Data protection statement of autosen gmbh

1. Scope, controller, data protection officer, definitions
1.1 The present data protection statement informs about how and what kinds of personal data of the user (in the following "you") are processed by us, autosen gmbh, when you visit our websites.

autosen gmbh
Annastraße 41
45130 Essen
Phone: +49 (0)201 749 189 21
Fax: +49 (0)201 749 189 22
is the controller pursuant to Article 4 no. 7 EU General Data Protection Regulation (GDPR) for the processing of personal data on our websites according to this Data Protection Regulation (cf. our Legal notice).

You can also directly contact our Data Protection Officer:

Data Protection Officer
Herr Arndt Halbach
Wetterauer Str. 6
42897 Remscheid

1.3 Personal data means any data relating to you personally such as name, address, email addresses, the information about your use of our websites (see under number 2).
Processing means any operation performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

2. Processing of personal data when visiting our websites or contact via email; purpose and basis
2.1 Informatory use of our websites
If the websites are used for information only, i.e. if you do not register or transmit information in any way, we only collect the personal data your browser transmits to our server. If you want to look at our websites, we collect the following data:

  • IP address,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • content of the request (specific site),
  • access status/HTTP status code,
  • transferred amount of data,
  • website from which the request is sent,
  • browser,
  • operating system and its user interface,
  • language and version of the browser software and
  • your approximate location data which we derive from the above-mentioned data.

Purpose and basis
The purpose of the processing of this data is to show you our websites and to ensure stability and protection. Basis is Article 6 paragraph (1) sentence 1 (point f) GDPR. According to this paragraph the processing of personal data for the purposes of our legitimate interests is lawful except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This personal data is only stored for the time you visit our websites.

2.2 Contact by email or use of the contact form our websites
If you contact us by email or use a contact form, we process

  • your advised request,
  • the company you work for,
  • your sex (title),
  • your first and last names,
  • your business contact data (email address, address and telephone number, the indication of your customer number is optional).

The purpose of the processing of this data is to answer your questions. We will delete the data collected in this context when storage is no longer necessary or restrict the processing if there is a legal obligation to retain data. The basis for the processing is Article 6 paragraph (1) sentence 1 point f GDPR except where there are legal obligations to retain data. In this case the basis for storage is Article 6 paragraph (1) sentence 1 point (c) GDPR; according to this the processing is lawful for compliance with a legal obligation.
Furthermore you have the possibility to receive regular information from us (newsletter, see below number 2.6 point (c)) irrespective of filling in the contact form and the reply to your request.

2.3 Cookies
a) In addition to the previously mentioned data cookies are stored on your PC when you use our websites. Cookies are small text files which are stored on your hard disk assigned to the browser you use and by means of which the person setting the cookie (here: us) receives certain information. Cookies cannot execute any programs or transfer viruses to your computer. Their purpose is to make the websites more user-friendly and effective. The basis is your explicit consent you give when you start visiting our website and which can be revoked at any time pursuant to Article 6 paragraph (1) sentence 1 point (a) GDPR or Article 6 paragraph (1) sentence 1 point (f) GDPR.
b) These websites use the following types of cookies the scope and function of which are explained below:

  • transient cookies (see a)
  • persistent cookies (see b).

aa) Transient cookies are automatically deleted when you close the browser. They are in particular session cookies. They store a session ID by means of which several requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our websites. The session cookies are deleted when you log out or close the browser.
bb) Persistent cookies are automatically deleted after a time defined by us. This time may vary according to the cookies. You can delete the cookies in the security settings of your browser at any time. With this deletion you also withdraw your consent to process the respective cookie.
c) You can configure the browser according to your wishes and for example reject the acceptance of third-party coolies or all cookies. Please note, that in such a case you may not be able to use all functions of our websites.

2.4. Social media
We operate advertising accounts for business purposes on various social media platforms. In addition to the information you share with us directly via social networks, we utilize the statistical evaluations provided to us. These platforms provide insights into the perception of our products and services, allowing us to assess our marketing activities and identify areas for improvement. Posts on online platforms such as LinkedIn and YouTube are evaluated based on search queries (e.g., for a new product line) or specific metrics (e.g., views, number of clicks). Only posts made freely available to the public will be considered.
The legal basis for processing personal data is in accordance with Article 6(1)(f) of the GDPR, as we have a legitimate interest in identifying any deficiencies in our products and services through publicly available comments and reacting accordingly. Data processing via social media platforms occurs within the framework of the general terms and conditions agreed upon between you and the platform operators, as well as their data protection provisions.

2.5. Google Analytics
This website utilizes Google Analytics, a web analytics service provided by Google Ireland Ltd, located at Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, which are text files placed on your computer, to analyze how users interact with the site. The information generated by the cookie about your use of this website is typically transmitted to and stored on a Google server in the USA.
In Google Analytics 4, IP address anonymization is enabled by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Your user behavior during your visit to the website is recorded in the form of "events."
Google uses this information to evaluate your pseudonymous use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and improve our services for our customers.
Possible recipients of your data include Google Ireland Limited, Google LLC, and Alphabet Inc. For data transfers to the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Although Google servers are distributed worldwide and data transfer to third countries cannot be completely ruled out, we have concluded the EU standard contractual clauses with the provider to ensure an appropriate level of data protection.
Data linked to cookies is automatically deleted after 14 months, and the maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has expired is automatically deleted once a month.
The legal basis for data processing is your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the Telecommunications Data Protection Act (TTDSG). You can revoke your consent at any time with future effect by adjusting the settings in our cookie consent tool. However, the lawfulness of processing based on consent before revocation remains unaffected.
Google processes some of your personal data in the USA. There is currently no adequacy decision by the EU Commission for data transfer. The appropriate level of data protection is therefore guaranteed by the use of the EU standard contractual clauses.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by
  1. Not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to deactivate Google Analytics here.

You can find more information on the terms of use of Google Analytics and on data protection at Google at and at

2.6 Integration of YouTube videos and videos via Movingimage
a) We have integrated YouTube videos in our online service which are stored at and can be played directly from our websites.
b) When you visit the websites, YouTube gets the information that you have accessed the respective sub-site of our websites. In addition, the data indicated under section 2.1 of this statement is transmitted. This happens irrespective of the fact if YouTube provides a user account via which you are logged in or if a user account does not exist. If you are logged in with Google, your data is directly assigned to your account. If you do not agree to this assignment to your profile at YouTube, you have to log out before the button is activated. YouTube stores your data as usage profiles and uses them for advertising and market research purposes and/or for a design tailored to suit the needs. Such an evaluation is made in particular (even for users who are not logged in) to enable advertising tailored to the needs and to inform other users of the social network about your activities on our websites. You have the right to object creation of these user profiles. In this case you have to address this right to object to YouTube.
c) Any other information for the purpose and scope of data collection and their processing by YouTube are given in the Data Protection Statement. There you also get further information about your rights and setting options to protect your privacy: Google processes your personal data also in the USA and has submitted to comply with the EU-US-Privacy-Shield,

2.7 Registration and newsletter
a) If you want to use certain services of our websites, for example the download of data, a registration of the following data concerning you is required:
  • indication if you or the company you work for are an existing customer,
  • sex (title),
  • first name, last name,
  • company you work for,
  • your business contact data (email address, address and telephone number, the indication of your customer number is optional).

You have to assign a sufficiently secure password for this data.

b) We use the double-op-in process for registration. That means that we send an email to the indicated email address after entry of your registration data in which we ask you to confirm your registration data. If you do not confirm your registration, your information is blocked and deleted after the statutory storage period has elapsed (in any case up to the end of the period of limitation for any claims). Moreover, we store your used IP addresses and the times of entering your registration data and the confirmation. The purpose of the process is to evidence your registration and to solve a possible misuse of your personal data, if need be. The basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR.
c) Newsletter
On our websites you can register for our newsletter with current information about our company and our services.
Your consent to receive the newsletter is always freely given. You can withdraw your consent at any time. You can use all other functions of our websites irrespective of your consent to receive the newsletter. This also includes the functions in the context of the registration or the contact form.
After our registration for the newsletter we carry out the double-opt-in process as described above under point (b). If you have also registered for the newsletter during your registration, you confirm by means of the double-opt-in process your consent to receive the newsletter.
To send you the newsletter we only process your name, your sex (title) and your email address so that we can address you personally. The basis for the use of this processing of your personal data is Article 6 paragraph 1 sentence 1 point (a) GDPR. You can withdraw your consent to send you the newsletter at any time and unsubscribe from the newsletter. You can state your withdrawal by email to or by sending a message to the contacts indicated in the Legal notice.

2.8 On the autosen webshop
a) If you want to place an order in our webshop, a requirement necessary to enter into a contract is that you indicate the personal data asked for which we need to process your order. Mandatory information necessary to process the contracts is marked separately; any other information is given freely. The data you indicate is used by us to process your order. The basis for this is Article 6 section (1) sentence 1 point (b) GDPR. If you are our customer but the company you work for, we process your business contact data on the basis of Article 4 paragraph (1) sentence 1 point (f) GDPR for the purpose of enabling and facilitating the communication with our customers to execute the contract.
b) Due to trade and tax laws we are obliged to store your address, payment and order data for a period of ten years. After the end of the period of limitation we limit processing, i.e. your data is only used to comply with the legal obligations.

2.9 Applicant data
a) We process the following data of people applying for a job using the application form on our websites or any other means:
first name, last name, email address, address, telephone number (if indicated) and the application documents transmitted to us.
b) Subject to a separately given consent we only process the data to carry out the application process on which the respective application is based. Without this consent the data will not be stored after the end of the application process and the relevant storage periods.

2.10 Cloud-based sensor data collection
If you use io-key to save sensor data in our cloud, we store the personal data requested there to this end. We require this data to process the contract. The legal basis is Art. 6 section (1) sentence 1 letter b) GDPR. Insofar as you are not personally our Client, rather the business for whom you work is the Client, we process your business contact data on the legal basis of Art. 6 section (1) sentence 1 letter f) GDPR for the purpose of enabling and simplifying communication with our Client to carry out the contract. Owing to regulations under commercial and fiscal law, we are duty bound to save your address, payment and order data for a duration of ten years. The legal basis in this regard is Art. 6 section (1) sentence 1 letter c) GDPR. However, we restrict processing once the limitation periods have expired, meaning that your data is then used to adhere to statutory obligations only. To render this Service, we have engaged a service provider: Software AG, Uhlandstr. 12, 64297 Darmstadt (Germany), as well as its cooperation partner of Software AG. Suitable order processing agreements were concluded pursuant to Art. 28 GDPR to ensure that your data is protected. Insofar as data is hereby transmitted to third-party countries, this takes place exclusively according to the 5th chapter of GDPR.

2.11 Remote monitoring promotion with Software AG
If you take advantage of our joint remote monitoring promotion with Software AG, you consent to us transmitting your personal data (email address and phone number) to Software AG Deutschland GmbH (Uhlandstraße 12, Darmstadt, 64297, Germany) to process for the purposes of informing you about the products, services and events offered by Software AG. You can withdraw this consent at any time – this can be done by unsubscribing here. Further information about how Software AG Deutschland GmbH uses personal data can be found in their Privacy Statement.

3. Transfer and communication of your data to a third party
We never transfer your data to a third party without your consent.
We partly use the support of a third party for electronic data processing. This is a reliable service provider we have selected very carefully so that they process your data according to our order. The basis is Article 28 GDPR. Our service providers are, of course, committed to handle the data carefully and only according to our instructions and the applicable data-protection regulations, in particular neither to use the data for their own purposes nor to transfer them to a third party.
Moreover, there may be individual cases in which we are legally obliged to forward your data by order from an official authority if this is required for the purpose of law enforcement or danger prevention by police or other authorities. The basis for transmission in such cases is Article 6 section (1) paragraph (1) point (c).
Finally there may be cases in which your data is transmitted to companies associated with autosen gmbH (subsidiaries or affiliates) for one of the purposes mentioned in number 2 due to the work distribution within the autosen group of companies.
The purpose of this transmission is to structurally fulfil the tasks arising in the course of pursuit of corporate goals within a group of companies within our group of companies according to our work distribution; the basis for this is Article 6 paragraph (1) sentence 1 point (f) GDPR.
If in this context personal data is processed outside the states of the European Economic Area ("EEA"), we protect your personal data by transmitting and processing your personal data within our group of companies only according to the standard contractual clauses defined by the EU Commission following Article 46 paragraph (2) point (c). The standard contractual clauses can be viewed and downloaded at

4. Your rights
4.1 You have the following rights against us with regard to the personal data concerning you:

  • the right of information if and which of your personal data is processed by us,
  • right to rectification or erasure of your data,
  • right to restriction of processing,
  • right to object processing if the basis for this processing is Article 6 paragraph (1) sentence 1 point (f) GDPR and
  • right to data portability.

4.2 You also have the right to file a complaint with the data protection supervisory authorities about the processing of your personal data by us.

5. Amendment of this data protection statement
We reserve the right to amend this data protection statement at any time with future effect. The current version can be accessed on our websites. Please visit our websites regularly and inform yourself about the data protection regulations in effect.

Date: 05 April 2020