings when revisiting the website.

  • Name: selectedPartnerBranch

Description: This object is used to store information about the selected branch on the appointment booking pages. This prevents the selected information from being lost if the user refreshes the page or navigates between different pages.

  • Name: xsrf_token

Description: This cookie protects the website and its users from certain attacks in which an attacker attempts to perform unwanted actions on behalf of a user without the user's intention. It is an important security mechanism to ensure the integrity and confidentiality of user actions.

  • Name: cache-module-local-storage

Description: This object is used to store certain data or resources required by the website. This allows the website to access this data without having to download it again from the server.

  • Name: AWSALB, AWSALBCORS

Description: These cookies are used by Amazon Webservices (see section 14) and used to manage the user session. This shortens the loading time of the website.

  • Name: Incap_ses_*, nlbi_*

Description: These cookies are placed by Incapsula (see section 15). They are used to ensure that the website and its services, which are provided via Incapsula's CDN, function smoothly and that performance is optimized for users.

b. Analytical technologies

This includes technologies whose use enables statistical web analysis and reach measurement, e.g. to further develop and improve our offer for you. The legal basis for the processing is your consent in accordance with Art. 6 para. a lit. a GDPR. You can revoke your consent via this link. The analytical technologies are listed below:

  • Name: LanguageMenu_lpmru

Description: This cookie stores information about the user's preferred language setting. This is used to customize the user interface and content.

  • Name: utm, last_event, auto1_cid, auto1_tracking_session

Description: These technologies are used to track user behavior on the website and gain insights into user activities. They store the date and time of the last recorded event in order to better understand the timing and user interactions.

  • Name: rm_scroll_pos, arp_scroll_position

Description: These cookies are used to track the scroll position of a user on the website. The information is used to ensure that important content remains in the user's field of vision and to optimize scrolling behavior on mobile devices.

  • Name: __utma, __utmt

Description: These cookies are set by Google Analytics (see section 10) and store a unique visitor ID, the date and time of the first visit to the website, the start time of the active visit and the total number of visits to the website. This information is used to collect and analyze information about the use of the website.

  • Name:__utmb

Description: This cookie is set by Google Analytics (see section 10) and is used to track visitor behavior on the website, measure the duration of the current visit, register the number of page views and determine whether the user's visit is still active. This data is used to understand visitor behavior and adapt the website accordingly.

  • Name: __utmc

Description: This cookie is set by Google Analytics (see section 10). It is no longer actively used to collect data from website visitors, but is used to maintain tracking functionalities on technically outdated parts of the website.

  • Name: CONSENT

Description: This cookie is used by Google Analytics (see section 10) to store the user's consent decision. For example, if a user has consented to the use of analytics cookies, the website can activate Google Analytics and collect data. However, if the user has declined the use of analytics cookies, data collection will be disabled.

  • Name: _gat, _gat_UA-*, _gat_gtag_UA_106855065_21

Description: These cookies are set by Google Analytics (see section 10) and are mainly used to regulate data collection on the website and to ensure that Google Analytics works efficiently.

  • Name: _ga, _ga_*, _gid

Description: These cookies are installed by Google Analytics (see section 10). They are used to store information about how visitors use the website and to compile anonymized statistics. They are used to analyze user behavior, improve website performance and generate reports on website trends.

  • Name: _gac_UA-59065954-3

Description: This cookie is set by Google Analytics (see section 10) and tracks the origin and route of visitors to the website. This information can be used to personalize the user experience, for example by displaying certain offers or content to visitors who have come to the website from a particular source.

  • Name: _gcl_aw, OTZ, AEC, ssm_au

Description: These cookies are set by Google Analytics (see section 10) and collect data such as page views, dwell time, traffic sources and user behavior on the website. This data is used to analyze and report on user behavior and to help optimize these websites and provide a better user experience.

  • Name: _gcl_au

Description: This cookie is used by Google (see section 11) to measure advertising effectiveness on the website. It records information from ad clicks and stores it in the cookie so that the efficiency of advertising can be measured.

  • Name: _GRECAPTCHA

Description: This cookie is set by Google reCAPTCHA (see section 12). It authenticates the user and analyzes their user behavior in order to distinguish whether they are a human or a bot. It is used to protect the website from spam and misuse.

  • Name: SID, SIDCC

Description: These cookies are set by Google (see section 13). They are used for security purposes to store records of a user's Google Account ID and last login time, enabling Google to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorized access.

  • Name: _ce_cch

Description: This cookie is set by CrazyEgg (see section 16) and checks whether cookies can be properly set in the website visitor's browser to ensure the functionality of Crazy Egg.

  • Name: _ce_gtld

Description: This cookie is set by CrazyEgg (see section 16) and stores information about the general top-level domain (hereinafter "gTLD"). The gTLD is the last part of a website domain, which usually identifies the type or origin of the website. Examples of gTLDs are ".com", ".org", ".net" and country-specific domains such as ".de" for Germany or ".fr" for France. The information is used to better understand which regions users come from and how website usage is distributed across different gTLDs.

  • Name: _ce.s

Description: This cookie is set by Crazy Egg (see section 16) and analyzes website user sessions. These records include the behavior of website visitors, how they navigate the website, where they click and how they interact with the content so that the website can be better adapted to user behavior.

  • Name: _ceir

Description: This cookie is set by CrazyEgg (see section 16) and tracks whether the current user has visited the website before and how returning users behave compared to new users. This information is used to improve the user experience and to provide special offers or content for returning visitors.

  • Name: ce_clock

Description: This object is set by CrazyEgg (see section 16) and is used to record the time of a visitor's website entry. This helps to optimize the website by targeting content at a certain time of day or at frequent entry times.

  • Name: MUID

Description: This cookie is used by Microsoft Advertising (see section 19) and is used to identify the unique web browser visiting Microsoft websites. This makes it possible to distinguish browsers from each other and to track visitor interactions more accurately. This information is used to display targeted advertisements, but also to analyze website usage patterns.

  • Name: isMfUser

Description: This cookie is used by Mouseflow (see point 21). It is used to analyze the mouse movements of website users in order to improve the relationships between navigation areas, page elements and form fields.

  • Name: _dd_s

Description: This cookie is set by Datadog (see section 23) and uses a session ID to group all events or actions generated by a user during their session on the website. This supports monitoring, performance improvement and troubleshooting to ensure a better user experience and smooth functioning of the website.

  • Name: logglytrackingsession

Description: This cookie is set by Loggly (see section 24) and collects information about the user session in order to analyze performance and possible errors on the website. This information is used for troubleshooting processes.

  • Name: mp_52e5e0805583e8a410f1ed50d8e0c049_mixpanel

Description: This cookie is set by Mixpanel (see section 25) and stores the user interactions of a website user by means of a unique ID. This information is used to improve the user experience on the website.

  • Name: sem

Description: This cookie is set by Semrush (see section 26) and collects information on which marketing measures or search terms a user has used to reach the website. It is used to analyze and measure information on how different marketing sources influence traffic to the website in order to derive insights and make marketing decisions.

c. Marketing technologies

Marketing technologies are used to offer users content that is relevant and tailored to their interests. They are also used to measure and control the effectiveness of campaigns. They can also be used to create user profiles in order to display target group-oriented advertising. Marketing technologies may also include so-called pixels, which can share information with third parties. These pixels are small, invisible graphics or scripts that enable third-party providers to collect anonymous data about user interaction with the website. The legal basis for the processing of marketing technologies is consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent given can be revoked at any time via this link. The marketing technologies are listed below:

  • Name: tms

Description: This cookie stores a timestamp that indicates the exact time at which a particular action or event took place on the website. This timestamp can be used to determine when a visitor responded to a particular marketing campaign, for example.

  • Name:__utmz

Description: This cookie is set by Google Analytics (see section 10). It contains information about how the visitor arrived at the website, for example via marketing measures such as advertisements. The cookie also stores whether the visitor's source of origin was different when they last visited the website. If the origin of the visitor is not clearly identified in a current session, it is possible to analyze which actions the visitor performed on the original website, such as a purchase. This makes it possible to draw conclusions about the origin of the visitor. The information collected is used to track the effectiveness of marketing efforts and enables marketing strategies to be optimized and content to be adapted.

  • Name: __Secure-1PAPISID, __Secure-1PSID, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, __Secure-1PSIDCC,

Description: These cookies are set by Google (see section 13). They create a profile of the website visitor's interests in order to display relevant and personalized Google advertising. The last search queries and previous interactions of the website visitor are analyzed.

  • Name: __Secure-ENID

Description: This cookie is set by Google (see section 13) to prevent fraudulent login attempts and contribute to the security of accounts. It is also used to store a Google user ID. This ID is used for statistical and marketing purposes after a successful login. A user's activities and behaviour are analyzed after logging in to gain insights into the use of their services and to display personalized advertising.

  • Name: 1P_JAR, NID, APISID

Description: These cookies are installed by Google (see section 13) and evaluate the last search queries and previous interactions of the website user. This is used to display customized advertising on Google websites.

  • Name: DV

Description: This cookie is used by Google (see section 13) to store the visitor's preferences and other information that customizes the browsing experience on Google websites. This includes, in particular, the preferred language and the number of search results to be displayed on the page. The cookie is used to adapt advertising on Google websites to the user's preferences and needs.

  • Name: SAPISID

Description: This cookie is set by Google (see section 13) and collects information about website users who watch embedded YouTube videos. The data collected is used to display personalized advertising to the user on the YouTube platform.

  • Name: SSID

Description: This cookie is set by Google (see section 13) and collects information about website users when they click on a video hosted by YouTube on an embedded Google Maps map. The data collected from viewing videos on Google Maps is used to customize personalized advertising and services.

  • Name: HSID

Description: This cookie is set by Google (see section 13) and is used to confirm the authenticity of visitors and ensure the security of user data. It serves as a security measure to ensure that users accessing a particular website or service are legitimate and that there is no fraudulent use of login data.

  • Name: _uetsid, _uetsid_exp, _uetvid, _uetvid_exp

Description: These technologies are set by Microsoft Advertising (see section 19). They record website visits and track how users move around the website. They are used to analyze user behavior and measure the effectiveness of our Microsoft advertising campaigns. They also make it possible to track website visits across different websites that use Microsoft Advertising.

  • Name: IDE

Description: This cookie is used by DoubleClick (see section 22) and collects information about user browsing behavior in order to present advertisements that are more relevant and appealing to the user's interests. It also stores data about how users interact with advertisements, for example by clicking on them or ignoring them. This information is used to measure and optimize the performance of advertising campaigns.

10. GOOGLE ANALYTICS;

This Website uses Google Analytics. Google Analytics is a web-analytics service. Web analytics is the collection, compilation and analysis of data regarding the behavior of visitors to webpages. A web-analysis service collects, among other things, data as to the question from which webpage a Data Subject has arrived on a webpage (known as a referrer), which sub-sites of the website were accessed or how often and for which length of stay a sub-site was viewed. A web analysis is primarily used to optimize a webpage and to carry out a cost-benefit analysis of internet advertising. The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google uses the data and information collected, among other things, to analyze the use of the Website in order to compile online reports for us that show the activities on the Website and to provide additional services connected to the use of the Website.

In the context of this process, Google will learn of personal data — such as the IP address of the Data Subject —, which enables Google, among other things, to trace the provenance of the visitors and clicks and as a result to allow commissions to be invoiced. By means of the cookie, personal data — for example the time of access, the place from which our Website was accessed, and the number of times that the Data Subject visited our Website — is stored. Each time our Website is visited, this personal data, including the IP address of the internet connection used by the Data Subject, is transferred to Google in the US. This personal data is stored by Google in the US.

Google potentially transmits this personal data, which was collected via the technical process, to third parties. As has already been set out above, the Data Subject may, at any time, prevent our Website from placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby permanently object to the placing of cookies. Such an adjustment to the settings of the internet browser used would also prevent Google from placing a cookie on the IT system of the Data Subject. In addition, a cookie that has already been placed by Google Analytics can be deleted at any time via the internet browser or other software programs. Besides, the Data Subject has the option of objecting to the collection of the data produced by Google Analytics and related to the use of this Website as well as of objecting to the processing of such data by Google and of preventing such collection and processing.

In order to do this, the Data Subject needs to download a browser add-on at https://tools.google.com/dlpage/gaoptout and install it. This browser add-on lets Google Analytics know via JavaScript that no data and information about the visits of webpages may be transmitted to Google Analytics. Google considers the installation of the browser add-on to constitute an objection. If the IT system of the Data Subject is deleted, formatted or reinstalled at a later date, then the Data Subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is deinstalled or deactivated by the Data Subject or by any other person who is attributable to the Data Subject’s sphere of control, there is an option of reinstalling or reactivating the browser add-on. For more information and the applicable data protection provisions of Google please see https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html.

Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/. The legal basis for this processing activity is Art. 6(1)(a) GDPR.

11. GOOGLE TAG MANAGER

This Website uses Google Tag Manager. This service allows website tags to be managed via an interface. Tags are small code elements which serve, among other things, to measure traffic and visitor behavior. Google Tag Manager only implements tags. No cookies are used, and hence no personal data is collected, as part of that process. Google Tag Manager triggers other tags, which in turn potentially collect data. Google Tag Manager does not, however, access this data. If a deactivation was effected at the level of the domain or cookie, it remains in place for all tracking tags provided that they are implemented with Google Tag Manager.

We also use the "Conversion Linker" function, which is part of the Google Tag Manager. The conversion linker is used to collect information from advertising clicks and to ensure that conversions (such as transactions or target completions) can be assigned to the original advertising clicks. This also happens when users switch between different pages or domains during their visit to the website. The use of the conversion linker enables us to measure and optimize the success of our advertising campaigns. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

12. Google reCAPTCHA

This website uses the reCAPTCHA service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to ensure that interactions on our website come from real people and to prevent spam and automated bot activity. The reCAPTCHA query is used to distinguish whether an input is made by a human or abusively by automated, machine processing.

ReCAPTCHA can set a necessary cookie called "_GRECAPTCHA" when executing the security check to perform a risk analysis and ensure that the users are human and genuine visitors. During this check, certain information (e.g. the IP address), but also the behavior and interactions of the users are collected and analyzed. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to protect our website from spam and fraudulent activities as well as automated bots. You can find more information about Google's privacy policy at: https://policies.google.com/privacy?hl=de.

13. Google AdWords

The website uses Google Conversion Tracking. Google AdWords places a cookie on your computer if you have reached our website via a Google ad. As part of its sales activities, AUTO1.com draws the attention of potentially interested parties to the offers on the website through Google AdWords, i.e. advertisements, e.g. as part of Google search results. This cookie loses its validity after 30 days and is not used for personal identification. If the user visits certain pages of the AdWords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.

However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com. The Google privacy policy on conversion tracking can be found at https://policies.google.com/privacy?gl=de. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

In addition, so-called customer match lists are used as part of our Google Ads advertising activities to enable us to better address our target groups. For this purpose, lists with encrypted user data (e.g. email addresses) are transmitted to Google Ads. After the upload, the system checks which data is already known and adds these users to our company's customer target group. Once the customer match lists have been created, the encrypted data is automatically deleted again. Our company does not obtain any new addresses as a result. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

14. AMAZON CLOUDFRONT

This Website uses Amazon CloudFront, a CDN (content delivery network) of Amazon Web Services, Inc. (hereinafter “Amazon”).

Using a CDN shortens the loading time of the Website. Amazon operates numerous servers in Europe (including in Frankfurt am Main, Germany, and Milan, Italy) in order to be able to send our data to you as quickly as possible. However, in technical terms it cannot be ruled out that your browser may access a server outside the EU (e.g. because you access this Website from outside the EU, or for some other reason). In such a case, data is sent from your browser directly to the respective country and/or region (North and South America, Asia, Australia).

The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure the proper functioning of our services and to provide an efficient user experience. For more information on Amazon CloudFront see https://aws.amazon.com/de/cloudfront/. You can find the Amazon privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.

15. Incapsula

This website uses Incapsula's Content Delivery Network (CDN), which is distributed by Imperva Inc, 050 S. Delaware, St Ste 203, San Mateo, CA 94403-2394, USA, to support the delivery of content and improve the performance of our website. Incapsula's CDN is used to make the delivery of web content more efficient and to shorten loading times. In addition to the CDN, Incapsula also provides protection against Distributed Denial of Service (DDoS) attacks and a web application firewall. Incapsula's DDoS protection feature is designed to detect and mitigate attacks and minimize the impact on our website. It analyzes traffic and filters unwanted or malicious traffic flows to ensure the security and availability of our services. Incapsula's Web Application Firewall provides protection against various types of web attacks and security threats by monitoring incoming traffic and blocking malicious traffic.

The use of Incapsula may require the transfer of personal data, including IP addresses and browsing information, between your browser and Incapsula's servers. Incapsula may operate servers in different regions and countries, and therefore the data transfer may take place between different locations. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the security and availability of our website and services and protecting them from attacks and security threats. Further information can be found in Incapsula's privacy policy at https://www.imperva.com/trust-center/privacy-statement/.

16. Crazyegg.com

This website uses the CrazyEgg.com tracking tool to record randomly selected individual visits (only with anonymized IP addresses). This tracking tool uses cookies to analyze how you use the website (e.g. which content is clicked on). A usage profile is displayed visually for this purpose. When the tool is used, user profiles are created using pseudonyms.

The legal basis for this processing is Art. 6 para. 1 lit. a GDPR. You can object to the processing of data generated by CrazyEgg.com at any time by following the instructions at http://www.crazyegg.com/opt-out. Further information on data protection at CrazyEgg.com can be found at http://www.crazyegg.com/privacy.

17. Whatsapp Business

Communication with AUTO1.com can be carried out within the framework of an existing dealer relationship or for other inquiries via the messenger service of the company WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland (hereinafter "WhatsApp"). An existing messaging account with WhatsApp is required for use.

All communication content (your messages and attached images) is secured by WhatsApp using end-to-end encryption, which prevents WhatsApp from viewing the content, but only the message recipient itself. However, we would like to point out to you as our communication partners, i.e. in particular our merchants, that WhatsApp cannot see the content, but can learn that and when communication partners communicate with us as well as technical information about the device used by the communication partners and, depending on the settings of your device, also location information (so-called metadata). Except for the encrypted content, a transmission of the communication partners' data within the Facebook group of companies is possible, in particular for purposes of optimizing the respective services and for security purposes. Likewise, communication partners should assume, at least as long as they have not objected to this, that their data processed by WhatsApp may be used for purposes of marketing or displaying advertising tailored to users. If you do not want WhatsApp or Facebook to process your data, you are of course free to refrain from using the messenger service.

The legal basis for this processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is to offer you fast and efficient communication and to adapt to the needs of our communication partners.

For more information about the purposes, types and scope of the processing of your data by WhatsApp, as well as the related rights and settings options to protect your privacy, please refer to the privacy notices of WhatsApp: https://www.WhatsApp.com/legal/.

18. LinkedIn Insight Tag

On our website, the so-called Insight Tag of the social network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) is used.

The LinkedIn Insight Tag establishes a connection to the LinkedIn server if you visit our website and are logged into your LinkedIn account at the same time. If a user is redirected to our website via a LinkedIn advertisement, both temporary session cookies and permanent cookies are set in the user's browser, which record which advertising campaigns and pages of our website were accessed. Here, data such as URL, referrer URL, device properties and IP address of the user are recorded, among other things. These cookies are also known as conversion cookies and are used by LinkedIn to generate traffic statistics for our website. These traffic statistics are in turn used by us to determine the success of our ads and to optimize them.

The legal basis for this processing is Art. 6 (1) lit. a GDPR, provided that you as a user have given your consent.

In addition, we use further retargeting functions of LinkedIn if you have given us consent via our cookie banner. These functions enable us to display targeted advertising outside the website to visitors to our website. The legal basis for the processing is Art. 6 (1) lit. a GDPR, provided that you as a user have given your consent.

As part of LinkedIn's advertising activities, we also use a matching function of contact lists by LinkedIn to enable better advertising targeting of our target groups. For this purpose, lists with encrypted user data (e.g. name, job title, company, country) are transmitted to LinkedIn, whereby target groups are played out to us in the end result, to which we can direct our advertising campaigns. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR, provided that you as a user have given your consent. The analysis of usage behavior as well as targeted advertising by LinkedIn can be objected to at any time using the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Furthermore, members of LinkedIn can control the use of their personal data for advertising purposes in the account settings. To avoid a linkage of data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website. Without a personal LinkedIn account, you have the option to reject LinkedIn's cookies and advertising settings at the following link: www.linkedin.com/mypreferences/g/guest-cookies. You can also learn more about the data processed through the use of LinkedIn Insight Tag in the privacy policy https://www.linkedin.com/legal/privacy-policy.

19. Microsoft Advertising
We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521, Ireland on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking tag (hereinafter "UET") to help us serve targeted advertisements through the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. This involves processing our users' personal data in the form of online identifiers, IP addresses, device identifiers, and information about device and browser settings. Microsoft Advertising collects data via UET that allows us to track target groups based on retargeting lists. For this purpose, cookies are stored on the end device used by the user when visiting our website. Microsoft Advertising can thus recognize that our website has been visited and, if Microsoft Bing is used at a later time, an advertisement can be played to the user. This information is also used to record how many users have come to our website after clicking on an advertisement (so-called conversion statistics). We thereby learn the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users can be personally identified. The legal basis for this processing is Art. 6 (1) lit. a GDPR, provided that you as a user have given your consent to this. Furthermore, you can deactivate personalized advertisements at Microsoft via the following link: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen. 17. Mouseflow This website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark (hereinafter "Mouseflow"), to record randomly selected individual Visits (with anonymized IP address only). This creates a log of mouse movements and clicks, with the intention of randomly replaying individual website visits and to derive potential improvements for the website from them. The information is not personally identifiable and will not be shared. If you do not wish to be recorded, you can do so on all websites that use Mouseflow use, at the following link: www.mouseflow.de/opt-out/. Mouseflow's privacy policy can be found at https://mouseflow.de/privacy/.

20. Facebook

This website uses Facebook Custom Audiences, a server-side event tracking tool from the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to enable us to better address our target groups. For this purpose, lists with encrypted user data (e.g. the email address) are transmitted to Facebook, which ultimately provides us with target groups to which we can direct our advertising campaigns. This does not provide our company with any new addresses. Further information on data protection at Meta can be found at https://www.facebook.com/privacy/center/. The legal basis for processing is Art. 6 para. 1 lit. a GDPR.

21. Mouseflow

This website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark (hereinafter "Mouseflow"), to record randomly selected individual Visits (with anonymized IP address only). This creates a log of mouse movements and clicks, with the intention of randomly replaying individual website visits and to derive potential improvements for the website from them. The information is not personally identifiable and will not be shared.

If you do not wish to be recorded, you can do so on all websites that use Mouseflow use, at the following link: www.mouseflow.de/opt-out/. Mouseflow's privacy policy can be found at https://mouseflow.de/privacy/.

22. DoubleClick by Google

This website uses DoubleClick by Google. DoubleClick by Google uses cookies to present you with advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads have been displayed in your browser and which ads have been viewed.

The use of DoubleClick cookies only enables Google and its partner websites to only the placement of ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available at https://adssettings.google.com/u/0/authenticated?hl=en-GB under the item "DoubleClick deactivation extension". Alternatively, you can deactivate the DoubleClick cookies on the Digital Advertising Alliance website at http://optout.aboutads.info/?c=2#!/. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

23. Datadog

This website uses the web analysis service Datadog from Datadog Inc. 620 8th Avenue, Floor 45, New York, NY 10018 (hereinafter referred to as "Datadog"). Datadog enables us to carry out statistical surveys on the speed of the website, in particular loading times. Datadog uses technologies such as cookies, which enable us to analyze your use of the website. The information thus generated about your use of this website is transmitted and stored exclusively within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Data processing, in particular the setting of cookies, only takes place with your consent. Further information on terms of use and data processing can be found at https://www.datadoghq.com/legal/privacy/. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

24. Loggly

This website uses the Loggly service from SolarWinds Worldwide, LLC, 7171 Southwest Parkway, Bldg 400, Austin, Texas 78735, USA (hereinafter "Loggly") to track and fix logs and errors on our websites. Loggly is a log management and analysis service that helps us to ensure the performance and stability of our websites. The data collected by Loggly includes information about the use of our websites, including error logs, user interactions and other event data. This information is critical to identifying, diagnosing and resolving problems and malfunctions. Loggly generally collects this data anonymously and does not use any personally identifiable information. The data is used exclusively for troubleshooting and to improve the user experience. Further information on data protection at Loggly can be found at https://www.solarwinds.com/legal/privacy. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

25. Mixpanel

This website uses Mixpanel, a service of Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA (hereinafter "Mixpanel"). Mixpanel stores and processes information about your user behavior on our website. Mixpanel uses cookies for this purpose, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable website usage to be analyzed.

We use Mixpanel for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. Further information on data protection at Mixpanel can be found at https://mixpanel.com/legal/privacy-policy. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

26. Semrush

This website uses the analysis tool of Semrush Holdings, Inc, 800 Boylston Street, Suite 2475, Boston, MA 02199, USA (hereinafter referred to as "Semrush"). Semrush is a third-party tool that supports us in keyword research, competitive analysis and search engine optimization. Semrush uses cookies to collect information about the origin of visitors, keywords used, conversion activities and the effectiveness of our marketing campaigns. This data is used to analyze and improve the performance of our website and our marketing strategies. Further information on data protection at Semrush can be found at https://www.semrush.com/company/legal/privacy-policy/. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR.

27. ERASURE AND BLOCKING OF PERSONAL DATA;

AUTO1.com processes and stores other personal data only for such period of time as is required in order to achieve the purpose of the storage. Once the purpose of the storage has ceased to exist, the personal data is erased or anonymized as a matter of routine and in accordance with legal provisions.

This does not apply to vehicle identification numbers. AUTO1.com uses vehicle identification numbers for market analysis purposes. For this purpose, AUTO1.com processes and stores  vehicle identification numbers for an unlimited period of time. The legal basis is Art. 6 (1)(f) GDPR. We have a legitimate interest in using vehicle identification numbers for the above-mentioned purpose for an unlimited period of time because the information to be derived from the vehicle identification number is essential for the provision of our services.

28. RIGHTS OF THE DATA SUBJECT

Should you wish to exercise any of the rights listed in this clause, you may at any time send a message using the contact details referred to in clause 1 or clause 2 (e.g. by e-mail or letter).

a. Right to confirmation

You have the right to request confirmation whether personal data concerning you is being processed.

b. Right of access

You have the right to obtain information about the following in particular:

  • the personal data stored on you;
  • the purposes of the processing;;
  • the categories of personal data that is being processed;;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed
  • the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period;;
  • the right to lodge a complaint with a supervisory authority;;
  • the existence of automated decision-making;;
  • whether personal data has been transferred to a third country or to an international organization.

c. Right to rectification

You have the right to demand;

  • the rectification of inaccurate personal data concerning you

and;

  • the completion of incomplete personal data concerning you.

d. Right to erasure

You have the right for any personal data concerning you to be erased without undue delay in particular if;

  • the purpose for which personal data was collected or otherwise processed has ceased to exist;
  • you withdraw your consent on which the processing was based and there is no other legal basis for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing

and/or;

  • the personal data has been unlawfully processed.

e. Right to restriction of processing

You have the right to demand a restriction of the processing if;

  • you contest the accuracy of the personal data, namely for a period which enables AUTO1.com to verify the accuracy of the personal data;;
  • the processing is unlawful and instead of the erasure of the personal data you demand the restriction of the use of the personal data;;
  • the personal data is no longer needed for the purposes of the processing, but you require the personal data for the establishment, exercise or defense of legal claims;
  • you have objected to the processing and it has not yet been clarified whether your objection will lead to the data processing being stopped.

f. Right to data portability

You have the right to receive the personal data concerning you in a structured, commonly-used and machine-readable format.

In addition, you have the right to have the personal data transmitted directly to another controller to the extent that this is technically feasible and if this does not adversely affect the rights and freedoms of others.

g. Right to object

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you, if the processing is based on the following ground:

  • processing is necessary for the purposes of the legitimate interests pursued by AUTO1.com or by a third party.

In the event of an objection, AUTO1.com will no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the aim of the processing is to establish, exercise or defend against legal claims. Should you wish to exercise a right of objection, you may at any time send a message using the contact details referred to in clause 1 or clause 2 (e.g. by e-mail, fax, letter).

h. Right to complain

You have the right to file a complaint if you are of the opinion that a processing activity violates the GDPR. The authority competent for AUTO1.com GmbH is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59-61, 10555 Berlin, Germany.

Version as at January 2024