I. Area of application
This data protection policy relates to all German companies of the IDEAL Automotive Group.
At the time of issuance it relates to:
– IDEAL Automotive GmbH, Margaretendamm 34, 96052 Bamberg
– IDEAL Automotive Berlin GmbH, Zerpenschleuser Ring 22, 13349 Berlin
– IDEAL Automotive Burgebrach GmbH, Kapellenfeld 1, 96138 Burgebrach
– IDEAL Automotive Ingolstadt GmbH, Pascalstr. 3, 85057 Ingolstadt
– IDEAL Automotive Oelsnitz GmbH, Theumaer Str. 9, 08606 Oelsnitz im Vogtland
– IDEAL Automotive Otterberg GmbH, Ringstr. 12, 67697 Otterberg
II. Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States and obligations under other data protection legislation is:
IDEAL Automotive GmbH
Margaretendamm 34
96052 Bamberg
Germany
Tel: +49 951 78 0
Email: info@ideal-automotive.com
Website: www.ideal-automotive.com
III. Contact data of the data protection officer
Data protection officer of IDEAL Automotive GmbH
Margaretendamm 34
96052 Bamberg
Email: Datenschutz-DE@ideal-automotive.com
IV. General information on data processing
1. Scope of processing of personal data
We principally process personal data of our users only to the extent necessary for providing a functional website as well as our contents and other services. Personal data of our users are principally processed only where the user has given his consent to the processing. Exceptions apply in such cases where, for objective reasons, it is not possible to obtain the consent and where the processing of the data is lawful.
2. Legal basis for the processing of personal data
To the extent that we obtain the consent of the data subject to the processing of personal data, Art. 6 para. 1 a) of the EU General Data Protection Regulation (GDPR) is the legal basis. For the processing of personal data required for the performance of a contract to which the data subject is party, Art. 6 para. 1 b) of GDPR is the legal basis. This also relates to processing procedures necessary to take steps prior to entering into a contract.
To the extent that the processing of personal data is required for the compliance with a legal obligation to which our company is subject, Art. 6 para. 1 c) of GDPR is the legal basis. Where vital interests of the data subject or of another natural person require processing of personal data, Art. 6 para. 1 d) of GDPR is the legal basis. Where processing is necessary to protect a legitimate interest of our company or of a third party and this interest is not overridden by the interest, fundamental rights and freedoms of the data subject, Art. 6 para. 1 f) of GDPR is the legal basis for the processing.
3. Data erasure and storage period
The personal data of the data subject will be erased or blocked once the storage purpose no longer exists. Personal data may be stored further where this is required by European or national legislation in regulations, acts or other regulations under Union law to which the controller is subject. The data will also be blocked or erased when a storage period demanded by the afore-mentioned regulations elapses; unless further storage of the data is required for concluding a contract or for fulfilling a contract.
V. Provision of the website and creation of log files
1. Description and scope of data processing
Every time our internet site is opened our system automatically gathers data and information of the computer system of the calling computer.
The following data are collected in this process:
(1) IP address of the user
(2) date and time of access
(3) pages called-up
(4) protocol information and status code of session
(5) data volume called-up
The data are also stored in the log files of our system. This does not relate to the IP addresses of the user or other data allowing the identification of the user. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data is Art. 6 para. 1 f) of GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary for sending the website to the user’s computer. The user’s IP address must be stored for the period of the session. These purposes are the ground for our legitimate interest in the data processing pursuant to Art. 6 para. 1 f) of GDPR.
4. Period of storage
The data are erased once they are no longer necessary for achieving the purpose for which they have been gathered. Where the data are gathered to provide the website it is the case when the respective session has been concluded. Storage after this time is possible. In that case, the users’ IP addresses are erased or masked so that the calling client can no longer be identified.
5. Objection and elimination option
The data are gathered in order that the website can be provided and they are stored in log files so that the internet site can work. Therefore, objection is not possible on the part of the user.
VI. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie can be stored on the user’s operating system. This cookie contains a specific string of characters which allows unique identification of the browser when the website is called up again.
We use cookies which allow analysing the user’s browsing habits.
In this way the following data can be transmitted essentially:
(1) entered search terms
(2) frequency of page views
(3) use of website functions
(4) user’s origin
(5) length of the user’s session
When our website is opened, the user is informed about the use of cookies for analysis purposes and his consent to the processing of his personal data used in this connection is obtained. In this connection reference is made to this data protection policy.
2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 f) of GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is, subject to the existence of the user’s specific consent, Art. 6 para. 1 a) of GDPR.
3. Purpose of data processing
Analysis cookies are used to improve the quality of our website and its contents. The analysis cookies tell us how the website is used and this helps us to further optimise our offer.
Our website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics use so-called cookies, i.e. text files, which are stored on your computer and which allow analysing your use of the website. The information created by the cookie relating to your use of this website is usually transferred to a Google server in the USA and stored there. We have activated IP anonymisation here. In that case, the users’ IP addresses are erased or masked so that the calling client can no longer be identified. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. These purposes are the ground for our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 f) of GDPR.
4. Storage period, objection and elimination option
Cookies are stored on the user’s computer and transferred by it to our site. Therefore, you as the user have the full control over the use of the cookies. By changing the settings in your internet browser you can deactivate or restrict the use of cookies. Cookies which have been stored already can be erased at any time. This can also be done automatically. If you deactivate cookies for our website, you may not be able to use all functions of the website to the full extent.
You can also block the cookie that collects data for Google relating to your use of the website and you can block the processing of these data by Google with the browser plug-in which you have to download and install and which is available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.
VII. Contact form and email contact
1. Description and scope of the data processing
There is a contact form on our internet site which can be used for making contact electronically. If a user takes advantage of this option, the data entered in the input mask are sent to us and stored.
These data are:
(1) your name
(2) your email address
(3) your telephone number
(4) your message to us
The following additional data are stored at the time when the message is sent:
(1) the anonymised IP address of the user
(2) date and time of sending the contact form
Your consent is obtained for the processing of the data in the process of sending and reference is made to this data protection policy. Alternatively, contact can also be made using the specified email address. The user’s personal data transmitted together with the email will be stored then. The data will not be passed to any third party in this case. The data are used exclusively for processing the conversation.
2. Legal basis for data processing
Subject to the availability of the user’s consent, Art. 6 para. 1 a) of GDPR acts as the legal basis for the processing of the data. Art. 6 para. 1 f) of GDPR acts as the legal basis for the processing of data sent in an email. If the email contact has the purpose of making a contract, Art. 6 para. 1 b) of GDPR acts as an additional legal basis for the processing.
3. Purpose of processing data
The processing of the personal data from the input mask serves solely for processing the contact communication. In the case of an email contact made, the necessary legitimate interest in this is also the processing of the data. The other personal data processed during sending serve to prevent abuse of the contact form and to ensure the security of our information systems.
4. Period of storage
The data are erased once they are no longer necessary for achieving the purpose for which they have been gathered. In respect to personal data in the input mask of the contact form and personal data sent via email this is the case when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the relevant facts of the case have been finally resolved. The personal data which are also gathered during the sending procedure will be erased after a period of seven days at the latest. Mail logs for sending via our mail server will be erased after 4 weeks. The longer retention time is necessary for ensuring the functionality of the mail service and the defence against spam.
5. Objection and deletion options
The user has the option at any time to withdraw his consent to the processing of personal data. When the user contacts us via email, he may object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. A description is given how you can withdraw your consent and object to the storage. All personal data which are stored in the process of making contact are deleted in this case. The additional data and mail logs gathered during the sending procedure cannot be deleted before the specified storage period has elapsed.
VIII. Application form and submission of application papers
1. Description and scope of the data processing
There is a contact form on our internet site which can be used for submitting application papers electronically. If a user takes advantage of this option, the data entered in the input mask are sent to us and stored.
These data are:
(1) location (country) for which you are applying
(2) your name
(3) your email address
(4) subject
(5) your message to us
(6) your enclosed papers
(7) your optionally given consent to an extended storage of your data
The following additional data are stored at the time when the message is sent:
(1) the anonymised IP address of the user
(2) date and time of sending the application papers
Your consent is obtained for the processing of the data in the process of sending and reference is made to this data protection policy. Alternatively, submission of application papers can also be made using the specified email address. The user’s personal data transmitted together with the email will be stored then. The data will not be passed to any third party in this case. The data will be used exclusively for processing the application.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 b) of GDPR. Art. 6 para. 1 f) of GDPR acts as the legal basis for the processing of data sent in an email. If the email contact has the purpose of making a contract, Art. 6 para. 1 b) of GDPR acts as an additional legal basis for the processing.
3. Purpose of the data processing
The processing of the personal data solely serves for the execution of an application process and the decision on the conclusion of an employment contract. For this purpose your data will be sent to the HR department and they will pass them on to the supervisor of the position for which you applied and to the management. They will not be sent to any third party except our processors who we employ for the processing. We do not intend to transmit the personal data to a third country or an international organisation. There is no automated process for making decisions. If you have consented optionally to the extended storage of your data, your application papers will also be used for another / additional vacancy for which your application appears eligible. In this case, you will be contacted by our HR department. The other personal data processed during sending serve to prevent abuse of the application form and to ensure the security of our information systems.
4. Storage period
The data will be deleted at the latest 6 months after the application process has been concluded. If you have optionally consented that your data may be stored for a longer time, your data will be deleted at the latest 6 months after the last application process has been concluded which included your application. If an employment contract is concluded, we will inform you separately about the use of data in your employment relationship. The personal data which are also gathered during the sending procedure will be erased after a period of seven days at the latest. Mail logs for sending via our mail server will be erased after 4 weeks. The longer retention time is necessary for ensuring the functionality of the mail service and the defence against spam.
5. Objection and deletion options
The user has the option at any time to withdraw in writing his optional consent to the extended storage period. In this case, the user will not be included in any further application process. His data will be deleted at the latest 6 months after the last relevant application process. The immediate deletion of the data is not envisaged considering the General Equal Treatment Act (AGG) and potential claims regarding an AGG-compliant selection process. The additional data and mail logs gathered during the sending procedure cannot be deleted before the specified storage period has elapsed.
IX. Rights of the data subject
If your personal data are processed, you are a data subject in the sense of GDPR and thus you have the following rights vis-à-vis the controller:
1. Right to information
You may request confirmation from the controller about whether we are processing any personal data related to you.
If this kind of processing is taking place, you can request information about the following details from the controller:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or the categories of recipients to whom personal data related to you have been disclosed or are still being disclosed;
(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;
(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing;
(6) the existence of a right to make a complaint to a supervisory authority;
(7) all the information that is available about the origin of the data if the personal data are not being gathered from the data subject;
(8) the existence of an automated process for making decisions, including profiling, according to Art. 22 para. 1 and 4 of GDPR and – at least in these cases – clear information about the logics involved as well as the scope and the envisaged effects of this kind of processing for the data subject. You have the right to request information about whether the personal data related to you are sent to a third country or to an international organisation. In this connection you can demand that you are informed about the appropriate safeguards pursuant to Art. 46 of GDPR in connection with any transfer of data.
2. Right to rectification
You have the right to obtain from the controller the rectification and/or completion of inaccurate and/or incomplete personal data related to you. The controller is obliged to make the rectification without undue delay.
3. Right to restriction of processing
You may demand to restrict the processing of personal data related to you under the following conditions:
(1) if you contest the accuracy of the personal data related to you for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; or
(4) if you object to the processing pursuant to Art. 21 para. 1 of GDPR pending the verification whether the legitimate grounds of the controller override your grounds. Where processing of personal data relating to you has been restricted, these personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural or legal person or for reasons of important public interests of the Union or of a Member State. If the processing has been restricted in accordance with the afore-mentioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation of erasure
You can request the controller to erase personal data relating to you without undue delay and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) The personal data relating to you are no longer necessary in relation to the purposes for which they were gathered or otherwise processed.
(2) You withdraw your consent on which the processing was based according to Art. 6 para. 1 a) or Art. 9 para. 2 a) of GDPR and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 of GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 of GDPR.
(4) The personal data relating to you have been unlawfully processed.
(5) The personal data relating to you have to be erased for compliance with a legal obligation pursuant to Union law or Member State law to which the controller is subject.
(6) The personal data relating to you were gathered in relation to the offer of information society services pursuant to Art. 8 para. 1 of GDPR.
b) Information to third parties
Where the controller has made the personal data relating to you public and is obliged pursuant to Art. 17 para. 1 of GDPR to erase the personal data, the controller, taking account of available technology and the implementation cost, will take adequate measures, including technical measures, to inform controllers who are processing the personal data that you as the data subject requested the erasure by such controllers of all links to these personal data or copies or replications of these personal data.
c) Exceptions
The right to erasure does not apply to the extent that the processing is necessary
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing pursuant to Union law or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 h) and i) and Art. 9 para. 3 of GDPR.
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 of GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to information
When you claimed your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients whom the personal data relating to you have been disclosed about this rectification or erasure of the data or restriction of the processing unless this proves impossible or involves unreasonable effort. You have the right vis-à-vis the controller to be informed about those recipients.
6. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data relating to you which is based on Art. 6 para. 1 e) or f) of GDPR; this also includes profiling based on these provisions. The controller does no longer process the personal data relating to you unless he demonstrates compelling grounds for processing that are worth protecting and that override your interests, rights and freedoms or the processing serves for the establishment, exercise or defence of legal claims. Where personal data relating to you are processed for direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such marketing including profiling to the extent that it is related to such direct marketing. If you object to the processing for the purposes of direct marketing, the personal data relating to you will no longer be processed for these purposes. You may exercise your right to object by automated means using technical specifications in the context of the use of information society services – notwithstanding Directive 2002/58/EC.
7. Right to revocation of the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent will not affect the lawfulness of the processing carried out on the basis of your consent until revocation.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you violates GDPR. The supervisory authority with which the complaint was lodged informs the complainant on the progress and the results of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of GDPR.
The supervisory authority competent for the controller is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Telephone: +49 981 53 1300