Privacy
Data privacy statement
Thank you for your interest in our company and for visiting our website www.auto1-group.com
(hereinafter: the “Website”).
This data privacy statement provides information to you on the nature, scope and purpose of
the personal data processed by AUTO1 Group SE and AUTO1 Group Operations SE (hereinafter:
jointly “AUTO1 Group” or “we”) as well as the rights to which you are entitled.
If you have any questions regarding data protection at AUTO1 Group you can reach out to our
Data Protection Team by sending an email to datenschutz@auto1.com.
1. The controller responsible for the processing of your personal data
Depending on the processing activity, either AUTO1 Group Operations SE or AUTO1 Group SE is responsible for the processing of your personal data.
If personal data is processed in the area of investor relations, the controller responsible is AUTO1 Group SE, Bergmannstraße 72, 10961 Berlin, Germany, phone +49 (0)30 / 2016 38360, email info@auto1-group.com.
AUTO1 Group Operations SE, Bergmannstraße 72, 10961 Berlin, Germany, phone +49 (0)30 2016 3836 0, email: info@auto1-group.com is responsible for all other processing activities.
This data privacy statement applies equally to the processing of personal data by AUTO1 Group SE and AUTO1 Group Operations SE. In particular, you may assert the rights to which you are entitled pursuant to Section 17 against AUTO1 Group SE as well as against AUTO1 Group Operations SE.
2. Data protection officer
Should you have any questions and/or suggestions with regard to data protection, you may contact our data protection officer directly at any time. Our data protection officer can be contacted at: AUTO1 Group Operations SE / AUTO1 Group SE, Bergmannstraße 72, 10961 Berlin, Germany, phone: +49 (0)30 / 201 638 360, email: datenschutz@auto1.com
3. Processing of usage data
Every time this Website is accessed by a user, this Website collects general data and information. This general data and information is stored in the log files of the server. This concerns the following data:
- browser types and versions used,
- the operating system used by the accessing system,
- the webpage from which an accessing system arrived on this Website (known as a referrer),
- the sub-websites that are accessed on this Website via an accessing system,
- the date and time of an access to the Website,
- the IP address,
- the internet service provider of the accessing system
- other similar data and information aimed at averting danger in the event of attacks directed at our IT systems.
AUTO1 Group processes this data in order to
- correctly deliver the content of this Website and to ensure the permanent functionality of our IT systems and the technology underlying this Website
The legal basis for this processing activity is Art. 6 (1)(b) GDPR.
- optimize the content of and the advertising for this Website.
The legal basis for this processing activity is Art. 6 (1)(f) GDPR. Our legitimate interest is to adjust the website to individual user needs and to improve our services. - provide to law-enforcement authorities the information necessary for purposes of
conducting criminal proceedings in the event of a cyberattack
The legal basis for this processing activity is Art. 6(1)(f) GDPR. AUTO1 Group has an overriding legitimate interest in ensuring the security of the Website and preventing misuse
4. Processing of data that you have provided to us
We collect and store data that you transmit to us when using the website - for example, when you contact us directly. This includes in particular
- data that you submit to us via social media, websites or services
- data that is transmitted in the context of resolving any problems and of correspondence/feedback on the Website or via email / fax / postal mail / telephone.
5. Transfer of personal data to affiliated companies
Further companies affiliated with AUTO1 Group may have access to or process your personal data if this is necessary to achieve the processing purposes stated in this data privacy statement or if this is necessary to fulfil the contractual or legal obligations of AUTO1 Group. AUTO1 Group contractually ensures that each company complies with high data protection and data security standards. The legal basis for this processing is Art. 6 (1) (f) GDPR, whereby our legitimate interest is to outsource internal administrative purposes to affiliated companies and thus improve our services
If AUTO1 Group transfers personal data to affiliated companies outside the European Union or the European Economic Area, Section 7. para. 3 applies accordingly
6. Applications / application process
Via the Website you can apply for a job at different subsidiaries of AUTO1 Group (hereinafter: the ”AUTO1 Subsidiaries“).
a. Processing of Applicants’ Data
AUTO1 Group collects the personal data that the applicant has provided via the online applicants’ portal (hereinafter the “Applicants’ Data”).
Responsibility for carrying out the application process as well as processing the application lies with AUTO1 Global Services GmbH & Co. KG, a subsidiary of AUTO1 Group, (hereinafter: “AUTO1 Global“). For this purpose AUTO1 Group transmits the Applicants’ Data to AUTO1 Global. The Applicants’ Data is only used for purposes of the application process.
In addition, AUTO1 Group may forward the Applicants’ Data to the AUTO1 Subsidiary to which the applicant is applying. Prior to any transmission of the Applicants’ Data, the applicants’ attention is explicitly drawn to the processing of the Applicants’ Data by AUTO1 Global and the forwarding of their Applicants’ Data to AUTO1 Global and to the respective responsible AUTO1 Subsidiary, whereupon the applicants give their express consent in that regard. This consent is the legal basis for this processing according to Art. 6(1)(a) GDPR. Without that express consent by the applicants the application process cannot be started.
Applicants may revoke their consent at any time with effect for the future by sending an email to datenschutz@auto1.com. Such revocation of consent constitutes a withdrawal of an applicant’s application.
b. Collection of personal data from other sources
If the applicant has an active profile on an application portal such as Xing, Stepstone or similar professional platforms and discloses this to the AUTO1 Group as part of the application process, AUTO1 Group may also receive and collect personal data from this as part of the application process.
c. Storage of Applicants’ Data at SmartRecruiters
For purposes of the application process, we use the software of SmartRecruiters GmbH, Wilhelmstraße 118 10963 Berlin (hereinafter: “SmartRecruiters“).
For this purpose, Applicants’ Data is stored and processed on the servers of SmartRecruiters in Germany and the EU. AUTO1 Group has carefully chosen SmartRecruiters. The protection of the Applicants’ Data has been ensured by way of a contract with SmartRecruiters regarding contract data processing, under which SmartRecruiters processes the personal data only when commissioned to do so by AUTO1 Group and according to its instructions.
SmartRecruiters relies on the services provided by SendGrid Inc., 1801 California Street, Suite 500 Denver, CO 80202, USA (hereinafter: “SendGrid“) in order to facilitate the sending and receipt of emails to and from applicants via the software of SmartRecruiters. In that context, Applicants’ Data is transmitted to servers of SendGrid in the US and thus to a country outside the EU or the European Economic Area.
The legal basis for this processing activity is Art. 6 (1) (f) GDPR, whereby our legitimate interest is to use an external service provider to provide an effective application process.
d. Erasure of Applicants’ Data
Applicants’ Data is usually erased automatically at the latest 6 months after the application process has been concluded. Between the completion of the application and recruitment process and the erasure, the data is stored for evidentiary purposes. The legal basis for this processing activity is Art. 6(1)(f) GDPR. The overriding legitimate interest follows from the aforementioned processing purpose.
e. Job-Newsletter
Applicants can sign up for a newsletter to receive regular information about vacancies and other topics. If an applicant signs up for a newsletter and thereby becomes a member of the AUTO1 Talent Pool, AUTO1 Group will use the applicant's e-mail address to send the respective newsletter. AUTO1 Group uses a so-called double-opt-in procedure for newsletter registration in order to prevent unauthorised sign-ups on behalf of third parties and to ensure proper sign-ups to the newsletter. That means AUTO1 Group will send to the applicants a confirmation e-mail asking them to confirm their registration after they initially have signed-up in the registration form. AUTO1 Group will store the email address provided in order to send the newsletter until the applicants unsubscribe or AUTO1 Group stops sending the newsletter. The legal basis for this processing activity is a consent according to Art. 6(1)(a) GDPR.
Applicants can withdraw the consent at any time with effect for the future. In this case AUTO1 Group will no longer send the newsletter. If AUTO1 Group receives a withdrawal from an applicant, the corresponding personal contact data will be added to a blocking list. This ensures that AUTO1 no longer sends unwanted advertising to applicants.. The legal basis for this processing activity is Art. 6(1)(f) GDPR.
f. “Refer-a-friend” program
Our employees as well as external visitors to our website have the opportunity to recommend applicants for certain positions. The prerequisite is that the applicant agrees to this and the recommending person has credibly demonstrated the applicant's consent to us. If applicants decide to apply for the recommended position, the applicant's personal data will be processed in accordance with the regular application process (see section 6). In this case, we process the personal data for the purpose of carrying out the application process. If the application was successful, we use the applicant data also to pay the recommending person the agreed bonus. This is done on the basis of Art. 6 para. 1 lit. f. GDPR. We have a legitimate interest in recruiting new employees
7. Transfer of personal data to external service providers
AUTO1 Group receives assistance from outside service providers for certain technical data analysis, processing or storage processes (e.g. to obtain aggregated, non-personal statistics from data bases or for the storage of backup copies). These service providers are carefully selected and meet high data protection and data security standards. They are obligated to maintain strict confidentiality and process personal data only when commissioned to do so by AUTO1 Group and according to AUTO1 Group’s instructions. The legal basis for the involvement of such service providers is Article 28 GDPR.
AUTO1 Group cooperates with companies and other entities which provide specialized expertise with regard to special areas (e.g. tax consultants, legal counsel, accounting firms, logistics companies). These entities are either legally or contractually obliged to maintain confidentiality. If a transmission of personal data to these entities is necessary, the legal basis is, depending on the respective kind of cooperation, Article 6(1)(b) or, (f) GDPR.
If we transfer personal data to recipients outside the European Union or the European Economic Area (so-called "third countries"), we ensure that the appropriate level of data protection is guaranteed in the respective third country or by the respective recipient in the third country. The transfer may be based on an "adequacy decision" of the European Commission or appropriate safeguards, such as EU standard contractual clauses or binding corporate rules.
8. Cookies and other technologies
The website uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser. Cookies are stored on the hard drive of the user's computer and do not cause any damage there. The cookies of the website contain personal data about the user
In addition to cookies, this website also uses so-called local storage technologies (hereinafter: "object"). In this case, data is stored locally in the cache of your browser, which remains even after closing your browser window, unless you delete the cache, and can be read.
Both the objects and the cookies (hereinafter collectively: "technologies") may be technically necessary, as certain website functions would not work without them. Other technologies, on the other hand, are used to evaluate user behavior or display advertising.
The processing of data through the use of absolutely necessary technologies is based on a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the technically error-free provision of our services. If you deactivate the setting of cookies in the Internet browser used, not all functions of this website may be fully usable.
The processing of personal data through the use of analytical and marketing technologies is based on consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time for the future under this link.
We divide our technologies used into three categories depending on their function and intended use: Required Technologies, Analytical Technologies and Marketing Technologies
a. Required technologies
The use of required technologies ensures the functionality of our website, without which the website cannot be used as intended. The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO.
The technologies used on our website are listed below:
-
Names: gdpr_preference_essential, gdpr_preference_analytical,
gdpr_preference_marketing.
Description: these cookies are used to store the user's particular cookie selection setting. -
Name: geoLocation
Description: this cookie is used to localize the user in order to suggest the website in his language -
Name: ignoreGeoLocation
Description: This cookie checks if the user has selected the website language himself, which causes the cookie geoLocation not to be set. - Name: _locale
Description: This cookie is used to store the user's preferred language area
a. Analytical technologies
This includes those technologies whose use enables statistical web analysis and range measurement, e.g. to further develop and improve our offer for you. The legal basis for the processing is your consent according to Art. 6 para. a lit. a GDPR. You can revoke your consent at any time via this link with effect for the future.
The analytical technologies of this website are listed below:
-
Names: SCID, SCID_RESET_TIME.
Description: These cookies store a user-defined session ID for internal tracking. RESET_TIME renews the technical request for the SCID cookie -
Name: CID
Description: This cookie is used to assign which application portal a user used to apply to us (see point 6 b). -
Name: isMfUser
Description: This cookie is used by Mouseflow (see number 16). It is used to evaluate the mouse movements of website users in order to be able to further improve the relationships between navigation areas, page elements and form fields internally. -
Name: _gcl_au, _gcl_aw
Description: These cookies are used by Google Tag Manager (see Clause 9) to measure advertising effectiveness on the website. They take information from ad clicks and store it in these cookies so that the efficiency of advertising can be measured. -
Name: _ga
Description: this cookie is installed by Google Analytics (see paragraph 11). It is used to distinguish users and improve the usability of our website. In addition, this cookie stores anonymized statistics. -
Name: _gat
Description: This cookie is installed by Google Analytics (see item 11). It is used to limit the request rate of Google Analytics -
Name: _gid
Description: This cookie is installed by Google Analytics (see item 11). It is used to store information about how visitors use the website and helps create an analytics report about the website's performance. We can see from which page users come to our site and which pages they have visited on our site. -
Name: _gac_UA-59065954-3
Description: This cookie is installed by Google Analytics (see number 11) to evaluate the session status of the respective browser session. -
Name: OTZ
Description: This cookie is set by Google Analytics (see number 11) and evaluates visitor traffic on our website. -
Name: HSID, SID
Description: These cookies are installed by Google (see number 12). It is used for security purposes to store records of a user's Google account ID and last login time, which allow Google to authenticate users, prevent fraudulent use of login information, and protect user data from unauthorized parties. -
Name: SAPISID, SIDCC, SSID, APISID
Description: these cookies are set by Google (see paragraph 12). They are used to store information about how users use the website and what advertisements they may have seen before visiting our website. They are also used to customize advertising on Google websites by evaluating users' recent search queries, previous interactions with an advertiser's ads, or user search results and website visits. -
Name: NID
Description: This cookie is used by Google (see paragraph 12) to tailor ads to the user's Google search queries. With the help of the cookie, Google remembers the most frequent search queries or previous interactions with ads from the user. In this way, users always receive tailored ads. The cookie contains a unique ID that Google uses to record the user's personal preferences for advertising purposes. -
Name: AEC
Description: This cookie is set by Google (see paragraph 12) and ensures that requests within a browser session are made by the user and not by other websites. This cookie prevents malicious websites from acting on behalf of the user without the user's knowledge -
Name: IDE
Description: This cookie is used by DoubleClick by Google (see Clause 13) to record and report the user's actions on the website after seeing or clicking on an ad, in order to measure the effectiveness of an ad and display targeted ads to the user. -
Name: _ce.cch
Description: This cookie is used by CrazyEgg (see paragraph 10) and provides information about how users interact with our website. This information is used to optimize the website design -
Name: _ce.gtld
Description: This cookie is used by CrazyEgg (see number 10) and is used to identify the "top-level domain". -
Name: _ce.gtld
Description: This cookie is used by CrazyEgg (see number 10) and is used to identify the "top-level domain". -
Name: cebs, cebsp
Description: These cookies are set by CrazyEgg (see number 10) and are used to track the current user session internally. -
Name: ce_clock
Description: This object is used by Crazy Egg (see item 10). It is used to find out if our website has a content security policy that would prevent tracking -
Name: ce_clock
Description: This object is used by Crazy Egg (see item 10). It is used to find out if our website has a content security policy that would prevent tracking -
Name: ce_successful_csp_check
Description: this object is used by CrazyEgg (see Clause 10) and sets a timestamp when a user visits our website. This information is used for internal analytical purposes on our website.
c. Marketing technologies
Marketing technologies are used to provide content that is relevant to users and tailored to their interests. They are also used to measure and control the effectiveness of campaigns. Furthermore, they can be used to create user profiles in order to display targeted advertising. The legal basis for the processing of marketing technologies is your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time via this link with effect for the future.
The following marketing technologies are used on our website:
-
Name: __Secure-1PSID, __Secure-1PSIDCC, __Secure-3PAPISID, __Secure-3PSID,
__Secure-3PSIDCC, __Secure-ENID, 1P_JAR
Description: These cookies are set by Google (see number 12) and used for targeting purposes. They create an interest profile of website visitors in order to be able to display relevant and personalized Google advertising based on this. For this purpose, the last search queries and previous interactions of the website user are evaluated -
Name: _fbp
Description: This cookie is set by Facebook (see number 15). It tracks and distinguishes visitors to our website users. The information collected is transmitted to Facebook for advertising purposes.
9. Google Tag Manager
This Website uses Google Tag Manager.
This service allows website tags to be managed via an interface. Tags are small code elements which serve, among other things, to measure traffic and visitor behavior. Google Tag Manager only implements tags. No cookies are used, and hence no personal data is collected, as part of that process.
Google Tag Manager triggers other tags, which in turn potentially collect data. Google Tag Manager does not, however, access this data. If a deactivation was effected at the level of the domain or cookie, it remains in place for all tracking tags provided that they are implemented with Google Tag Manager.
10. CrazyEgg.com
This Website uses the tracking tool CrazyEgg.com in order to record randomly selected individual visits (only with an anonymized IP address). Using cookies, this tracking tool allows an analysis of the way in which you use the Website (e.g. what content is being clicked on). To that end, a user profile is displayed visually. The tool creates user profiles using pseudonyms. The legal basis for this processing activity is your consent according to Art. 6(1)(a) GDPR/Art. 6(1)(f) GDPR.
You may at any time object to the processing of the data generated by CrazyEgg.com by following the instructions at http://www.crazyegg.com/opt-out.
For further information on data protection at CrazyEgg.com please see http://www.crazyegg.com/privacy.
11. Google Analytics
This Website uses Google Analytics.
Google Analytics is a web-analytics service. Web analytics is the collection, compilation and analysis of data regarding the behavior of visitors to webpages. A web-analysis service collects, among other things, data as to the question from which webpage a Data Subject has arrived on a webpage (known as a referrer), which sub-sites of the website were accessed or how often and for which length of stay a sub-site was viewed. A web analysis is primarily used to optimize a webpage and to carry out a cost-benefit analysis of internet advertising.
The operating company of the Google-Analytics component is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google LLC has been certified under the Privacy-Shield frame-work and thereby offers a guarantee that it is in compliance with European data protec-tion law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
For web analysis via Google Analytics AUTO1 Group uses the suffix “_gat._anonymizeIp”. By means of this suffix, the IP address of the internet connection of the Data Subject is truncated and anonymized by Google if our Website is accessed from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google-Analytics component is the analysis of the flow of visitors on the Website. Google uses the data and information collected, among other things, to analyze the use of the Website in order to compile online reports for us that show the activities on the Website and to provide additional services connected to the use of the Website.
Google Analytics uses what is known as “cookies”, i.e. text files that are stored on your computer and enable an analysis of how you have used the website.
Each time that one of the individual pages of this Website — which is operated by the controller responsible for the processing and on which a Google-Analytics component has been integrated — is accessed, the internet browser on the IT system of the Data Subject is automatically induced by the respective Google-Analytics component to transmit data to Google for purposes of online analysis. In the context of this technical process, Google will learn of personal data — such as the IP address of the Data Subject —, which enables Google, among other things, to trace the provenance of the visitors and clicks and as a result to allow commissions to be invoiced.
By means of the cookie, personal data — for example the time of access, the place from which our Website was accessed, and the number of times that the Data Subject visited our Website — is stored. Each time our Website is visited, this personal data, including the IP address of the internet connection used by the Data Subject, is transferred to Google in the US. This personal data is stored by Google in the US. Google potentially transmits this personal data, which was collected via the technical process, to third parties.
As has already been set out above, the Data Subject may, at any time, prevent our Website from placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby permanently object to the placing of cookies. Such an adjustment to the settings of the internet browser used would also prevent Google from placing a cookie on the IT system of the Data Subject. In addition, a cookie that has already been placed by Google Analytics can be deleted at any time via the internet browser or other software programs.
Besides, the Data Subject has the option of objecting to the collection of the data produced by Google Analytics and related to the use of this Website as well as of objecting to the processing of such data by Google and of preventing such collection and processing. In order to do this, the Data Subject needs to download a browser add-on at https://tools.google.com/dlpage/gaoptout and install it. This browser add-on lets Google Analytics know via JavaScript that no data and information about the visits of webpages may be transmitted to Google Analytics. Google considers the installation of the browser add-on to constitute an objection. If the IT system of the Data Subject is deleted, formatted or reinstalled at a later date, then the Data Subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is deinstalled or deactivated by the Data Subject or by any other person who is attributable to the Data Subject’s sphere of control, there is an option of reinstalling or reactivating the browser add-on.
For more information and the applicable data protection provisions of Google please see https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html.
Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.
The legal basis for this processing activity is Art. 6(1)(f) GDPR.
10. Erasure and blocking of personal data
AUTO1 Group processes and stores other personal data only for such period of time as is required in order to achieve the purpose of the storage.
Once the purpose of the storage has ceased to exist, the personal data is erased or anonymised as a matter of routine and in accordance with legal provisions. Usage data is generally erased after 30 days.
12. Google Ads
The website uses Google Conversion Tracking ("Google Ads"). In doing so, Google Ads sets a cookie on your computer if you have reached our website via a Google ad. The AUTO1 Group draws the attention of potentially interested parties to the offers of the website by means of Google Ads, i.e. ads e.g. in the context of Google search results. As part of this, there are some specifics to know about the cookie that Google sets on your computer if you arrive at the website via a Google ad: This cookie loses its validity after 30 days and is not used for personal identification. If the user visits the website and the cookie has not yet expired, Google and AUTO1 Group can recognize that the user clicked on the ad and was redirected to the website. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this, for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the www.googleadservices.com domain. The Google privacy policy on conversion tracking can be found at https://policies.google.com/privacy?gl=de.
The legal basis for this processing is Art. 6 para. 1 lit. a GDPR
13. DoubleClick by Google
The website uses DoubleClick by Google. DoubleClick by Google uses cookies to present you with advertisements that are relevant to you. In the process, a pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were called up. The cookies do not contain any personal information.
The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. The information generated by the cookies is transferred by Google to a server in the USA for analysis and stored there.
You can prevent the storage of cookies by selecting the appropriate settings on your browser software. In addition, you can prevent the collection of the data generated by the cookies and related to your use of the website by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at https://adssettings.google.com/u/0/authenticated?hl=en-GB under the item "DoubleClick deactivation extension". Alternatively, you can deactivate the DoubleClick cookies on the Digital Advertising Alliance site at http://optout.aboutads.info/?c=2#!/. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR
14. LinkedIn Insight Tag
The so-called Insight Tag of the social network LinkedIn is used on our website. This is offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn"). With the help of this technology, visitors to our website can be shown personalized advertisements on LinkedIn. In addition, LinkedIn provides us with anonymized reports about the website's target audience and ad performance. No personal data is shared with us in the process. LinkedIn Insight-Tag also provides a retargeting feature that allows us to display targeted off-site advertising to visitors to our website.
For more information about LinkedIn's data collection and use, you can visit LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy. You can also disable the Insight tag on our website at www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The use of LinkedIn Insight-Tag is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in effective advertising measures including social media.
15. LinkedIn Insight Tag
We use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: "Facebook"). The purpose of the Facebook Pixel is to analyze and optimize our services. Through the Facebook Pixel, it is possible for Facebook to determine the visitors to our website as a target group for the display of advertisements (so-called "Facebook ads"). We use Facebook Pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our offer or who have certain characteristics (e.g. interests in certain topics or products) that we transmit to Facebook (so-called "Custom Audiences").
The Facebook Pixel is integrated directly by Facebook when you visit our website and can save a cookie on your device. If you log in to Facebook or visit Facebook while logged in, the visit of our website will be noted in your profile. By calling up the cookie from your browser, Facebook can recognize whether a Facebook ad was successful, e.g. led to an online purchase. This allows us to record the effectiveness of the Facebook ads for statistical and market research purposes.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy at https://es-es.facebook.com/privacy/explanation/
The legal basis for this processing is Art. 6 (1) lit. f GDPR. We have a legitimate interest in making our offer and our website better known via social networks.
16. Mouseflow
This website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark (hereinafter "Mouseflow"), to record randomly selected individual visits (with anonymized IP address only). This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. The information is not personal and will not be shared.
If you do not wish to be recorded, you can deactivate this on all websites that use Mouseflow at the following link: www.mouseflow.de/opt-out/. Mouseflow's privacy policy can be found at https://mouseflow.de/privacy/.
17. Duration of personal data storage
AUTO1 Group processes and stores other personal data only for such period of time as is required in order to achieve the purpose of the storage. Once the purpose of the storage has ceased to exist, the personal data is erased or anonymised as a matter of routine and in accordance with legal provisions.
18. Rights of the Data Subject
Should you wish to exercise any of the rights listed in this clause, you may at any time send a message using the contact details referred to in clause 1 or clause 2 (e.g. by e-mail or letter).
a. Right to confirmation
You have the right to request confirmation whether personal data concerning you is being processed.
b. Right of access
You have the right to obtain information about the following in particular:
- the personal data stored on you;
- the purposes of the processing;
- the categories of personal data that is being processed;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed;
- the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period;
- the right to lodge a complaint with a supervisory authority;
- the existence of automated decision-making;
- whether personal data has been transferred to a third country or to an international organization.
c. Right to rectification
You have the right to demand
- the rectification of inaccurate personal data concerning you
- the completion of incomplete personal data concerning you.
and
d. Right to erasure
You have the right for any personal data concerning you to be erased without undue delay in particular if
- the purpose for which personal data was collected or otherwise processed has ceased to exist;
- you withdraw your consent on which the processing was based and there is no other legal basis for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data has been unlawfully processed.
and / or
e. Right to restriction of processing
You have the right to demand a restriction of the processing if
- you contest the accuracy of the personal data, namely for a period which enables AUTO1 Group to verify the accuracy of the personal data;
- the processing is unlawful and instead of the erasure of the personal data you demand the restriction of the use of the personal data;
- the personal data is no longer needed for the purposes of the processing, but you require the personal data for the establishment, exercise or defense of legal claims;
- you have objected to the processing and it has not yet been clarified whether your objection will lead to the data processing being stopped.
f. Right to data portability
You have the right to receive the personal data concerning you in a structured, commonly-used and machine-readable format.
In addition, you have the right to have the personal data transmitted directly to another controller to the extent that this is technically feasible and if this does not adversely affect the rights and freedoms of others.
g. Right to object
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you, if the processing is based on the following ground:
- processing is necessary for the purposes of the legitimate interests pursued by AUTO1 Group or by a third party.
In the event of an objection, AUTO1 Group will no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the aim of the processing is to establish, exercise or defend against legal claims.
Should you wish to exercise a right of objection, you may at any time send a message using the contact details referred to in clause 1 or clause 2 (e.g. by e-mail, fax, letter).
h. Right to complain
You have the right to file a complaint if you are of the opinion that a processing activity violates the GDPR. The authority competent for AUTO1 Group is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59-61, 10555 Berlin, Germany.
Version: November 2022