DATA PROTECTION

Data protection at Automotive Safety Technologies GmbH

The following translation is for information only. The original and legally binding version is the German version.

The protection of your personal data is very important to us. We process your personal data with the utmost care and observe all applicable data privacy regulations, particularly the EU General Data Privacy Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1.0 Scope

This data privacy policy provides an overview of the following information:

  • What type of personal data is processed by our website (hereafter also referred to as Services)?
  • In what manner, scope, for what purpose and pursuant to what legal basis is this data used?
  • What measures are used to protect your personal data?
  • How can you object to the processing of your personal data by our website?
  • How can you receive information about the data that is shared with us, and if applicable, make claims against us with respect to the rights you are entitled?

2.0 Who is the point of contact (responsible person) for any issues related to the protection of your data?

The point of contact for matters pertaining to the privacy of data processed through our Services is:

Automotive Safety Technologies GmbH
Lilienthalstraße 11
85080 Gaimersheim

Tel.: +49 841 89 95000
Fax: +49 841 89 8491999

datenschutz@astech-auto.de

www.astech-auto.de

Inquiries regarding data protection, as well as the assertion of claims with respect to your rights (refer to further information in this data privacy policy) should be sent to our data protection representative at the address indicated above.

3.0 What is the legal basis for processing data through our website?

We process your personal data pursuant to Article 6, Paragraph 1 a) of the GDPR, provided we receive your consent. The personal data that is required for the purposes of fulfilling a contract in which you are a party to, or in order to take steps prior to entering into a contract, is processed pursuant to Article 6, Paragraph 1 b) of the GDPR. Personal data that is required to meet a legal obligation, to which we are a subject, is processed pursuant to Article 6, Paragraph 1 c) of the GDPR. If the processing of personal data is required because it is in your vital interests, or the vital interests of another natural person, Article 6, Paragraph 1 d) of the GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, which require the protection of personal data, Article 6, Paragraph 1 f) of the GDPR serves as the legal basis.

The relevant legal basis for the respective processing shall be taken from the corresponding section of this data privacy policy.

4.0 What type of technical access data/server log files are collected and stored when using our Services?

We (or our web space provider) collect and store data each time you access our Services (so-called server log files or system and user data). This access data includes: website name, file name, date and time of the access, volume of data transmitted, confirmation of successful request, type and version of the browser, operating system used, referrer URL (previously visited website), IP address and requesting provider.

The data and log files are stored pursuant to Article 6, Paragraph 1 f) of the GDPR.

We use the protocol data solely for the purpose of statistical analysis with the goal of providing, ensuring the security of and optimizing the Services. However, we reserve the right to analyze the protocol data after the fact if there are reasonable grounds for suspecting illegal use of the Services. For these purposes we also have a legitimate interest in processing the data pursuant to Article 6, Paragraph 1 f) of the GDPR. In this case the data is not analyzed for marketing purposes.

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. If the data is collected in order to make the website available, the data is deleted once the session has terminated. In case of data saved in log files, the data is deleted within three months at the latest. The data may be stored for a longer period, in which case the IP address of the user is deleted or modified so that it can no longer be tied to the requesting computer.

In order to operate and make the website available, it is essential that we collect and store this data in log files. You thus have no possibility to object.

5.0 How do we handle your personal data when you use our Services?

Personal data is information that helps to identify a person. In other words, information that can be traced to a person. This includes name, e-mail address or telephone number. Personal data can also include preferences, hobbies, memberships or websites that someone has viewed. We collect, use and forward personal data only if this is legally permitted, or if you consent to having your data collected and used.

Please note that pursuant to Article 6, Paragraph 1 c) of the GDPR, in individual cases and when ordered to by the responsible authority, we may provide information about data if it is required for law enforcement purposes, for defense by law enforcement authorities in the German Bundesländer, to meet the legal obligations of the German Federal Office of the Protection of the Constitution at the German federal and state level, the German Federal Intelligence Service or Military Intelligence, or to enforce intellectual property rights.

6.0 Establishing contact

When you establish contact with us, such as via a contact form or e-mail, your information is stored for the purposes of processing your request, and if follow-up inquiries occur. We process the data received via the contact form or e-mail pursuant to Article 6, Paragraph 1 f) of the GDPR. If contact is established in order to complete a contract, Article 6, Paragraph 1 b) of the GDPR is also the legal basis for processing the data.

The personal data that you provide when you contact us, is processed for the sole purpose of establishing this contact. If you contact us via e-mail, we also have a legitimate interest in processing the data for this purpose. Other personal data processed during the transmission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. This includes the following data:

Date/time of the contact, IP address, first and last name, address, e-mail address.

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. The data is also deleted once your conversation with us is terminated. A conversation is deemed to have terminated when it can be inferred from the situation that the respective matter has been finally clarified. The personal data collected during the transmission process is deleted within three months at the latest.

Right to object
You have the right to object to the processing of your personal data by contacting us at the above-named address. In this case the conversation cannot be continued. All personal data stored while establishing contact will be deleted in this case.

7.0 What security measures have we carried out to protect your data?

We maintain up-to-date technical measures to ensure data privacy, in particular to safeguard your personal data during transmission and from access by third parties. These measures are adapted to the latest developments in technology.

Our databases are safeguarded through physical and technical measures, as well as processes, that restrict access the information to specifically-authorized persons in accordance with this data privacy policy. The information technology system for our Services is located behind a software firewall in order to prohibit access by other networks connected to the Internet. The only persons with access to personal data are those employees and representatives who require the information to carry out a specific task. Employees and representatives are trained in the area of security and data privacy practices.

We use the standardized SSL encryption technology to collect and transmit data through our website. When communicating via e-mail, complete data privacy cannot be guaranteed.

8.0 Cookies: What significance does this have for my personal data?

We don’t use cookies on our website.

9.0 Analysis tools: what happens to my data?

We don’t use any web analysis services.

10.0 What rights do I have?

If your personal data is processed by us, as the data subject pursuant to the GDPR, you have the following rights:

10.1 Receiving information about and rectifying, restricting and deleting your personal data
You have the right, at no cost, to receive information regarding your personal data that we store, including the origin and recipients and the purpose for which the data is processed by our website. You also have the right to right to correct, delete or restrict the processing of your personal data, provided that the legal requirements for such action have been met.

10.2 Right to request your personal data
You have the right to request receipt of the personal data you provided to us in a structured, common and machine-readable format. We can fulfill this obligation by creating a csv-export file containing the personal data that we process. You can also request that we send this information to a third-party.

10.3 Right to be informed
If you exercise the right to correct, delete or restrict the processing of your personal data that we store, we are obligated to inform all recipients of your personal data of accordingly, unless this action is impossible to carry out or requires a disproportionate amount of effort. You have the right to obtain information regarding these recipients from us.

10.4 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on point Article 6, Paragraph 1 (e or f), including profiling based on those provisions. We will no longer process the personal data unless we have legitimate grounds for the processing, which override your interests, rights and freedoms of or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

10.5 Revoking your consent
You have the right, at any time, to revoke your consent for the processing of your personal data at the address listed below.

10.6 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU GDPR. The supervisory authority with which the complaint has been lodged will inform you of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

All requests for information and information inquiries, as well as requests related to exercising any of your other rights or objections to the processing of your personal data, can be submitted to our data protection representative at the above-named address.

Here you can find further information about how you can exercise your data protection rights

1. European General Data Protection Regulation (EU-GDPR)

The European General Data Protection Regulation (EU-GDPR) is a European regulation on the protection of natural persons with regard to the processing of personal data. Personal data means any information relating to an identified or identifiable natural person (data subject). This new regulation came into force on 25 May 2018 in all EU Member States.
Therefore, the following relevant rights for data subjects apply to Automotive Safety Technologies GmbH:
the right to (i) access to data, (ii) data portability, (iii) data erasure, (iv) data rectification, (v) withdrawal of consent and (vi) restriction of processing.

2. Rights of the data subject: data subject groups

To ensure that the requested data is presented in a transparent manner and your request is processed in a purposeful fashion,  we will distinguish between the following data subject groups: (former) employees of Automotive Safety Technologies GmbH, relatives of employees, applicants, suppliers and service providers or business partners as well as their employees or visitors and people in general road transport.

We ask that you always send your inquiries to us by post, so that we can correctly authorize and identify the person making the request.

The rights of data subjects according to Articles 15 to 21 of the EU GDPR regulation are as follows:

You have the right of (i) access to data. This encompasses access to data stored by Automotive Safety Technologies GmbH relating to you and to the scope of the data processing and data portability performed by Automotive Safety Technologies GmbH, as well as a copy of the stored personal data relating to you.
Should you exercise your right of access to your data, we will provide you with information about the data which Automotive Safety Technologies GmbH has stored about you, the data subject. This information will be sent to you by post only.

You have the right to (ii) data portability. Insofar as we automatically process your personal data which you have made available to us based either on your declaration of consent or a contract with you (including your employment contract), you have the right to obtain this data in a structured, commonly used electronic form. You have the right to transmit your personal data directly to another controller, without interference by Automotive Safety Technologies GmbH. In addition, you have the right to have your personal data transmitted directly from Automotive Safety Technologies GmbH to another controller, where technically feasible and as long as this does not adversely affect the rights and freedoms of others.
Should you exercise your right to data portability, you will receive the data which Automotive Safety Technologies GmbH has stored about you, as the data subject, in a machine-readable format. This information, including a description of how to download your data, will be sent to you by post only.

You have the right to (iii) erasure of data. This refers to the erasure without undue delay of data concerning you that has been stored by Automotive Safety Technologies GmbH, insofar as legal obligations are complied with. In the case of your data being passed on to a third party, we will inform it of the erasure, as long as this is prescribed by law.
Please be aware that your right to erasure is subject to restrictions. For example, we must not and are not permitted to erase any data that we need to retain further for compliance with legal retention periods. Data which we need for the establishment, exercise or defense of legal claims is also exempt from your right to erasure.
Should you wish to exercise your right to data erasure, all your personal data will be irrevocably deleted from the systems of Automotive Safety Technologies GmbH without undue delay, insofar as we are not entitled to or obliged to carry out further processing.

You have the right to (iv) data rectification. This means that you have the right to obtain without undue delay the rectification and/or completion of your personal data that has been stored by Automotive Safety Technologies GmbH.
Should you wish to exercise your right to data rectification, we will make the requested changes in all our systems. Confirmation will be sent to you by post only.

You have the right to (v) withdrawal of consent. Insofar as you have consented to the processing of your personal data, you can withdraw this at any time. Please be aware that the withdrawal only applies to the future. Processing operations carried out before the withdrawal shall not be affected.
Should you exercise your right to withdrawal of consent, you shall revoke all declarations of consent which you made to Automotive Safety Technologies GmbH. All personal data which is being processed on the basis of your declarations of consent will then be irrevocably deleted from the systems of Automotive Safety Technologies GmbH without undue delay, insofar as we are not entitled to or obliged to carry out further processing. An example of such an obligation would be the fulfillment of a contract to which the data subject was a party.

You have the right to (vi) restriction of processing. This means that under certain conditions, restriction of processing can be requested (i.e. the marking of stored personal data with the aim of limiting their processing in the future). The personal data will be marked accordingly and, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of an EU Member State.
Should you wish to exercise your right to restriction of processing, we shall make your personal data unavailable in accordance with legal requirements. Confirmation will be sent to you by post only.

3. Processing of data subject requests

After receipt of your postal request, the GDPR request form will be sent to you. Should you wish to make several requests at once, these will be processed as follows:
1. Data erasure, 2. Restriction of processing, 3. Withdrawal of consent, 4. Data portability and access to data, 5. Data rectification

We would like to point out that the request relates solely to Automotive Safety Technologies GmbH. Further personal data may also be held by third parties, for example by a partner of Automotive Safety Technologies GmbH. Withdrawal of consent vis-à-vis third parties must be arranged with the third parties themselves. Once Automotive Safety Technologies GmbH has received your signed GDPR request form, it will be processed promptly. A response, including the data where appropriate, will be sent by post only. We ask for your understanding in relation to this.
Should you wish to exercise your rights as the data subject of another group, we ask that you contact us by post.

Automotive Safety Technologies GmbH
Data Protection
Lilienthalstr. 11
85080 Gaimersheim

4. Data protection officer

The contact information for our current Data Protection Officer is as follows:

Automotive Safety Technologies GmbH
Data Protection Officer
Lilienthalstr. 11
85080 Gaimersheim

E-mail: datenschutz@astech-auto.de

5. Forms:

Note: Please only send these forms to us if we have requested you to do so.

Power of attorney: You will need a power of attorney if you are not submitting a request on your own behalf. The person for whom you are requesting data may use the enclosed power of attorney to authorize you to exercise the requested data subject rights on their behalf. Download

6. Further information

Below you can find the official information on the European General Data Protection Regulation (EU-GDPR).

Back to overview