Privacy Agreement – RECARO

Thank you for your interest in our website. The protection of your personal data is very important to us. In the following you will find information on how we handle your personal data collected through your use of our website. Your data will be processed in accordance with the legal regulations on data protection. Insofar as links are provided to other websites, we have neither influence nor control over the linked contents and the data protection regulations there. We recommend that you check the data protection declarations on the linked websites. In this way you can determine whether and to what extent personal data is collected, processed, used or made available to third parties.

1. Contact info

1.1. Contact Details of the Controller
The person responsible according to Art. 4 para. 7 GDPR is:

RECARO Automotive GmbH
Stuttgarter Str. 73
70597 Stuttgart
Germany
E-Mail: info@recaro-automotive.com

1.2. Contact Details of the Data Protection Officer
PROLIANCE GmbH 
Datenschutzbeauftragter
Leopoldstr. 21
80802 München
Germany
www.datenschutzexperte.de
datenschutzbeauftragter@datenschutzexperte.de

2. Data processing by visiting our website

When you access our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our webserver:

  • Domain visited
  • Date and time of the request
  • Page from which the files were requested 
  • Access status (file transferred, file not found, etc)
  • Web browser and operating system used 
  • IP address of the requesting computer
  • Amount of data transmitted

We collect this data in order to ensure a smooth connection to the website and to enable a comfortable use of it by the users. In addition, the log file serves to evaluate system security and stability for administrative purposes. The legal basis fort he temporary storage of the data or log files is Art. 6 para. 1f GDPR.

For reasons of technical security, in particular to defend against attempts to attack our webserver, we may store this data for a short period of time. It is not possible to draw conclusions about individual persons from this data. After seven days at the latest, the data will be anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. There is no evaluation of this data except for statistical purposes in anonymized form. This data is not merged with data from other data sources.

3. Use of cookies

Our website uses so-called "cookies". Cookies are small text files that are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until your web browser automatically resolves them.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.

This website uses the following categories of cookies, the scope and functionality of which are explained below:

  • Technical cookies: These are stored on the basis of Art. 6 para. 1f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services. 
  • Functional cookies: These cookies make it possible to improve the comfort and performance of websites and to make various functions available. For example, language settings or other selections made can be stored in function cookies.
  • Third-party cookies: Some of our websites integrate content and services from other providers (e.g. Google Maps or social networks), which in turn may use cookies and active components. We have no influence on the processing of personal data by these providers.

Functional cookies and third party cookies are only stored with your consent on the basis of Art. 6 para. 1a GDPR. This consent can be revoked at any time for the future. The legal basis may also result from Art. 6 para. 1b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

The categories of cookies described above are set either temporarily or persistently:

  • Temporary cookies are automatically deleted when you close the browser. This includes in particular the session cookies used by us. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
  • Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

We use the following cookies on our website:

i. PHPSESSID (technically required cookie)
Purpose and description:

Identifies the user, e.g. to give him access to closed areas of the website.

Type and storage duration:
Temporary

The cookie exists for the duration of your online visit. The visit is ended by closing the browser window or the browser.

ii. recaro_cookiebar_[number] (function cookie)
Purpose and description:

This functional cookie stores the information that a user of the website has agreed to the use of cookies. It is set when you close the "Use of cookies" notice layer. If this cookie is present, the hint layer will no longer be displayed for 12 months.

Type and storage period:
Persistent

The cookie is stored for a maximum of 12 months.

Insofar as cookies are used for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent.

You can set your browser so that you can:

  • be informed about the cookie settings,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for specific cases or in general,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed for the respective browsers under the following links:

You can also manage cookies from many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites and applications that you do not wish to be "tracked" for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser's vendor:

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScript, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

You are also welcome to find out more about the cookies we use here.

4. Contact form and contact via e-mail

If you send us enquiries by contact form or e-mail, your details from the enquiry form or your e-mail including the personal data you provide there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. The indication of an e-mail address is required for contact purposes, the indication of your first and last name and your telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1f GDPR and, if applicable, Art. 6 para. 1b GDPR, if your request is aimed at the conclusion of a contract. Your data will be deleted after the final processing of your enquiry, provided that there are no legal storage obligations to the contrary. In the case of Art. 6 para. 1f GDPR, you can object to the processing of your personal data at any time.

5. Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your e-mail address as mandatory information. For the dispatch of the newsletter we use the so-called Double-Opt- in procedure. This means that we will only send you our newsletter by e-mail if you have expressly confirmed to us that you agree to receive our newsletter. In return, you will receive an e-mail with a link by which you can confirm that you, as the owner of the corresponding e-mail address, wish to receive newsletters in the future. With the confirmation you give us your consent in accordance with Art. 6 para. 1a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When you register for the newsletter, we store, in addition to the e-mail address required for sending the newsletter, the IP address by which you have registered for the newsletter, the date and time of your registration and confirmation for the newsletter. In this way we are able to trace possible misuse at a later date.

You can unsubscribe from the newsletter at any time using the link included in each newsletter or by sending an e-mail to the person responsible as described above. Once you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise legally permissible.

6. Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymization. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties. 

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/
https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection. 

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

7. Google Analytics Remarketing

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This feature allows you to link the ad target groups created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized for you on one device (e.g., mobile phone) based on your previous usage and surfing behavior can also be displayed on another of your devices (e.g., tablet or PC).

If you have given permission, Google will link your web and app browsing history to your Google Account for this purpose. This allows the same personalized advertising messages to be delivered on any device you sign in with your Google Account.

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to help define and create audiences for cross-device advertising.

You can permanently opt-out of cross-device remarketing/targeting by deactivating personalized advertising in your Google Account - follow this link: https://adssettings.google.com/anonymous

The summary of the data collected in your Google Account is based solely on your consent, which you can give or withdraw to Google (Art. 6 para. 1a GDPR). For data collection operations that are not merged into your Google Account (e.g. because you do not have a Google Account or because you have objected to the merging), the collection of data is based on article 6, paragraph 1, letter f) DPA. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.

Further information and the privacy policy can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/

8. HubSpot

We use HubSpot on our website for marketing activities. HubSpot is a software company from the USA with a branch office HubSpot Ireland Limited at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. We use this integrated software solution for our own marketing, lead generation and customer service purposes. These include email marketing, which controls the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies, which are small text files that are stored locally in the cache of your web browser on your device and allow us to analyze your use of the site. The information collected (e.g., IP address, geographic location, browser type, length of visit and pages viewed) is analyzed by HubSpot on our behalf so that we can generate reports about the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on servers of HubSpot's service providers. If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, the processing on this website is for the purpose of website analysis.

HubSpot does not transmit personal data of European citizens to countries or recipients whose provision of adequate protection of personal data is not recognized (in accordance with European data protection law), unless HubSpot takes all necessary measures in advance to ensure that the transmission is in accordance with European data protection law. To the extent that the Privacy Shield is revoked or declared invalid by a competent court, the parties acknowledge and agree to this: (i) HubSpot, Inc. is deemed to provide adequate protection for European data (as defined by European data protection laws); and (ii) in the event that HubSpot, Inc. is unable to meet this requirement, you will be informed accordingly.

You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings accordingly. You may object to the processing of your personal data at any time with effect for the future by sending an e-mail to hostmaster@recaro-automotive.com.

9. Social Media Appearances

I. Introduction

In the following, you will find information on how we handle your data, which are recorded through your use of our social media presence on social networks and platforms.

 

II. Providers

1. Facebook fan page

1.1 Controller
In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.

Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.

If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.

You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:

https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com 

For further details, please see Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/

1.2 Facebook’s Data Protection Officer
You can use Facebook’s online form to contact Facebook’s Data Protection Officer. To access it, please use of the following link: https://www.facebook.com/help/contact/540977946302970.

1.3 Data processing for statistical purposes using Page Insights
Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behaviour and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimised presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means.  


2. Other social media providers

2.1 Controller
If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time.

We are present on social media platforms of the following providers:

  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
  • Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland 
  • YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland 
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • XING SE, Dammtorstr. 29-32, 20354 Hamburg, Germany

2.2 Data Protection Officer
Information on how to contact the Data Protection Officer of the respective social media providers can be found here:

 

III. General information on social media platforms given by the RECARO Automotive GmbH 

1. Controller

Insofar as we process the data provided by you via social media, the following controller is responsible for data processing within the meaning of the GDPR:

RECARO Automotive GmbH
Stuttgarter Str. 73
70597 Stuttgart
Deutschland
E-Mail: info@recaro-automotive.com


2. Our Data Protection Officer

If you have any concerns about us processing your data, please contact our Data Protection Officer at the following contact details:

PROLIANCE GmbH / datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich, Germany
E-Mail: datenschutzbeauftragter@datenschutzexperte.de


3. General data processing on social media platforms 

3.1 Data processing for market research and advertising
Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL.  The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.

3.2 Data processing through making contact
We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized, when the regarding circumstances are clarified.

3.3 Data processing for the purpose of performing a contract or entering into a contract
If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contact. Please take into account, that it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of contract.

3.4 Data processing on the legal basis of consent
If the respective platform providers request you to consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time. 

 

IV. Data transfer and recipient

When visiting and using the above-mentioned platforms, personal data may be transferred to the U.S. or other third countries outside the EU, therefore further appropriate safeguards are required to ensure the level of data protection under the GDPR. Further information on whether and what suitable guarantees the providers can provide in this regard can be found in the list below.

We have no influence on the processing and handling of your personal data by the respective providers as well as we have no information on this matter. Please consider the privacy policy of the providers for further information:

Twitter

Instagram 

YouTube/Google

  • Privacy Policy: https://policies.google.com/privacy?hl=de&gl=en
  • Opt-out: https://adssettings.google.com/authenticated
  • By using YouTube, personal data is transferred to the U.S.. YouTube currently cannot provide any guarantees in accordance to the GDPR for a data transfer to the U.S.. Please note that such transfers of personal data without an adequacy decision and appropriate safeguards pose a risk to you. The risk is that due to legislation in the U.S., the personal data may be accessed by American authorities (in particular the intelligence services). Legal protection options or information on the handling of your data by the U.S. authorities are only possible to a very limited extent or not at all. A level of data protection in accordance with the regulations of the GDPR can therefore not be ensured.

LinkedIn 

XING 

10. Social Media links

Social networks (Facebook, Instagram, LinkedIn, Twitter and YouTube) are integrated on our website in the form of a Social Wall. Therefore, the latest Post on our Social Media channels are shown in this part of our Website via a link to the corresponding services. After clicking on the integrated text/image, you will be redirected to the page of the respective provider. Only after this redirection will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective data protection regulations of the providers you use.

11. Google Maps

Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps it is necessary to save your IP address. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

By using the service, personal data is transferred to the U.S. The legal basis for the transfer of your personal data to the U.S. is your consent in accordance with Art. 49 para. 1 s. 1 lit. a GDPR. Please note that such transfers of personal data without an adequacy decision and appropriate safeguards pose a risk to you. The risk is that due to legislation in the U.S., the personal data may be accessed by American authorities (in particular the intelligence services). Legal protection options or information on the handling of your data by the U.S. authorities are only possible to a very limited extent or not at all. A level of data protection in accordance with the regulations of the GDPR can therefore not be ensured.

Further information on the handling of user data can be found in Google's privacy policy:

https://www.google.de/intl/de/policies/privacy/

Opt-out: https://www.google.com/settings/ads/

12. Storage duration of personal data

The storage duration of personal data is determined by the relevant legal storage obligations, e.g. from commercial law and tax law. After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfilment or initiation of a contract, or if we have a legitimate interest in its further storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.

13. Your rights

The following is a list of the rights of the data subjects to which the data subject is entitled vis-à-vis the controller regarding the processing of their personal data:

Right to revoke consents granted pursuant to Art. 7 para. 3 GDPR. You have the right to revoke at any time, with effect for the future, any consent to the processing of data once granted. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent until revocation.

  • The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision making including profiling and, where applicable, meaningful information on the details of such data.
  • The right to demand, in accordance with Art. 16 GDPR, the immediate correction of incorrect or completion of your personal data stored with us.
  • The right, in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • The right to demand, in accordance with Art. 18 GDPR, the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
  • The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party.

The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you may contact the supervisory authority of the federal state of our registered office as stated above or, if applicable, that of your usual place of residence or place of work for this purpose.

14. Changes to our privacy agreement

We reserve the right to adapt this data protection declaration from time to time so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. The new data protection declaration then applies to your next visit.