ALLDATA Europe Privacy Policy

Last Updated: 10.02.2026

Controller

The following entity is responsible for the collection and processing of personal data within the meaning of the Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”)

ALLDATA Europe GmbH
Barcelona-Allee 1
51103 Cologne
Germany
Phone: +49 (0) 221 534 107 000
Internet: https://www.alldata.com
E-mail: info@alldataeurope.com

Data Protection Officer

Privacy@alldata.com

If you have any questions, suggestions, or complaints regarding data protection, you can also contact our data protection officer at any time:

Frank Metzler
BDO Legal Rechtsanwaltsgesellschaft mbH
E-Mail: Privacy@alldata.com

Introduction and general information on data processing

The protection of your personal data is of utmost importance to us. Therefore, we treat your personal data with strict confidentiality and adhere to legal regulations governing data protection, notably the GDPR and the German Federal Data Protection Act (“BDSG”).

This privacy policy aims to provide you with comprehensive information about our collection and use of your personal data as the controller. In the following, you will find:

A. Definitions
B. General information about the processing of your personal data
C. Data processing when using our website
D. Data processing when using our Customer Portal
E. Other data processing operations
F. Your rights as a data subject

A. Definitions

1. Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, Art. 4 No. 1 GDPR.

2. Processing
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, Art. 4 No. 2 GDPR.

3. Controller
“Controller” means the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data, Art. 4 No. 7 GDPR.

4. Joint Controllers
Where two or more controllers jointly determine the purposes and means of processing, they are “joint controllers”, Art. 26 GDPR.

5. Processor
“Processor” means a natural or legal person who processes personal data on behalf of the controller, Art. 4 No. 8 GDPR.

6. Third Party
“Third party” means a natural or legal person other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data, Art. 4 No. 10 GDPR.

7. Consent
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, Art. 4 No. 11 GDPR.

B. General information on data processing

1. Categories of data subjects

All users of our website are affected by data processing. Insofar as our website is aimed at customers and interested parties and contains corresponding offers, they are also among the data subjects.

2. Scope of the processing of personal data

As a guiding principle, we only collect data whose processing is either required by law, contractually agreed upon, essential for contract initiation and execution, or voluntarily provided to us on the basis of consent.

When you visit our website, we collect, store and use your personal data solely to the extent necessary to deliver a functional website and showcase our content and services. Any further collection and use of your personal data, such as for targeted advertising and market analysis, typically occurs with your consent. However, in some circumstances, we may rely on other legal bases permitted by the GDPR to process your personal data.

2. Legal bases for the processing of personal data

a. Data processing for the performance of a contract

When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6(1)(b) GDPR provides the legal foundation. This also encompasses processing activities necessary for carrying out pre-contractual measures.

b. Data processing based on consent

When we seek your consent for processing personal data, Art. 6(1)(a) GDPR acts as the legal basis for such data processing. We only rely on consent for processing your personal data if there are no other legal grounds permitting the processing.

Furthermore, we seek consent when we intend to furnish information about our own products, services, and events, and if the legal ground of protecting legitimate interests, Art. 6(1)(f), is not available for the processing, or when soliciting your participation in a survey.

c. Data processing for the pursuit or protection of legitimate interests

Art. 6(1)(f) permits the processing of personal data when it is necessary for the pursuit of legitimate interests by the controller or a third party unless the data subject’s fundamental rights outweigh the legitimate interest. Examples of legitimate interest include the following:

Fraud prevention
IT-security measures
Direct marketing and advertising, if the conditions of Section 7(3) of the German Law against unfair Competition (“UWG”) are met
For administrative purpose and record keeping
For the defence and enforcement of legal claims

d. Data processing for compliance with legal obligations

We process your personal data under Art. 6(1)(c) GDPR to meet our legal obligations to which we are subject. For example, the German Fiscal Code (“AO”) requires us to retain financial records for a specified period of time; the German Money Laundering Act (“GwG”) requires us to verify the identity of our customers.

3. Sources of personal data

As a user of our website, some personal data is automatically collected by our IT systems (e.g., IP address, log files). We only process other personal data (e.g., name, address, telephone number) if you have provided it to us (e.g., by email or by entering it in an online contact form). If and to the extent that your personal data originates from other sources, we will point this out to you at the appropriate places in this privacy policy.

4. Data recipients

We only transfer your personal data if we are authorized to do so under data protection law. The transfer of data is based either on the fulfillment of legal obligations, on overriding legitimate interests, on the necessity of fulfilling a contract, or on the basis of any consent you may have given. Insofar as we use external service providers for certain processes who may require access to your personal data in order to provide their services, we have concluded data processing agreements (“DPA”) with them in accordance with Art. 28 GDPR, which oblige them to comply with data protection regulations and ensure that your personal data is only processed in accordance with and within the scope of our instructions.

5. Data transfer to third countries

As a global company and a member of the AutoZone group with affiliated entities worldwide, we may share your personal data with other affiliated ALLDATA companies. ALLDATA has a centralized marketing team supported by IT units located in countries outside of the European Union (“EU”) or the European Economic Area (“EEA”). These ALLDATA companies function as co-controllers in processing your data. It is important to note that access to your data from these countries is restricted to authorized personnel with a legitimate need to know. Proper technical and organizational measures (“TOM”) are implemented to safeguard your data. In addition, we use processors who store your personal data in countries outside the EU or the EEA or who can access it from there.

For some of the recipient countries, the EU Commission has issued an adequacy decision pursuant to Art. 45 GDPR, thereby establishing a level of data protection comparable to that of the EU. Insofar as no adequacy decision has been issued for the country in question, we have agreed with the recipients on Standard Contractual Clauses (“SCC”) pursuant to Art. 46(2)(c) GDPR, which provide appropriate safeguards for the protection of your data. Only in exceptional cases the data transfer is based on your express consent in accordance with Art. 49(1)(a) GDPR.

6. Data deletion and storage period

The storage of your personal data is governed by internal policy. Generally, we do not store your personal data longer than necessary, taking into consideration relevant legal requirements, legitimate business needs, and your rights and freedom against unnecessary storage. When the applicable retention period expires, your personal data will be deleted, anonymized, or aggregated unless further retention is required by law, such as in a legal dispute or under mandate by European or national legislators in Union or national regulations, laws, or other provisions to which we are subject. It is important to note that once your data is anonymized or aggregated with others’, it can no longer be used to identify you.

7. Obligation to provide data

If your personal data is collected to provide specific services or online content to you, not providing the information might restrict your access to certain services or content that would otherwise be available to you. For instance, if your personal data is collected to provide personalized browsing experience, you would not be able to enjoy this feature if you do not provide the necessary information. Similarly, if your personal data is collected for communication purposes, not providing that information may result in you not receiving these communications.

Insofar as certain offers on our website are directed at customers or interested parties and are aimed at concluding an online contract with us, there may be a contractual or legal obligation to provide data, unless we provide an alternative means of providing the data.

8. Profiling and automated decision-making

We do not engage in automated decision making or profiling with your personal data.

9. Security by using TLS/SSL

If you transmit your personal data to us via our website or Customer Portal, we use secure technologies, particularly the "Transport Layer Security" (TLS) transmission (formerly known as "Secure Socket Layer" (SSL)) protocol. All information and data transmitted through these secure methods are encrypted before being sent to us. This encryption applies specifically to all personal data of our customers.

As part of our data security measure, we collect the IP address of your device to identify and prevent fraudulent activities and unauthorized access. It is important to note that encryption using these technical methods is effective only if the corresponding technical settings have also been appropriately configured on your end.

C. Data processing when using the website

1. Storage of cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e., after closing the browser (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of the web browser. Furthermore, we distinguish between cookies that are technically necessary for the operation of the website, those that serve analysis purposes and those that serve advertising purposes. When you visit our website for the first time, a GDPR-compliant notice appears ("Consent Banner") and you can select which cookies are stored. There you can also see which cookies are stored in detail for which processing purposes.

You can also set your browser to inform you when cookies are stored and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. As far as personal data is processed through implemented cookies, which are technically necessary for the operation of our website, the processing is carried out in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
As far as personal data is processed through implemented cookies that serve analysis purposes, the processing is carried out per Art. 6(1)(a) GDPR based on your consent, which you give us through your interaction with our Consent Banner. Your consent can be revoked at any time with effect for the future. You can access our Consent Banner in the footer at any time and adjust your settings. However, we expressly point out that the functionality of our website may be limited if cookies are not accepted.

Your consent, once registered, will expire in one year. Once expired, you will see the Consent Banner again and be asked to reconsider your cookie preference to ensure continued compliance with GDPR regulations.

2. Provision of the website and creation of log files

Each time you visit our website, our system automatically collects data of your browsing activities from the system of your device.

The following browsing data is collected:

IP address
Browser type and version
Operating system
Date and time of the visit to the website
Access status / Http status code
GMT time zone difference
Amount of data transferred
Internet page/source/reference from which the visit to the website is made (Referrer-URL)

This browsing data is stored separately from your other personal data.

The temporary storage of the IP address is necessary to enable delivery of the website to your device. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to improve the website and to ensure the security of our information technology systems. Processing of the data for other purposes does not take place in this context.

This is also our legitimate interest in data processing within the meaning of Art. 6(1)(f) GDPR, which serves as the legal basis for the processing of your personal data in the context of log file collection.

The browsing data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In case of data collection for the website's provision, the data is deleted when the respective session ends. In the case of storage of data in log files, the deletion typically takes place 14 days after collection. Storage beyond this period is possible for the purpose of website safety and security, if we are obliged to retain the data for longer time periods or if we need the data for the defense or assertion of legal claims.

The collection of browsing data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility to object.

3. Use of OneTrust

We use the cookie consent technology of OneTrust on our website. OneTrust is provided by OneTrust Technology Limited, 82 St. John Street, London, EC 1M 4JN, United Kingdom, or OneTrust LLC, 1200 Abernathy Rd NE, Sandy Springs, GA 303328, USA ("OneTrust").

A Consent Banner is displayed when you call up the page, in which you can grant consent for certain cookies and/or cookie-based applications by setting a check mark. Certain cookies are strictly necessary, because they ensure the proper functioning of the website and cannot be disabled without affecting the site's performance. Therefore, you will not be able to reject these cookies if you wish to use the basic functionalities of the site. To protect your personal data, all other Cookies are disabled as the default setting until you enable them. This ensures that such cookies are only set on your device with your consent.

In order for the Cookie Banner to correctly register your consent settings, certain user information (including the IP address) has to be collected when our website is called up, transmitted to OneTrust servers and stored there. Further information on cookies and OneTrust can be found https://www.onetrust.com/privacy/.

The legal basis for processing your personal data in connection with the use of the Cookie Banner is Art. 6(1)(c) GDPR. We are legally obliged under Section 25 (1) of the German Telecommunications Digital Services Data Protection Act (“TDDDG”) to provide a data protection-compliant Consent Banner on our website that allows you to select and deselect cookies.

The transfer of your personal data to the USA is based on the adequacy decision issued for the US pursuant to Art. 45 EU GDPR, with which the EU Commission has determined that the US has a level of data protection comparable to that of the EU. OneTrust is also certified for the EU-US Data Privacy Framework (Data Privacy Framework).

The retention period of your cookie preference data is 12 months. After that, your data will be deleted automatically.

4. Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google. Google is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other affiliated companies of Google LLC ("Google").

Google Analytics uses cookies that allow an analysis of the use of the website. The information generated by the cookies about your use of our website is transmitted to a Google server in the USA and stored there.

Google will use this information to evaluate your use of our website, compile reports on website activity for website operators, and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google may associate your IP address with other data held by Google.

You can prevent the installation of these cookies by adjusting your browser settings accordingly. You can use the deactivation tools that Google offers for some Internet browsers. Alternatively, you can download and install the browser plugin available here: Google Analytics Opt-out Browser Add-on. However, you may not be able to use all the functions of our website to their full extent if you implement these preventive measures.

The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) GDPR, which you grant us with your selections in the Cookie Banner. Your consent can be revoked at any time with effect in the future. You can visit the Cookie Banner in the footer of our website at any time and adjust your previously selected cookie settings.

The transfer of your personal data to the US is based on the adequacy decision issued for the US pursuant to Art. 45 EU GDPR, with which the EU Commission has determined that the US has a level of data protection comparable to that of the EU. Google is also certified for the EU-US Data Privacy Framework (Data Privacy Framework).

5. Use of Google Tag Manager

We use a service called Google Tag Manager from Google. This service allows website tags to be managed via an interface. The service does not set any cookies and does not collect any personal data itself. Google Tag Manager ensures that other components are loaded, which in turn may collect data, but does not access this data. For more information about Google Tag Manager, please refer to Google's privacy policy at: Datenschutz und Sicherheit - Tag Manager-Hilfe

The Google Tag Manager used on our website executes the tags according to your selection in the Consent Banner. If you decide not to store cookies for purposes other than those necessary for the operation of the website, the Consent Banner ensures that only tags that result in technically necessary cookies being set are executed via the Google Tag Manager. In this case, data processing is based on our legitimate interest in optimizing our website in accordance with Art. 6(1)(f) GDPR.

If you accept cookies in the Consent Banner that are not only technically necessary for the operation of the website, the processing of your personal data is based on your consent in accordance with Art. 6(1)(a) GDPR. Your consent can be revoked at any time with effect in the future. You can visit the Cookie Banner in the footer of our website at any time and adjust your previously selected cookie settings.

6. Use of Google APIs

We use Google APIs from Google on our website. Google APIs are a collection of interfaces for communication between the various Google services used on our website. Google APIs are used on our website to enable additional Google services to be loaded.

The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) GDPR, which you grant us with your selection in the Cookie Banner. Your consent can be revoked at any time with effect in the future. You can visit the Cookie Banner in the footer of our website at any time and adjust your previously selected cookie settings.

7. Use of Google Ads

We use Google Ads from Google on our website. Google Ads is an online advertising program that enables us to display advertisements in the Google search engine or on third-party websites when you enter certain search terms in Google; this is known as keyword targeting. Furthermore, targeted advertisements can be displayed to you based on the user data available to Google (e.g., location data and interests); this is known as audience targeting.

As a website operator, we can evaluate this data quantitatively, for example, by analyzing which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

Your personal data is processed on the basis of your consent in accordance with Art. 6(1)(a) GDPR, which you give us by making your selection in the Cookie Banner. Your consent can be revoked at any effect in the future. You can visit Cookie Banner in the footer of our website at any time and adjust your previously selected cookie settings.

8. Use of Google reCAPTCHA V3

We use Google reCAPTCHA V3 from Google on our website. Google reCAPTCHA V3 is used to check whether the data entered on our website (e.g., in a contact form) is entered by a natural person or an automated program. To do this, Google reCAPTCHA V3 analyzes the behavior of the website visitor based on various characteristics.

This analysis begins automatically as soon as you visit our website. Various information (e.g., IP address, length of time spent on the website, mouse movements, operating system, browser data) is evaluated for the analysis. The data is forwarded to Google.

The processing of your personal data based on Art. 6(1)(f) GDPR. We have a legitimate interest in protecting our website from abusive automated spying and spam.

9. Use of Google Ads Remarketing

We use Google Ads Remarketing features from Google on our website. Google Ads Remarketing allows us to target our website visitors with interest-based advertising on other websites in the Google advertising network (e.g., in Google Search or on YouTube).

For this purpose, the Google Retargeting Pixel is used on our website. The pixel enables Google to recognize your device when you visit our website and then visit other websites or apps that participate in the Google advertising network. To do this, Google processes various information (e.g., IP address, browser data, operating system used, user behavior).

Your personal data is processed on the basis of your consent in accordance with Art. 6(1)(a) GDPR, which you grant us by making your selection in the Cookie Banner. Your consent can be revoked at any effect in the future. You can visit Cookie Banner in the footer of our website at any time and adjust your previously selected cookie settings.

10. Use of Universal Event Tracking (UET)

On our website, we use Universal Event Tracking (UET) from Microsoft Ireland Operations Ltd., One Microsoft Place, South Country Business Park, Leopardstown, Dublin 18, Ireland, and Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, as well as other affiliated companies of Microsoft Corporation (“Microsoft”).

UET enables us to analyze the behavior of website visitors who have arrived at our website via a Microsoft advertisement (e.g., in Bing Search). A cookie is set on your device, which can be used to collect user data (e.g., websites visited, length of stay, browser used, operating system, IP address). This data is used to evaluate the effectiveness of advertising campaigns and to display interest-based advertising to users within the Microsoft advertising network.

The transfer of your personal data to the US is based on the adequacy decision issued for the US pursuant to Art. 45 EU GDPR, with which the EU Commission has determined that the US has a level of data protection comparable to that of the EU. Microsoft is also certified for the EU-US Data Privacy Framework (Data Privacy Framework).

11. Use of Act-On

We use the Act-On from Act-On Software, Inc., 121 SW Morrison Street, Suite 1600, Portland, OR 97204, USA (“Act-On Software”) on our website. Act-On is a marketing platform that helps us manage marketing campaigns, manage leads, and analyze the use of our website and the success of our marketing activities.

To do this, cookies are set that enable analysis of the use of our website, and data is collected (e.g., website visited, length of stay, browser used, operating system used, IP address, interaction with our marketing emails and forms). This information may be combined with other data from our customer relationship management (CRM) system, provided you have given us your consent to do so (e.g., by subscribing to our newsletter).

The transfer of your personal data to the US is based on the adequacy decision issued for the US pursuant to Art. 45 EU GDPR, with which the EU Commission has determined that the US has a level of data protection comparable to that of the EU. Act-On Software is also certified for the EU-US Data Privacy Framework (Data Privacy Framework).

12. Use of Pepperjam/Partnerize

We use the Pepperjam (now Partnerize) affiliate platform from Performance Horizon Group Ltd., 6th Floor, West One, Forth Banks, Newcastle Upon Tyne, United Kingdom (“Performance Group”). The platform is used to technically process and manage our affiliate marketing activities and to correctly calculate commissions.

For this purpose, tracking mechanisms in the form of DIY (Do It Yourself) tracking URLs are used. These enable us to assign transactions such as clicks or orders to a specific partner. Various data and information can be collected for this purpose (e.g., IP address, device used, browser used, operating system, referrer URL, user behavior).

The transfer of your personal data to the United Kingdom is based on the adequacy decision issued for the United Kingdom pursuant to Art. 45 EU GDPR, with which the EU Commission has determined that the United Kingdom has a level of data protection comparable to that of the EU.

13. External Links

a. LinkedIn and Facebook

When you click on the LinkedIn button on our website, you will be redirected to our LinkedIn account. LinkedIn is an internet-based social network for connecting users with existing business contacts and generating new business contacts. Companies can create profiles and post job vacancies on LinkedIn. LinkedIn is operated by LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, CA 94085, USA, or, as the data controller for users in Germany, by LinkedIn Ireland Unlimited Company, 70 Sir John Rogerson's Quay, Dublin 2, Dublin, D02r296, Ireland ("LinkedIn").

By clicking on the Facebook link button, you will be redirected to our company profile on Facebook. Facebook is a social media platform operated by Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

We would like to point out that you use Facebook/LinkedIn and its functions on your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered on these pages on our website.

When you visit our LinkedIn/Facebook page, LinkedIn/Meta collects, among other things, your IP address and other information stored on your device in the form of cookies. This information is used to provide us, as the operator of the LinkedIn/Facebook page, with statistical information about the use of the page. The data collected about you in this context is processed by LinkedIn/Meta and may be transferred to countries outside the European Union.

LinkedIn/Meta does not provide conclusive and clear information about how it uses the data from visits to LinkedIn/Facebook pages for its own purposes, to what extent activities on the LinkedIn/Facebook page are assigned to individual users, how long LinkedIn/Meta stores this data, and whether data from a visit to the LinkedIn/Facebook page is transferred to third parties.

When you access our LinkedIn/Facebook page, the IP address assigned to your device is transmitted to LinkedIn/Meta. According to LinkedIn/Meta, this IP address is anonymized (for "European" IP addresses) and in the case of LinkedIn deleted after 90 days. LinkedIn also stores information about its users' devices (e.g., as part of the "login notification" feature); which may enable LinkedIn/Meta to assign IP addresses to individual users.

If you are currently logged in to LinkedIn/Facebook, a cookie containing your LinkedIn/Facebook ID is stored on your device. This enables LinkedIn/Meta to recognize that you have visited this website and how you have used it. This also applies to all other LinkedIn/Facebook pages. LinkedIn/Facebook buttons embedded in websites enable LinkedIn/Meta to record your visits to these websites and assign them to your LinkedIn/Facebook profile. This data can be used to tailor content or advertising to you.

If you wish to avoid this, you should log out of LinkedIn/Facebook or deactivate the "stay logged in" function, delete the cookies on your device, and close and restart your browser. This will delete any information that can be used to identify you directly and allows you to use our LinkedIn/Facebook page without revealing your LinkedIn/Facebook ID. If you access interactive features of the page (e.g., liking, commenting, sharing, messaging), a LinkedIn/Facebook login screen will appear. After logging in, you will be recognized again as a specific user.

LinkedIn/Meta provide more detailed information at the following links:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

c. YouTube

If you click on a link to a YouTube video on our website, you will be directed to this video on the YouTube platform. YouTube is operated by Google.

We would like to point out that you use our YouTube channel and its functions at your own risk. This applies in particular to the use of the "Discussion" function. Furthermore, we would like to point out that we have no influence or control over the type and scope of data processed by Google, the type of data processing, and the use and disclosure of this data to third parties. When using YouTube, your personal data may be collected, transferred, stored, disclosed, used, and transferred to and stored in the US or third countries where Google operates, regardless of your place of residence. In addition, data may be transferred to companies affiliated with Google and other companies and/or persons who process data on behalf of Google.

Google processes the data you voluntarily enter, such as your name and user name, email address, and telephone number. Google also collects the content you create, upload, or receive from third parties when using the services (e.g., photos, videos, documents, spreadsheets, comments) and processes the personal data contained therein. The content you share is then evaluated by Google to determine which topics interest you. Google may also determine your location based on your IP address and send you advertising or other content tailored to you.

Google may use analysis tools such as Google Analytics for evaluation purposes. We have no influence on the use of such tools by Google and have not been informed of their potential use. We have not commissioned the use of such tools, nor do we support Google in any way. We are not provided with any data obtained during the analysis and have no way of disabling the use of such tools on our YouTube channel. We can only view certain profiles of subscribers to our YouTube channel.

Even if you are not registered with YouTube, Google collects certain information when you use our YouTube channel, such as your IP address, browser type, operating system, the websites you visited before, the search terms you used, stored cookies, and, if you are accessing via a mobile phone, your mobile phone provider and the device you are using (including device ID and application ID).

You can restrict data processing in the general settings of your Google account. Google also offers specific privacy settings for YouTube. For more information, please visit:

https://policies.google.com/technologies/product-privacy?hl=de&gl=de

Information about which data is processed by Google and for what purposes can be found in Google's privacy policy at:

https://policies.google.com/privacy?hl=de&gl=de#infocollect

Finally, you have the option of requesting information via Google's privacy form:

https://support.google.com/policies/answer/9581826?visit_id=637054532384299914-2421490167&hl=de&rd=3

D. Data processing when using the Customer Portal

1. Scope, purpose, and legal basis of data processing

To access our OEM (original equipment manufacturer) repair information, you can create a free test account in our Customer Portal. This requires registration in advance, during which the following personal data will be requested:

First name
Last name
Job title
E-mail address
Telephone or mobile phone number
Language

Personal data marked with an asterisk (first name, last name, e-mail address and telephone or mobile phone number) is mandatory information, without which registration is not possible. The provision of further personal data, on the other hand, is voluntary.

We need your first and last name and your e-mail address to create an individualized account for you in the Customer Portal and your phone number to contact you in case of queries. The registration of an account at our Customer Portal establishes a contractual relationship between you and us, and the processing of the mandatory personal data is pursuant to such a contract. It is authorized by Art. 6(1)(b) GDPR.

The processing of personal data voluntarily provided by you is based on your consent in accordance with Art. 6(1)(a) GDPR. Your consent can be revoked at any time with effect in the future. To do so, please follow the link to our Data Subject Access Request (“DSAR”) form: Privacy Web Form

If you continue to use our service after the trial period, your mandatory data will be transferred to our customer database after the trial period expires and processed for the performance of the customer contract pursuant to Art. 6(1)(b) GDPR.

If you do not continue to use our services after the trial period has expired, your data will be deleted after 12 months. Further storage for this period is necessary because trial access can only be granted twice in any rolling 12 months, and we therefore need to check whether you have already had a trial access in the past.

2. Newsletter

When you register an account with us, you are provided the opportunity to subscribe to our promotional and marketing newsletters.

We use a Double-Opt-In mechanism to confirm your subscription. If you click on the corresponding box, we will send you an e-mail to the e-mail address you provided, asking you to confirm that you would like us to send you newsletters in the future. Only when you reconfirm your subscription will we add you to our newsletter distribution list. In addition to the data provided by you during registration, we collect the timestamps of these activities.

The processing of your personal data when registering for our newsletter is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by clicking the “Unsubscribe” link contained in each newsletter email.

To process your personal data and send the newsletters, we use the marketing tool provided by a carefully selected service provider, Act-On Software, Inc., located at 121 SW Morrison St., Suite 1600, Portland, OR 97204, USA (“Act-On”).

Act-On processes your personal data exclusively under our instructions for the purpose specified by us within the framework of a DPA pursuant to Art. 28 GDPR and is obligated to comply with the applicable data protection provisions consistent with the GDPR. Your personal data disclosed in connection with this processing may only be stored for the purpose of sending the newsletters. Act-On is not permitted to use your personal data for any other purpose.

The transfer of your personal data to the USA is based on the adequacy decision issued for the US pursuant to Art. 45 EU GDPR, with which the EU Commission has determined that the US has a level of data protection comparable to that of the EU. Google is also certified for the EU-US Data Privacy Framework (Data Privacy Framework).

Your email address and necessary data will be retained until you opt out of receiving the newsletters.

E. Other data processing operations

1. Marketing

We obtain businesses information, including contact information, from GCL B2B Limited, located at 2nd Floor, Charter House, 52 Charlotte Street, Birmingham, B31PX, United Kingdom (“GCL”).

We obtain this information for marketing purposes, primarily for email marketing campaigns. While our business is generally B2B (business-to-business), we recognize that this contact information often identifies individual persons, or that personal contacts are used for business purposes. As such, we treat this information in accordance with the applicable data protection laws.

We process this contact information under the legal basis of legitimate interest per Art. 6(1)(f) GDPR believing that our marketing communications may be of interest and benefit to the recipients in their professional capacities. We comply with additional consent requirements, including double opt-in procedures, where mandated by law. All our marketing emails include a clear and easy-to-use opt-out link. We promptly honor all requests to opt-out from our marketing communications, ensuring that you have control over the communication you receive from us.

Personal data obtained from GCL is typically stored for 12 months unless a business relationship is established during this time period and further processing of the data is permitted under other legal basis such as performance of contract or consent.

2. Contact by e-mail

If you contact us by e-mail, your e-mail address will be stored so that we can send you a reply. In addition, the personal data you send us in your email will be stored.

The processing of your personal data is based on your consent in accordance with Art. 6 (1)(a) GDPR, which you give us by contacting us by email. If your e-mail is in connection with the initiation, performance, or termination of a contract with us, the processing of your personal data is based on Art. 6(1)(b) GDPR.

Your consent can be revoked at any time with effect in the future. To do so, please follow the link to the DSAR form: Privacy Web Form. However, we would like to point out that your request cannot be processed further in the event of revocation.

Your personal data will be deleted as soon as we have finally processed your request, subject to statutory retention periods or an existing legitimate interest.

3. DSAR form

As already mentioned in this privacy policy, we provide a DSAR form (Privacy Web Form) for you to exercise your rights as a data subject. In order to use the DSAR form, you must enter the personal data marked with an asterisk, as we will otherwise be unable to assign your request.

The processing of this personal data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. We have a legitimate interest in receiving such requests via a specific channel so that we can process them within the statutory time limits.

Your DSAR request record, together with the associated data, will be stored for as long as the purpose of processing exists. The purpose of processing is initially to process your request and then to fulfill our documentation and verification obligations, which are based on the applicable limitation periods and are generally three years.

F. Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us as the controller:

1. Right to information

You can request confirmation from us as to whether we are processing your personal data. If such processing is taking place, you can request information about the following from us in accordance with Art. 15 GDPR:

purposes for which the personal data are processed
categories of personal data that are processed
recipients or categories of recipients to whom your personal data have been or will be disclosed
planned duration of the storage of your personal data or, if concrete information on this is not possible, criteria for determining the storage duration existence of a right to rectification or erasure of your personal data, a right to restriction of processing by us or a right to object to such processing
existence of a right of appeal to a supervisory authority all available information about the origin of the data, if the personal data is not collected from you
existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing on you

You may also request a copy of your personal records we possess.

Furthermore, you have the right to request information about whether your personal data is transferred to another country or to an international organization outside the EU or the EEA. In this context, you may request to be informed about the safeguards we implement to protect your personal data pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

According to Art. 16 GDPR, you have a right of rectification and/or completion if your personal data is incorrect and/or incomplete. We must carry out the correction without delay.

3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data in accordance with Art. 18 GDPR:

if you dispute the accuracy of your personal data, during the period when we verify the accuracy of your personal data, you may request the processing of this data be restricted
processing is unlawful and you object to the deletion of the personal data and request the restriction of the use of the personal data instead
we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise, or defense of legal claims, or
if you have objected to the processing of your personal data pursuant to Art. 21(1) GDPR and it has not yet been determined whether our legitimate grounds to process your data override your interest in the data

If the processing of your personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. You will be informed by us before the restriction is lifted.

4. Right to erasure

a. Obligation to delete

Pursuant to Art. 17 GDPR, you may request that we delete your personal data without undue delay. We are obliged to delete this data immediately if one of the following reasons applies:

your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
your consent, on which the processing was based according to Art. 6(1)(a) GDPR, is revoked by you and there is no other legal basis for the processing
you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing
you object to the processing pursuant to Art. 21(2) GDPR
your personal data have been processed unlawfully
deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject
your personal data was collected in relation to information society services offered pursuant to Art. 8(1) GDPR

b. Information to third parties

If we have made your personal data public and we are obliged to delete it pursuant to Art. 17(1) GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform controllers who process your personal data that you have requested them to delete all links to or copies or replications of such personal data.

c. Exceptions to the right to erasure

The right to erasure does not exist insofar as the processing is necessary:

on the exercise of the right to freedom of expression and information
for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) GDPR and Art. 9(3) GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in Section a is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
for the assertion, exercise or defense of legal claims

5. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged pursuant to Art. 19 GDPR to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

6. Right to data portability

According to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, common, and machine-readable format. In addition, you have the right to transfer this data to another controller to whom the personal data has been provided without hindrance from us, provided that

the processing is based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
the processing is carried out with the aid of automated procedures

In exercising this right, you also have the right to have your personal data transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7. Right of objection

According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. The objection must be substantiated.

Upon receipt of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such a purpose. In this situation, your objection will be treated as if you have opted out of direct marketing communication; you must re-subscribe (or opt in) in order to receive marketing communication.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

Pursuant to Art. 7(3) GDPR, you have the right to revoke your declaration of consent granted under data protection law at any time - even before the GDPR came into force (05/25/2018). The revocation does not affect the lawfulness of the processing prior to the revocation.

Furthermore, you can revoke the consent given in our Cookie Banner at any time. To do so, call up our Cookie Banner again in the footer of our website.

9. Automated individual decision-making including profiling

In accordance with Art. 22 EU GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and us, or
is authorized by Union or Member State law to which we are subject and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests, or
is based on your express consent

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms and your legitimate interests have been taken.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationssicherheit Nordrhein-Westfalen

Kavalleriestr. 2-4
40213 Düsseldorf
Germany
Tel: +49 (0) 211 38424-0=
Telefax: +49 (0) 211 38424-999
E-Mail: poststelle@ldi.nrw.de