Data protection statement of autosen gmbh

1. Scope, controller, data protection officer, definitions

1.1 The present data protection statement informs about how and what kinds of personal data of the user (in the following «you») are processed by us, autosen gmbh, when you visit our websites.

1.2
autosen gmbh
Annastraße 41
45130 Essen
Phone: +49 (0)201 749 189 21
Fax: +49 (0)201 749 189 22
E-Mail: info@autosen.com
is the controller pursuant to Article 4 no. 7 EU General Data Protection Regulation (GDPR) for the processing of personal data on our websites according to this Data Protection Regulation (cf. our Legal notice).

You can also directly contact our Data Protection Officer:

Data Protection Officer
GINDAT GmbH
Herr Arndt Halbach
Wetterauer Str. 6
42897 Remscheid
E-Mail: datenschutz@autosen.com

1.3 Personal data means any data relating to you personally such as name, address, email addresses, the information about your use of our websites (see under number 2).

Processing means any operation performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

2. Processing of personal data when visiting our websites or contact via email; purpose and basis

2.1 Informatory use of our websites

If the websites are used for information only, i.e. if you do not register or transmit information in any way, we only collect the personal data your browser transmits to our server. If you want to look at our websites, we collect the following data:

IP address,
date and time of the request,
time zone difference to Greenwich Mean Time (GMT),
content of the request (specific site),
access status/HTTP status code,
transferred amount of data,
website from which the request is sent,
browser,
operating system and its user interface,
language and version of the browser software and
your approximate location data which we derive from the above-mentioned data.

Purpose and basis
The purpose of the processing of this data is to show you our websites and to ensure stability and protection. Basis is Article 6 paragraph (1) sentence 1 (point f) GDPR. According to this paragraph the processing of personal data for the purposes of our legitimate interests is lawful except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This personal data is only stored for the time you visit our websites.

2.2 Contact by email or use of the contact form our websites
If you contact us by email or use a contact form, we process

your advised request,
the company you work for,
your sex (title),
your first and last names,
your business contact data (email address, address and telephone number, the indication of your customer number is optional).

The purpose of the processing of this data is to answer your questions. We will delete the data collected in this context when storage is no longer necessary or restrict the processing if there is a legal obligation to retain data. The basis for the processing is Article 6 paragraph (1) sentence 1 point f GDPR except where there are legal obligations to retain data. In this case the basis for storage is Article 6 paragraph (1) sentence 1 point (c) GDPR; according to this the processing is lawful for compliance with a legal obligation.

Furthermore you have the possibility to receive regular information from us (newsletter, see below number 2.6 point (c)) irrespective of filling in the contact form and the reply to your request.

2.3 Cookies

a) On our website we use the Usercentrics Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Str. 7, D-80331 Munich, Germany, to ensure compliance with data protection regulations and record and manage your consents. The Usercentrics CMP enables us to implement your preferences to use Cookies and similar technologies in compliance with the law.

Data are processed exclusively within the European Union. Personal data shall not be processed without your consent. Usercentrics CMP uses technologies such as Cookies and local storage to store users’ consent. These data are stored exclusively on our servers and are not forwarded to unauthorised third parties.

The legal basis for processing your personal data in the context of Usercentrics CMP is Article 6(1), Point c, GDPR (Compliance with legal obligations).

Personal data are processed to

Ensure compliance with legal obligations
Store and manage your consent

The data enable us to record and implement your preferences in respect of using Cookies on our website The consent data (consent granted and withdrawal of consent) are stored for a period of one year. Following expiry of this period, the data are automatically erased if they are no longer required for the stated purposes.

Cookies are small text files stored on your hard drive that are assigned to the browser you are using and by way of which certain information is transferred to the party setting Cookies (in this case us). Cookies cannot execute programs or transfer viruses to your computer. They are aimed at making the internet service more user-friendly and effective overall.

b) These websites use the following types of cookies the scope and function of which are explained below:

transient cookies (see aa)
persistent cookies (see bb).

aa) Transient cookies are automatically deleted when you close the browser. They are in particular session cookies. They store a session ID by means of which several requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our websites. The session cookies are deleted when you log out or close the browser.

bb) Persistent cookies are automatically deleted after a time defined by us. This time may vary according to the cookies. You can delete the cookies in the security settings of your browser at any time. With this deletion you also withdraw your consent to process the respective cookie.
c) You can configure the browser according to your wishes and for example reject the acceptance of third-party coolies or all cookies. Please note, that in such a case you may not be able to use all functions of our websites.

2.4. LinkedIn Insight Tag

Our website uses the “LinkedIn Insight Tag” conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a Cookie in your web browser, which enables inter alia the collection of the following data: IP address, device and browser characteristics and page events (e.g. page views). This data are encrypted, rendered anonymous within seven days while the anonymised data are erases within 90 days. LinkedIn does not share any personal data with us. However, it provides anonymised reports in respect of the website target group and display performance. LinkedIn also provides the option of re-targeting via the Insight Tag. By way of such data, we can display targeted advertising outside our website without identifying you as a website visitor. Please see the data protection notices at LinkedIn for more information.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. Click here to deactivate the Insight tag on our website (“Opt-out”).

2.5 Incorporation of YouTube videos

Our website uses plugins from the Google-operated YouTube site. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-mail: support-deutschland@google.com (“Google” or synonym “YouTube”). We have integrated the service by way of a so-called two-click solution. A connection to the Google servers shall only be established once you click on the corresponding placeholder. A connection to the YouTube servers is established once a video is accessed via YouTube. In that respect, the YouTube server is informed of the pages of our website that you have visited. If you have logged into your YouTube account, you enable YouTube to directly allocate your surf behaviour to your personal profile. You can prevent this by logging out of your YouTube account. Please see the Google Data Protection Policy for more information about how user data are handled at

https://policies.google.com/privacy?hl=en&gl=en

As a registered YouTube platform user, you can also control the extent to which your user behaviour may be recorded and used by Google via the YouTube platform’s comprehensive advertising settings. YouTube is used to render the presentation of our online services appealing. The legal basis is your consent, which you grant by clicking on a corresponding placeholder, within the meaning of Article 6(1), Point a, GDPR. If consent is not required, the legal basis in such a case is Article 6(1), Point f, GDPR.

2.6. Google Analytics 4

This website utilizes Google Analytics, a web analytics service provided by Google Ireland Ltd, located at Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, which are text files placed on your computer, to analyze how users interact with the site. The information generated by the cookie about your use of this website is typically transmitted to and stored on a Google server in the USA.

In Google Analytics 4, IP address anonymization is enabled by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Your user behavior during your visit to the website is recorded in the form of «events.»

Google uses this information to evaluate your pseudonymous use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and improve our services for our customers.

Possible recipients of your data include Google Ireland Limited, Google LLC, and Alphabet Inc. For data transfers to the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Although Google servers are distributed worldwide and data transfer to third countries cannot be completely ruled out, we have concluded the EU standard contractual clauses with the provider to ensure an appropriate level of data protection.

Data linked to cookies is automatically deleted after 14 months, and the maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has expired is automatically deleted once a month.

The legal basis for data processing is your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the Telecommunications Data Protection Act (TTDSG). You can revoke your consent at any time with future effect by adjusting the settings in our cookie consent tool. However, the lawfulness of processing based on consent before revocation remains unaffected.

Google processes some of your personal data in the USA. There is currently no adequacy decision by the EU Commission for data transfer. The appropriate level of data protection is therefore guaranteed by the use of the EU standard contractual clauses.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

Not giving your consent to the setting of the cookie or
downloading and installing the browser add-on to deactivate Google Analytics here. https://tools.google.com/dlpage/gaoptout?hl=en

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/ and at https://policies.google.com/privacy?hl=en

2.7 Google Tag Manager

We use Google Tag Manager, a service rendered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager is a technical tool by way of which we can centrally manage website tags. The Google Tag Manager itself does not process any personal data. It merely ensures that other components (e.g. analysis or marketing tags) can be located, which, in turn, can collect data.

Using Google Tag Manager is based on our legitimate interest in efficiently managing website tags in accordance with Article 6(1), Point f, GDPR. However, insofar as the Google Tag Manager loads tags that access data that are not technically necessary (e.g. marketing tags), this applies exclusively based on your prior consent in accordance with Section 25(1), TDDDG (German Telecommunications Digital Services Data Protection Act)and Article 6(1), Point a, GDPR.

We have entered into an order processing contract with Google in accordance with Article 28, GDPR. Forwarding technical information (e.g. IP address) to the USA cannot be ruled out as a result of using Google services. Google is certified in accordance with the EU-US Privacy Framework, which was recognised as appropriate by the European Commission on 10 July 2023. Furthermore, we have entered into the EU Standard Contractual Clauses (SCCs) with Google to ensure that the level of data protection is adequate.

You can find more information about Google Tag Manager in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en Google: https://policies.google.com/privacy?hl=en&gl=en .

2.8 Google Ads

This website uses Google Ads. Ads is an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-mail: support-deutschland@google.com

Google Ads is a service used to display targeted adverts to users. Google Ads uses Cookies and other browser technologies to evaluate user behaviour and identify users. Google Ads collects information about visitor behaviour on various websites. This information is used to optimise advertising relevance. Furthermore, Google Ads supplies targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are forwarded to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited, or have not logged in, the provider may establish and store your IP address and other identification features. In this case, your data shall be forwarded to the operator of Google Ads, Google Ireland Limited.

Purpose and legal basis

We process your data with the help of Google Ads to optimise our website and for marketing purposes based on your consent in accordance with Article 6(1), Point a, GDPR.

You can change your settings at any time via the Cookie settings. You can find more information about Google Ads in the Google data protection notices:

https://policies.google.com/privacy?hl=en&gl=en

Storage period

The Cookies are no longer valid after 30 days, and are not used to personally identify the users. If a user visits certain pages of the website and a Cookie has not yet expired, Google and we may establish that the user has clicked on the advertisement and was forwarded to that page.

We cannot exert an influence on the specific storage period of the processed data. Moreover, it is determined by Google Ireland Limited. More information can be found in the Google Ads Privacy Policy: https://policies.google.com/privacy.

2.9 Adwords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-mail: support-deutschland@google.com.

As part of Google AdWords we use the so-called Conversion-Tracking. A Cookie is placed for the Conversion Tracking when you click on an advertisement placed by Google. Cookies are small text files that the internet browser places on the user’s computer. These Cookies are no longer valid after 30 days, and are not used to personally identify the users. If a user visits certain pages of the website and the Cookie has not yet expired, Google and we may determine that the user has clicked on the advertisement and was forwarded to that page.

Each Google AdWords customer receives a different Cookie. Therefore, Cookies cannot be traced via the websites of the AdWords customers. Information obtained by way of the Conversion Cookies is aimed at drawing up conversion statistics for AdWords customers who have decided in favour of Conversion Tracking. The customers are informed of the total number of users who have clicked on their advertisement and who were forwarded to a page equipped with a conversion tracking tag. However, they are not provided with any information with which they can personally identify users. If you do not wish to take part in Tracking, you can object to such use by simply deactivating the Cookie of the Google Conversion Tracking via your internet browser settings. Thereupon you will not be incorporated in the Conversion Tracking statistics. “Conversion Cookies” are stored based on your consent in accordance with Article 6(1), Point a, GDPR. For more information about Google AdWords and Google Conversion-Tracking, please see the Google data protection provisions:

https://policies.google.com/privacy?hl=en&gl=en

You can adjust your browser so that you are informed about the placing of Cookies and only permit Cookies in an individual case, exclude the acceptance of Cookies for certain cases or in general and activate the automatic deletion of Cookies when the browser is closed. The functionality of this website may be restricted in the case of deactivating Cookies.

You can change your settings at any time via the Cookie settings.

2.10 Salesforce

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, D-80636 Munich (hereinafter “Salesforce”).

Salesforce Sales Cloud is a CRM system and enables us, inter alia, to manage existing and potential customers and customer contacts and organise sales and communication processes. By way of using the CRM system, we are also able to analyse our customer-related processes. Customer data are stored on Salesforce servers. In this respect, personal data may also be forwarded to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Details of the functions of Salesforce Sales Cloud can be found here: https://www.salesforce.com/uk/sales/cloud/.

Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding corporate rules that legitimise the internal forwarding of data to third countries outside the EU and the EEA. You can find the details here: https://compliance.salesforce.com/en/documents/a005A00000kFf5jQAC. Please note that we have entered into an order processing contract with Microsoft to facilitate such activity, including the Standard Contractual Clauses.

Details can be found in the Salesforce Privacy Policy: https://www.salesforce.com/de/company/privacy/.

2.11 Varify

We use Varify.io, a service of Varify GmbH, Südliche Münchner Straße 55, D-82031 Grünwald, Germany, to make dynamic websites, so-called landing pages, available to you. These pages adapt to your search entries or other parameters, for example, and enable us to individually optimise our online service. In that respect, personal data such as your IP address and browser information are processed.

Instead, the processing occurs on the server side or by way of other technologies that are Cookie-free based on your interaction with the website.

Processing such data is exclusively aimed at actively providing you with the content of the landing pages and improving our service. Data are processed exclusively based on your consent in accordance with Article 6(1), Point a, GDPR. You may, of course, withdraw such consent at any time with effect for the future.

Your data shall only be used for the duration of your session and then either erased or rendered anonymous. The data shall not be stored permanently or forwarded. No data shall be forwarded to third countries either.

We draw your attention to the fact that the dynamic landing pages constitute a supplementary function. You can also use our website to the full extent without such personalised content if you do not want to consent to the processing of your personal data. You can contact us at any time if you have any questions about your rights, for example in respect of information about or the rectification or erasure of your data.

2.12 jQuery technologies

This website uses the JavaScript technology jQuery Migrate to ensure stability and functionality. To that end, programme libraries are loaded from the jQuery Foundation servers (https://code.jquery.com/). If your browser has already loaded jQuery Migrate on another website, it will access the copy stored in the cache. Otherwise, the file shall be downloaded from the jQuery Foundation servers.

By retrieving files from the jQuery Foundation servers, your IP address is forwarded to the jQuery Foundation servers because it is required in a technical sense to provide the requested content. In that respect, the jQuery Foundation may become aware that you have accessed our website. Forwarding such data to servers outside the EU, e.g. in the USA, cannot be ruled out. In such cases, we endeavour to ensure that suitable protective measures are in place such as use of EU Standard Contractual Clauses.

Data are processed based on our legitimate interest in accordance with Article 6(1), Point f, GDPR. Our interest is to optimise the loading speed and stability of our online service. You can deactivate JavaScript in your browser if you wish to object to the processing of your data. However, this may have a detrimental effect on the functionality of the website.

More detailed information about jQuery is available at https://code.jquery.com/. The jQuery Foundation’s rules of conduct are available at https://js.foundation/community/code-of-conduct.

2.13 eKomi Connect

We use eKomi Connect, a central authentication platform of eKomi Ltd, Markgrafenstrasse 11, D-10969 Berlin, Germany (“eKomi”). eKomi Connect enables users to log in to various eKomi services via a single account.

As part of the use of eKomi Connect, personal data are processed, such as your e-mail address, username and IP address, to enable authentication and the secure provision of services. Such data are used exclusively to administer your account and for eKomi Connect functionality.

Processing your data is based on executing the user contract in accordance with Article 6(1), Point b, GDPR. In addition, we rely on our legitimate interest in efficiently and securely managing user accounts in accordance with Article 6(1), Point f, GDPR.

The data are stored on servers within the European Union. If data need to be forwarded to third countries (e.g. USA) in exceptional cases, this shall only apply based on suitable guarantees such as the EU Standard Contractual Clauses (SCCs) or the EU-US Privacy Framework that ensure an adequate level of data protection.

We have entered into an order processing contract with eKomi in accordance with Article 28, GDPR, to ensure that your data are processed in accordance with data protection regulations.

More information about eKomi Connect and its data protection practices can be found at: https://www.ekomi.co.uk/uk/privacy/

2.14 Campaign Monitor

We use Campaign Monitor, a platform provided by Campaign Monitor Pty Ltd, 404/3-5 Stapleton Avenue, Sutherland, NSW, Australia, 2232, to send newsletters and analyse their success. Campaign Monitor enables us to design professional newsletters, send them automatically and evaluate recipients’ interactions to optimise our communications.

We process the following personal data as part of using Campaign Monitor:

E-mail address
Name (if stated)
IP address and usage data (when opening and clicking in newsletters)
Date and time of registration (double opt-in procedure)

Such data are processed exclusively based on your previously granted consent in accordance with Article 6(1), Point a, GDPR. You can withdraw your consent at any time. You can withdraw your consent to send you the newsletter at any time and unsubscribe from the newsletter. You can state your withdrawal by email to newsletter@autosen.com or by sending a message to the contacts indicated in the Legal notice. Your data shall only be processed following your express consent in accordance with Article 6(1), Point a, GDPR. Newsletters shall not be sent and no data shall be processed without your consent. Campaign Monitor is operated by Campaign Monitor Pty Ltd, a company, which has its registered office in Australia. The data may be stored on servers in the USA, Germany and Australia. We have entered into the EU Standard Contractual Clauses (SCCs) with Campaign Monitor to ensure that the level of data protection in place is adequate. More information about Campaign Monitor’s GDPR compliance can be found via the following links: DSGVO Compliance: https://www.campaignmonitor.com/trust/gdpr-compliance/

2.15 Intercom

We use Intercom, a platform of Intercom, Inc., 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2, Ireland. Intercom enables us to communicate with visitors to our website in real time via chat, provide targeted support for questions and analyse user behaviour. We also use Intercom CDN, a content delivery network, and the Intercom API to secure the platform’s functionality and efficiency.

The processing is aimed at providing a real-time chat function, storing chat content to optimise communication, identifying users to personalise interactions, improving loading times and providing website content via the content delivery network and analysing user behaviour to improve the user experience. As part of using Intercom and its services, we process personal data such as the content of chat communication, e-mail address and name (if provided voluntarily), IP address, technical usage data such as browser information and user agent as well as Cookies used to identify users and store user settings. Data are only processed if you actively use the chat function or grant your consent to processing.

Your data are processed based on your consent in accordance with Article 6(1), Point a, GDPR, insofar as you have consented to the use of the services. Intercom CDN is also used within the scope of our legitimate interests in accordance with Article 6(1), Point f, GDPR, to ensure the functionality and security of our online service. You may withdraw your consent at any time:

Your personal data shall only be stored for as long as is necessary to provide the chat function, optimise communication or analyse user behaviour. Chat content is stored until the conversation has ended or you withdraw your consent. Cookies are stored in line with your browser settings. Once the purpose no longer applies or if you withdraw your consent, the data shall be erased, provided no statutory retention obligations to the contrary apply.

2.16 LeadInfo

We use the web service Leadinfo from LeadInfo B.V., Rivium Quadrant 141, 2909LC, Capelle aan den IJssel, Netherlands, on our website. Leadinfo is used to identify corporate visitors on our website and allows us to obtain complete contact details as well as insights into website visit behavior.
Leadinfo uses cookies and other browser technologies to analyze user behavior and recognize returning visitors. The following information, among others, is processed:

Company name
Phone number
Company address
Web address
Industry
Company profile
Revenue
Key personnel on LinkedIn
Visited pages and duration of stay
IP addresses of website visitors from our customers
Company profiles linked to IP addresses

The collection of this data is exclusively for corporate visitors (B2B). Private individuals or sole proprietors are removed from processing after a brief review. The processing of data is based on our legitimate interest in accordance with Art. 6 1 f GDPR. Our legitimate interest consists of:

Optimization of our website
Identification of potential business customers (B2B lead generation)
Marketing and sales purposes

An appropriate balancing of interests ensures that your rights and freedoms are protected. The data processed by Leadinfo is stored for the following periods:

IP addresses of website visitors → three (3) years after collection
Company profiles linked to IP addresses → three (3) years after collection

The storage duration of other data processed by Leadinfo is beyond our control and is determined by LeadInfo B.V. More detailed information about storage duration and data processing by Leadinfo can be found in their privacy policy at the following link: https://www.leadinfo.com/en/legal/privacy/

You have the right to object to the processing of your data by Leadinfo or to revoke a previously given consent. To change your privacy settings and disable processing by Leadinfo, please use the option in our consent management tool. Additionally, you can prevent the storage of cookies in your browser settings or delete existing cookies.

3. Registration and newsletter

a) If you want to use certain services of our websites, for example the download of data, a registration of the following data concerning you is required:

indication if you or the company you work for are an existing customer,
sex (title),
first name, last name,
company you work for,
your business contact data (email address, address and telephone number, the indication of your customer number is optional).

You have to assign a sufficiently secure password for this data.

b) We use the double-op-in process for registration. That means that we send an email to the indicated email address after entry of your registration data in which we ask you to confirm your registration data. If you do not confirm your registration, your information is blocked and deleted after the statutory storage period has elapsed (in any case up to the end of the period of limitation for any claims). Moreover, we store your used IP addresses and the times of entering your registration data and the confirmation. The purpose of the process is to evidence your registration and to solve a possible misuse of your personal data, if need be. The basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR.

c) Newsletter
On our websites you can register for our newsletter with current information about our company and our services.
Your consent to receive the newsletter is always freely given. You can withdraw your consent at any time. You can use all other functions of our websites irrespective of your consent to receive the newsletter. This also includes the functions in the context of the registration or the contact form.
After our registration for the newsletter we carry out the double-opt-in process as described above under point (b). If you have also registered for the newsletter during your registration, you confirm by means of the double-opt-in process your consent to receive the newsletter.
To send you the newsletter we only process your name, your sex (title) and your email address so that we can address you personally. The basis for the use of this processing of your personal data is Article 6 paragraph 1 sentence 1 point (a) GDPR. You can withdraw your consent to send you the newsletter at any time and unsubscribe from the newsletter. You can state your withdrawal by email to newsletter@autosen.com or by sending a message to the contacts indicated in the Legal notice.

3.1 On the autosen webshop

a) If you want to place an order in our webshop, a requirement necessary to enter into a contract is that you indicate the personal data asked for which we need to process your order. Mandatory information necessary to process the contracts is marked separately; any other information is given freely. The data you indicate is used by us to process your order. The basis for this is Article 6 section (1) sentence 1 point (b) GDPR. If you are our customer but the company you work for, we process your business contact data on the basis of Article 4 paragraph (1) sentence 1 point (f) GDPR for the purpose of enabling and facilitating the communication with our customers to execute the contract.
b) Due to trade and tax laws we are obliged to store your address, payment and order data for a period of ten years. After the end of the period of limitation we limit processing, i.e. your data is only used to comply with the legal obligations.

3.2 Applicant data

a) We process the following data of people applying for a job using the application form on our websites or any other means:
first name, last name, email address, address, telephone number (if indicated) and the application documents transmitted to us.
b) Subject to a separately given consent we only process the data to carry out the application process on which the respective application is based. Without this consent the data will not be stored after the end of the application process and the relevant storage periods.

3.3 Sensor data collection via the cloud

If you use io-key to save sensor data in our cloud, we store the personal data requested there to this end. We require this data to process the contract. The legal basis is Art. 6 section (1) sentence 1 letter b) GDPR. Insofar as you are not personally our Client, rather the business for whom you work is the Client, we process your business contact data on the legal basis of Art. 6 section (1) sentence 1 letter f) GDPR for the purpose of enabling and simplifying communication with our Client to carry out the contract. Owing to regulations under commercial and fiscal law, we are bound to save your address, payment and order data for a duration of ten years. The legal basis in this regard is Art. 6 section (1) sentence 1 letter c) GDPR.

However, we restrict processing once the limitation periods have expired, meaning that your data is then used to adhere to statutory obligations only. To render this Service, we have engaged a service provider: Software AG, Uhlandstr. 12, 64297 Darmstadt (Germany), as well as its cooperation partner of Software AG. Suitable order processing agreements were concluded pursuant to Art. 28 GDPR to ensure that your data is protected. Insofar as data is hereby transmitted to third-party countries, this takes place exclusively according to the 5th chapter of GDPR.

To render this service we call on the services of Software AG, Uhlandstr. 12, D-64297 Darmstadt, and other cooperation partners. We have entered into order processing agreements with these service providers in accordance with Article 28, GDPR, to ensure the protection of your data. In the event that forwarding personal data to third countries is required in this context, this shall apply exclusively in compliance with the requirements of Chapter 5, GDPR, for example by entering into Standard Contractual Clauses or based on adequacy decisions.

3.4 Remote monitoring promotion with Software AG

If you take advantage of our joint remote monitoring promotion with Software AG, you consent to us transmitting your personal data (email address and phone number) to Software AG Deutschland GmbH (Uhlandstraße 12, Darmstadt, 64297, Germany) to process for the purposes of informing you about the products, services and events offered by Software AG. You can withdraw this consent at any time – this can be done by unsubscribing here. Further information about how Software AG Deutschland GmbH uses personal data can be found in their Privacy Statement.

4. Social media

We operate advertising accounts for business purposes on various social media platforms. In addition to the information you share with us directly via social networks, we utilize the statistical evaluations provided to us. These platforms provide insights into the perception of our products and services, allowing us to assess our marketing activities and identify areas for improvement. Posts on online platforms such as LinkedIn and YouTube are evaluated based on search queries (e.g., for a new product line) or specific metrics (e.g., views, number of clicks). Only posts made freely available to the public will be considered.

The legal basis for processing personal data is in accordance with Article 6(1)(f) of the GDPR, as we have a legitimate interest in identifying any deficiencies in our products and services through publicly available comments and reacting accordingly. Data processing via social media platforms occurs within the framework of the general terms and conditions agreed upon between you and the platform operators, as well as their data protection provisions.

5. Transfer and communication of your data to a third party

We never transfer your data to a third party without your consent.

We partly use the support of a third party for electronic data processing. This is a reliable service provider we have selected very carefully so that they process your data according to our order. The basis is Article 28 GDPR. Our service providers are, of course, committed to handle the data carefully and only according to our instructions and the applicable data-protection regulations, in particular neither to use the data for their own purposes nor to transfer them to a third party.

Moreover, there may be individual cases in which we are legally obliged to forward your data by order from an official authority if this is required for the purpose of law enforcement or danger prevention by police or other authorities. The basis for transmission in such cases is Article 6 section (1) paragraph (1) point (c).

Finally there may be cases in which your data is transmitted to companies associated with autosen gmbH (subsidiaries or affiliates) for one of the purposes mentioned in number 2 due to the work distribution within the autosen group of companies.

The purpose of this transmission is to structurally fulfil the tasks arising in the course of pursuit of corporate goals within a group of companies within our group of companies according to our work distribution; the basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR.
If in this context personal data is processed outside the states of the European Economic Area («EEA»), we protect your personal data by transmitting and processing your personal data within our group of companies only according to the standard contractual clauses defined by the EU Commission following Article 46 paragraph (2) point (c). The standard contractual clauses can be viewed and downloaded at https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/obligations/what-rules-apply-if-my-organisation-transfers-data-outside-eu_en.

6. Your Rights

In accordance with Articles 15-21, GDPR, you may assert the following rights with regard to the personal data processed by us if the conditions described therein are met.

You may request information about your personal data processed by us in accordance with Article 15, GDPR. If incorrect personal data are processed, you have the right to rectification in accordance with Article 16, GDPR. If the legal requirements are met, you may request the erasure or restriction of processing (Article 17, 18, GDPR).

You have the right to withdraw your data protection law declaration of consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6.1 You have the following rights against us with regard to the personal data concerning you:

the right of information if and which of your personal data is processed by us,
right to rectification or erasure of your data,
right to restriction of processing,
right to object processing if the basis for this processing is Article 6 paragraph (1) sentence 1 point (f) GDPR and
right to data portability.

6.2 In accordance with Article 77, GDPR, every data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes on the GDPR. The competent supervisory authority for data protection issues is the state data protection officer of the German federal state in which our company has its registered office.

7. Amendment of this data protection statement

We reserve the right to amend this data protection statement at any time with future effect. The current version can be accessed on our websites. Please visit our websites regularly and inform yourself about the data protection regulations in effect.

Date: Februar, 2025