The following sections contains information on the processing of your personal data by the Elektrobit Group and your rights according to the general data protection regulation (GDPR) and applicable data protection law. Which data are processed in detail and how they are used depends to a large extent on the services requested or agreed upon in each case.
Who is responsible
The Elektrobit Group consists of different legal entities, as shown here. This data protection information applies for the entire group, regardless which entity or entities are responsible for processing your data you can contact our data protection officer. Independent of this you can contact the Elektrobit Automotive GmbH with your request.
Data protection officer
To contact our data protection officer and data protection team please send an email to: dataprotection@elektrobit.com
Purpose of processing and legal basis
We process your data in accordance with the General Data Protection Regulation (GDPR) and for the following purposes:
In the event that you have given us your consent, we will use your data for the purposes stated in the declaration of consent (Art. 6 (1) (a) GDPR). We use your data to the extent necessary for execution of contracts and pre-contractual measures to provide our services and sale of products (Art. 6 (1) (b) GDPR). For the fulfilment of legal obligations under the law of the European Union or the law of a Member State (Art. 6 (1) (c) GDPR) we may also process your personal data.
We also use your data to the extent necessary if we or a third party have a justified interest in the processing (Art. 6 (1) (f) GDPR).
We pursue the following purposes and interests:
- Contract processing with third parties (such as your employer)
- Customer service within the scope of contract processing
- Internal forwarding of data for central process optimization
- Quality controls for product assurance and process improvement
- Controlling processes through statistical evaluations for cost control and process optimization
- Enforcement of legal claims and defence in legal disputes
- Guarantee of IT security
- Protection and investigation of criminal offences such as fraud and money laundering prevention
- Archiving of data
- Photographs and videos at events and trade fairs for company presentation and use of materials in newsletters and on websites
- Advertising for our products and services by mail, telephone and email within the scope of direct marketing campaigns
If we process your data on the basis of a legitimate interest, you have the right to object to the processing of your data for personal reasons. If we use your data for direct marketing, you have a general right of objection.
Categories of data
When you communicate with us, we may ask you to provide certain personal data voluntarily, e.g. name, company position, telephone number, mobile number, fax number, email address, credit card or other payment details, date of birth, account usernames, passwords, or gender. For example, we may ask you to provide some or all of this personal data when you subscribe to our marketing communications, purchase products or services, and/or submit enquiries to us.
Categories of recipients
Within our company, those departments receive your data that need it to fulfil our contractual and legal obligations. Also processors used by us may receive data for these purposes. Other forwarding to third parties will only take place if this is necessary for the execution of the contract, if there is a justified interest or a legal or official obligation or if you have given your consent. The following categories of recipients may receive your data:
- IT service provider for maintenance work, website, archiving, e-mail dispatch
- Authorities within the scope of their responsibilities and courts of law
- Insurances
- Chartered accountants, legal advisors, credit institutions, tax advisors
- Marketing agencies and market research institutes
- Logistics service providers and data destruction companies
- Group companies for the central administration of processes
- Event management service providers and printers
International data transfer
A data transfer to third countries (countries outside the European Economic Area – EEA) may occur for internal administrative purposes within the Elektrobit Group (https://www.elektrobit.com/about/locations/). Within the group each company is bound the by Binding Corporate Rules as safeguard for an appropriate data protection standard. You can obtain a copy of the Binding Corporate Rules by contacting our data protection officer.
Elektrobit, affiliated companies, our business partners and service providers operate from anywhere in the world. When handling your personal information, that information may be used, processed or stored anywhere in the world, including in countries that have a different level of protection regarding your privacy from your country of residence.
However, we have taken reasonable precautions to require that your personal information remains protected in accordance with applicable data protection law. These include, for example, the implementation of the European Commission’s standard contractual clauses or other safeguards.
Storage period
If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our business relationship is a continuing obligation which is designed for years.
In addition, we are subject to various legal storage and documentation obligations to comply with applicable legal, tax or regulatory requirements (e.g. from the German Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG) and the Money Laundering Act (GwG)). The periods for storage or documentation are usually up to ten years. In addition, we may have a legitimate interest in storage, such as the limitation periods under applicable law, which can be up to thirty years.
If your data is no longer required for the purposes mentioned or if its storage is inadmissible for other legal reasons, we will either delete it, make it anonymous, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), we will keep your personal Information secure and isolate it from any further processing until deletion is possible.
If we have processed data on the basis of your consent, we will delete this data after revoking your consent and insofar as no other storage obligations exist.
Is there an obligation to provide personal data?
In order to maintain a business relationship with us, only the data necessary for its implementation or to the collection of which we are legally obliged are required. As a rule, it is not possible for us to process a contract without this data.
Does profiling or automated decision making take place?
We partly process your data automatically with the aim of evaluating certain personal aspects (profiling) in order to optimise and personalise our marketing measures. Our offers are thus optimally adapted to your needs.
Your rights
You are entitled to the following rights under Chapter 3 of the DSGVO:
- Right to access – You have the right to obtain information about the data stored about you.
- Rectification – You have the right to request the correction of inaccurate and incomplete data concerning you.
- Erasure – You have the right to demand the deletion of the data stored about you if the legal requirements are met.
- Restriction of processing – You have the right to demand the restriction of future data processing under the legal conditions.
- Data portability – You have the right to receive data that we have received from you in a common format or to forward it to third parties.
- Objection – You have the right to object to any processing based on a legitimate interest for personal reasons. In the case of direct advertising, you have an unlimited right of objection.
- Revocation – If you have given us your consent, you can revoke it at any time with effect for the future.
- Complaint – You have the right to submit a complaint to a data protection supervisory authority.
Further information for specific cases
Information about data collection during the development of vehicle systems you can find here: https://www.elektrobit.com/data-protection-development/
Information for event participants and guests you can find here.