Data privacy statement

Version: June 2021

Auto-Kabel welcomes you to its web site and thanks you for your interest in our Company and our products. The following provides information, in compliance with the applicable data protection regulations, on the nature and extent of the personal data that we or service providers and third-party providers appointed by us collect within the framework of your visit to our web site.

 

A. General Information

1. Controller / Data Protection Officer

(1) Controller pursuant to Art. 4 Par. 7 EU General Data Protection Regulation (GDPR) is

Auto-Kabel Management GmbH

Im Grien 1, 79688 Hausen im Wiesental

Germany

Phone: +49 (0) 7622 / 3903 - 0

Fax: +49 (0) 7622 / 3903 - 400

E-mail: info@autokabel.com

hereinafter called "Auto-Kabel", "we" or "us".

Further information about the provider can be found in our legal notice.

(2) You can contact the in-house data protection officer as follows: datenschutzbeauftragter@autokabel.com or through our post address with the additional mention "Datenschutzbeauftragter".

 

2. Nature of the Processed Data, Categories of Data Subjects

2.1 Nature of the Processed Data

  • Contact data (e.g. e-mail, phone numbers)
  • Content data (e.g. text entries, photographs, videos)
  • Communication data and history
  • Meta-/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. visited web sites, interest in contents, access times).
  • Geo-localization (data indicating the location of the terminal of an end user).
  • Tracking data
  • Data within the framework of the use of JITSI (see section)

2.2 Categories of Data Subjects

  • Visitors and users of the web site
  • Customers, interested parties, suppliers
  • Videoconference participants
  • Applicants
  • Other communication partners

(All concerned persons are referred to hereinafter as "Users".)

3. Purpose of the Processing

We use your personal data

 

  • to make the web site and the online offer, its functions and contents, available
  • for support purposes
  • to conduct videoconferences
  • to manage and answer contact requests and for the communication with Users

·         to provide contractual services

  • for the assertion, enforcement, exercise or defense of and against legal claim(s) and legal dispute(s), as well as for the discovery, investigation and prevention of criminal offenses.
  • to implement safety measures

 

4. Provision of the Web Site and Log Files

(1) In case of a merely informational use of the web site, that is to say when you do not register nor send us information in any other way, we only collect the personal data transmitted automatically by your browser to our server. When you want to consult our web site, we collect the following data, which we need for technical purposes, to be able to display our web site on your terminal and ensure stability and security (legal basis is Art. 6 Par. 1 S. 1 point f) GDPR):

 

·         IP address

·         Date and time of the request

·         Time zone difference with respect to Greenwich Mean Time (GMT)

·         Content of the request (concrete page)

·         Access status/HTTP status code

·         Transmitted data volume

·         Web site having emitted the request

·         Browser

·         Operating system and its interface

·         Language and version of the browser software

·         Transmission protocol

 

(2) The IP addresses of the Users are deleted or anonymized when they have finished using the Web site. In case of an anonymization, the IP addresses are modified in such a way that details of personal or factual circumstances can no longer, or only with disproportionate investment of time, cost and labor, be attributed to an identified or identifiable natural person.

 

5. Cookies

(1) In addition to the previously mentioned log file data, cookies are stored on your computer when you use our web site. Cookies are small text files attributed to the browser you are using and stored on your hard disk and which provide certain information to the organization that set the cookie (here, to us). Cookies can neither run programs nor transmit viruses onto your computer. They serve the purpose of making the Internet offer globally more user-friendly and efficient, and they collect information for this purpose.

 

(2) Use of cookies:

 

a) This web site uses the following types of cookies, whose scope and operating mode are described below:

  • Session cookies (see b)
  • Persistent cookies (see c).

 

b) Session Cookies store a so-called session ID that allows assigning various requests of your browser to the common session. The session cookies are deleted automatically after 1 hour when you log out or when you close the browser. If you restart your browser and go back to the web site, the web site will not recognize you. You will have to log in again (if logging in is required) or you will have to set again templates and preferences, if the web site offers these functions. A new session cookie is then generated, which stores your information and remains active until you leave the site again and close your browser.

 

c) Persistent cookies are deleted automatically after a specified duration, which can vary according to the cookie. You can delete the cookies at any time in the safety settings of your browser.

 

(3) For which purposes are we using cookies?

We use cookies to personalize contents and displays, be able to offer functions for social media and analyze the accesses to our web site In addition, we transfer information about your use of our web site to our partners for social media, advertisement and analysis. Our partners possibly merge this information with further data supplied by you or collected by them pursuant to your use of the services. By continuing using our web site, you give your consent to our cookies.

 

(4) Overview

 

 

Purpose

Description

Storage duration

Technically required cookies

Technically required cookies allow using our web site by allowing basic functions such as page navigation and access to safe areas of the web site. The visit of our web site cannot function properly without these cookies.

Session Cookies - are erased when the browser is closed.

Performance (e.g. browser of the user) and preferences

When using our web site, cookies are used (e.g. to recognize the browser) to improve the performances (e.g. faster loading of contents). When you visit our web site, the country and language selection defined or chosen by you is stored in cookies in order to save you the need for a new definition on subsequent visits. First, a check is carried out to see whether your browser supports cookies, and this information is stored in a further cookie. Then, country and language-specific localized contact information is displayed, which is also stored. Legal basis for this is Art. 6 Par. 1 S.1 point f) GDPR.

Session Cookies - are erased when the browser is closed.

Security setting

Cookies from Cloudflare

·      __cfduid

·      Use: Safety settings for every single visitor (see section 10)

·      Exemplary value:         d798bf7df9c1ad5b7583eda5cc5e78331599407465

Persistent cookie
Run time: 1 year

 

 

(5) Control over cookies

You can configure your browser so as to be informed about the placement of cookies, to decide to accept cookies on a case-by-case basis, to exclude them for specific cases or completely, and to enable the automatic deletion of the cookies when closing the browser.. Deactivating cookies may limit the functionality of this web site.

 

 

6. E-mail Contact

(1) Auto-Kabel provides contact details to contact persons on its Web site. The legal basis for the processing of data transmitted within the framework of the submission of a contact request via e-mail is Art. 6 Par. 1 point f) GDPR. The processing of this data is necessary to protect your and our legitimate interests, in particular for responding to your request. If the e-mail contact aims at the conclusion of a contract, Art. 6 Par. 1 point b) GDPR is an additional legal basis for its processing. If the contact request aims at the initiation of an employment relationship, § 26 of the German Federal Data Privacy law will be an additional legal basis.

(2) The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. For the personal data from the input mask of the contact form and the data that has been transmitted via e-mail, this is the case when the conversation with the User is finished. The conversation is finished when the circumstances allow inferring that the concerned issue has been fully clarified.

 

7. Online Application

(1) Vacancies are advertised on our web site under the heading "Jobs". A contact person with contact data is designated for queries relating to the different positions. We collect, process and use your personal data to process your online application. Your online application data is transmitted via e-mail directly to the Human resources Department and is of course treated confidentially. Suitable technical and organizational measures make sure that your personal data is treated confidentially, within the legal requirements.

(2) When filling in your online application, please note that the data is transmitted unencrypted via e-mail and that it may possibly be consulted or even falsified by unauthorized parties. You can also send us your documents by post. If you applied for a specific position which has already been filled, or if we consider that you would be also or even more suitable for another position, we will be glad to forward your application within our Company. Please inform us if you do not agree to this way of proceeding. Upon completion of the application procedure, and at the latest after 6 months, your personal data is automatically deleted, unless you expressly agree to storage for a longer period of time.

 

8. Storage Duration

We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations. We delete your personal data as soon as it is no longer needed for the above purposes. Cookies will be deleted automatically according to section 5. It is possible that personal data may be stored for the period in which claims can be asserted against our companies (statutory limitation periods range from three up to thirty years). We will also store your personal data for as long as we are legally obliged to do so. The commercial, tax and social security legislation imposes corresponding documentation and retention obligations.

 

9. Automated Decision-Making

As a general rule, we refrain from fully automated decision-making or profiling pursuant to Article 22 GDPR for establishing and implementing a business relationship.

 

B. Data Processing by Third-Party Providers

10. Cloudflare

(1) This web site uses Cloudflare of the Cloudflare, Inc. company (101 Townsend St., San Francisco, CA 94107, USA) to make our web site faster and safer. For this purpose, Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the User and our hosting provider and they act as a reverse proxy for web sites.

(2) Cloudflare generally only transfers the data that is controlled by web site operators. Therefore, the contents are not determined by Cloudflare, but always by the web site operator himself. In addition, Cloudflare can under some circumstances collect determined information relating to the use of our web site and process data sent by us or for which Cloudflare has received appropriate instructions. In most of the cases, Cloudflare receives data such as contact information, IP addresses, safety finger prints, DNS protocol data and performance data for web sites, which have been derived from the browser activity. For example, protocol data helps Cloudflare to detect new threats. This way, Cloudflare can guarantee a high safety protection for our web site. Cloudflare processes this data within the framework of the services, in compliance with the applicable laws. This of course also includes the General Data Protection Regulation (GDPR).

(3) For safety purposes, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify single Users under a commonly used IP address and use security settings for every single User. This cookie becomes very useful for example if you visit our web site from a location in which there is a series of infected computers. But, if your computer is trustworthy, we can recognize this thanks to the cookies. So you will be able to surf without restriction in our web site despite infected computers in your vicinity. Also, it is important to know that this cookie does not store personal data. This cookie is absolutely necessary for the Cloudflare security functions and cannot be deactivated.

(4) Cloudflare mainly stores your information in the USA and in the European Economic Area. Cloudflare can transfer the information described above from the whole world and access it. In general, Cloudflare stores data at user level for domains in the Free, Pro and Business versions for less than 24 hours. For Enterprise domains, which have activated Cloudflare Logs (former Enterprise LogShare or ELS), data can be stored for up to 7 days. If IP addresses trigger security warnings at Cloudflare, exceptions may occur for the above-mentioned storage time.

(5) Data is processed on the basis of the EU standard contractual clauses (Cloudflare Data Processing Addendum).

 

11. Use of Jitsi Meet


(1) Jitsi is a collection of free software for IP telephony (VoIP), videoconferences and instant mes-saging. The Jitsi Meet platform is provided by Auto-Kabel. We host and operate Jitsi on our servers (self hosted).
(2) We process the following data categories:

  • User information: First name, surname, phone (optional), E-mail address, password (if "Single-Sign-On" is not used), profile picture (optional),
  • Meeting metadata: Subject, description (optional), participant IP addresses, device/hardware Information
  • When recording (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
  • For telephone dial-up access: Information about the incoming and outgoing call number, country name, starting and ending time. Possibly, other connection data such as the IP address of the device can be saved.
  • Text, audio and video data: You may have the possibility to use the chat, question or survey functions in an "online meeting". In this case the text entries made by you will be processed to display them in the "online meeting" and possibly to record them. To allow displaying the video and playing the audio, the data of the microphone of your terminal device and of the possible video camera of your terminal device are processed accordingly for the duration of the meeting. You can switch off or mute the camera of the microphone at any time via the "JITSI" application
  • Device/Hardware data: e.g. IP addresses, MAC addresses, clint version

To take part in an "online meeting" or to enter the "meeting room", you must at least state your name.
(3) The legal base for the processing is your consent pursuant to Art. 6 Par. 1 point a) GDPR.
(4) Personal data processed in connection with the participation in "online meetings" is basically not forwarded to third parties, unless it is expressly intended for this purpose. Please not that contents of "online meetings", as well as those of personal meetings, often are precisely intended to communi-cate information to customers, suppliers, interested parties or third parties and are therefore intended for forwarding.

 

C. Rights of the Data Subjects

12. Your Rights

If personal data originating from you is processed, you are the data subject within the meaning of the GDPR, and you have the following rights vis-à-vis us as the controller:

a)     Rights Pursuant to Art. 15 ff. GDPR

The data subject has the right to require from the responsible a confirmation whether personal data concerning him/her is processed. If this is the case, the data subject has a right of access to this personal data and to the information specifically listed in Art. 15 GDPR. Under certain legal conditions you have the right to rectification pursuant to Article 16 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to erasure ("right to be forgotten“) pursuant to Article 17 GDPR. You moreover have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format (right to data portability) pursuant to Article 20 GDPR, provided the processing is carried out by automated means and is based on consent pursuant to Article 6 Par. 1 point a) or Article 9 Par. 2 point. a) or on a contract pursuant to Article 6 Par. 1 point b) GDPR.

b)     Revocation of a Consent Pursuant to Art. 7 Par. 3 GDPR

If processing is based on a consent, you can at any time revoke the consent you have given to us to process personal data. Please not that the revocation will only apply for the future. Processing carried out prior to the revocation will not be concerned.

c)     Right to File a Complaint

You have the possibility to file a complaint with us or with a data protection supervisory authority (article 77 GDPR). The supervisory authority competent for the Auto-Kabel management GmbH headquarters located in Hausen in Baden-Wuerttemberg is: der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
(The State Data Protection and Freedom-of-Information Officer), Postfach 10 29 32, 70025 Stuttgart, phone: 0711/615541-0, fax: 0711/615541-15, e-mail: poststelle@lfdi.bwl.de.

d)     Right to Object Pursuant to Article 21 GDPR

In addition to the above-mentioned rights, you have a right to object, as follows:

 

Case-by-Case Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Article 6 Par. 1 S. 1 point e) GDPR (data processing in the public interest) and Article 6 Par. 1 S. 1 point f) GDPR (data processing on the basis of a weighing of interests). Where you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for this processing, which override your interests, rights and freedoms, or unless the processing serves for the establishment, exercise or defense of legal claims.

 

D. Final Provisions

13. Security

(1) We have taken technical and organizational security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and all third parties involved in data processing are obliged to comply with the requirements pursuant to the GPDR and to handle the personal data confidentially.

(2) In case personal data is collected and processed by means of contact forms, the transfer of this information will be encrypted in order to prevent misuse of this data by third parties. Our security measures are revised on an ongoing basis in accordance with the technical development.

 

14. Changes to our Data Privacy Policy

We reserve the right to change our security and data protection measures, as far as this becomes necessary because of the technical development. In such cases, we will also adapt our Data Privacy Statement accordingly. Please always take note of the latest version of our Data Privacy Statement.