Privacy Policy

Thank you for visiting our website www.gedore-automotive.com and for your interest in our company.

The protection of your personal data, such as date of birth, name, telephone number, address, etc., is important to us.

Contents

We would like to inform you about how we handle your personal data and what rights you are entitled to in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The responsibility for data processing lies with the organization GEDORE Automotive GmbH (hereinafter referred to as "we" or "us").

Responsibilities

We are responsible for the processing of your personal data:

GEDORE Automotive GmbH 
Patrick Mau

Breslauer Str. 41
78166 Donaueschingen

Phone: 49-771-83-223-0
E-mail: info.gam@gedore.com

Contact details of the data protection officer

You can reach our data protection officer using the following contact details:

EggSec GmbH
Andreas Langendonk

Dohmenstr. 28a
47807 Krefeld

E-mail: dsb@eggsec.de
Phone: +492151200855

General information on the legal basis of data processing

"Personal data" is all information that relates to a specific person. We process this data in accordance with the applicable data protection laws, in particular the GDPR and the BDSG. We may only process personal data if we have legal permission to do so.

We only process personal data with your consent in order to enter into a contract with you or to respond to your request in connection with a potential business relationship, to comply with legal obligations or to protect our legitimate interests, provided that this does not affect your interests or fundamental rights and freedoms that require the protection of personal data.


Storage period of the personal data

We only store your data for as long as is necessary to achieve the purpose of the processing or to fulfill our contractual or legal obligations, unless otherwise statedin the following information. Statutory retention obligations may arise from commercial or tax regulations. After the end of the calendar year in which we collected the data, we will retain personal data contained in our accounting records for ten years and personal data contained in business letters and contracts for six years.

Furthermore, we will retain data in connection with consents requiring proof as well as complaints and claims for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for this purpose.

Processing when exercising your rights

If you wish to exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data you have provided in order to implement these rights and to be able to provide proof of this. We will process the data stored for the purpose of providing information and preparation exclusively for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Article 18 of the GDPR.

These processing operations are based on the legal basis of Article 6(1)(c) of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34(2) of the BDSG.

Rights of the data subject 

The General Data Protection Regulation (GDPR) guarantees every data subject certain rights in relation to their personal data. These include:

The right to information: Every data subject has the right to obtain confirmation from us as to whether or not personal data is being processed and to obtain information about this data as well as further information and copies of this data.

The right to rectification: Every data subject has the right to demand the immediate rectification of inaccurate  personal data.

The right to erasure ("right to be forgotten"): Every data subject has the right to request the immediate erasure of their personal data.

The right to restriction of processing: Every data subject has the right to request the restriction of the processing of their personal data.

The right to data portability: Every data subject has the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format.

Right to object: Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which isbased on point (e) or (f) of Article 6(1) GDPR. If we process personal data about the data subject for the purpose of direct marketing, the data  subject may object to this processing in accordance with Art. 21 (2) and (3) GDPR.

The data subject also has the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data infringes the GDPR.

The supervisory authority responsible for us is: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

 

Information on the processing of personal data

Processing: Contact form

Purpose of the processing

We process your personal data insofar as this is necessary to fulfill the following purposes:

  • Data subjects make inquiries about services, products or general matters via the online form. To process these inquiries, at least the e-mail address is required to contact the data subject

Legal basis

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

  • Consent (Art. 6 para. 1 subpara. 1 lit. a GDPR)

Sources of the personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the sources of this data.

  • direct

Categories of personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the categories of data concerned.

  • E-mail addressFirst name
  • Salutation
  • Phone number
  • Address
  • Surname
  • Company

Storage duration

We will inform you of the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration.

  •  after fulfillment of the purpose or upon revocation

Processing: Website

Purpose of the processing

We process your personal data insofar as this is necessary to fulfill the following purposes:

  • Management of access to the website's content management system
  • Newsletter management
  • Answering contact requests

Legal basis

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

  • Consent (Art. 6 para. 1 subpara. 1 lit. a GDPR)
  • Safeguarding the legitimate interests of the controller or a third party (Art. 6 para. 1 subpara. 1 lit. f GDPR)

Sources of the personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the sources of this data.

  • direct

Categories of personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject of the categories of data concerned.

  • Inventory data
  • Contact data
  • Meta/communication data
  • Company

Legitimate interests

The indication of the "legitimate interests" of the controller or the third party that are pursued with the processing of personal data refers to Art. 6 para. 1 sentence 1 lit. f GDPR.

  • Communication and exchange with partners and business end customers

Storage duration

We will inform you of the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration.

  • after fulfillment of the purpose or upon revocation

Processing: Use of the analysis tool

Purpose of the processing

We process your personal data to the extent necessary to fulfill the following purposes:

  • Tracking of access and user behaviour, optimisation of the user experience and optimisation of content on the GEDORE Automotive websites.

Legal basis

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

  • Consent (Art. 6 para. 1 subpara. 1 lit. a GDPR)

Sources of the personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the sources of this data.

  • direct

Categories of personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the categories of data concerned.

  • IP address
  • Browser type
  • Browser version
  • Operating system
  • Host name
  • Date
  • Time
  • Call data
  • Referrer tracking
  • Amount of data transferred

Storage duration

We will inform you of the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration.

  • anonymized IP address until revoked,
  • additionally cookie settings on website:
    • gedore-accepted-cookies:
      • Session cookie has a maximum validity of one year. 
      • Used to store the user's accepted cookies and to display the cookie notice only once on the website.
    • gedore-de#lang
      • This cookie is deleted as soon as your browser session expires or you close the browser.
      • This cookie helps to display the correct language to users on the website.
      • The cookie does not contain any personal information.
    • RequestVerificationToken Session
      • Will be deleted as soon as your browser session expires or you close the browser.
      • This cookie helps to prevent CSRF attacks and to transfer data securely.
      • The cookie does not contain any personal information.
    • NET_SessionId
      •  Session, is deleted as soon as your browser session expires or you close the browser.

      • This cookie helps to identify users on the server across requests - i.e. recurring users.

      • The cookie does not contain any personal information.

Data recipient

Recipients of personal data outside the organization

Article 4(9) of the General Data Protection Regulation (GDPR) defines the term "recipient" as "the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not".

  • Microsoft Ltd.
  • INTERMIX MANAGEMENT B.V.
  • Google

Transfer of data to a third country or international organization

A transfer of personal data to an "international organization" (within the meaning of Art. 4 No. 26 GDPR) or to controllers,  processors or other recipients in a country outside the European Union (EU) and the European Economic Area (EEA)  entails particular data protection risks from the perspective of the data subject.

We transfer personal data to the following recipients outside the European Union (EU) and the European Economic Area (EEA):

  • Data transfer to a third country or to an international organization does not take place andis not planned.

Adequacy decision of the EU Commission

A transfer of personal data to a country outside the European Union (EU) and the European Economic Area (EEA) or to an international organization is permitted if the European Commission has determined that the country, territory or one or more specific sectors within that country or the international organization in question ensures an adequate level of protection.

We transfer personal data to the following recipients outside the European Union (EU) and the European Economic Area (EEA) for which an adequacy decision exists:

  • Microsoft
  • Google

Information about shared responsibilities

Within the meaning of Article 26 of the General Data Protection Regulation (GDPR), the following parties are jointly responsible with us for the processing of data.

  • Google

 

Cookies used on the website

Functional cookies:

Name Domain Duration Information
ASPSESSIONID# .gedore-automotive.com Session Cookie for Session Identification
CookieConsent .gedore-automotive.com 1 year This cookie is set by Gedore Automotive and collects information about users' consent preferences for personalization.

 

Statistical cookies:

Name Domain Duration Information
_ga .gedore-automotive.com 2 years Used to distinguish users.
_ga_* .gedore-automotive.com 1 year This cookie is used to distinguish unique users by assigning a randomly generated number as customer identification. It is included in every page request on a site and used to calculate visitor, session, and campaign data for the site's analytics reports.