Privacy Policy

Data protection information in accordance with the EU General Data Protection Regulation

With this data protection declaration, we would like to inform you, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), about the processing of your personal data by us and about the rights to which you are entitled in this context.

Therefore, we hereby bring your attention to the following:

I. General Information

1. Who is the controller in regard to data processing and whom can I contact?

The controller is:
FFG Fahrzeugwerkstätten Falkenried GmbH
Lademannbogen 138
22339 Hamburg, Germany
Phone: +49 (0) 40 / 539 03 - 0
E-mail: info@ffg-hamburg.de

You can reach our company Data Protection Officer at:
Data Protection Officer of FFG Fahrzeugwerkstätten Falkenried GmbH
On the premises of Hamburger Hochbahn AG
Data protection unit
Steinstraße 20
20095 Hamburg, Germany
E-mail: datenschutzbeauftragter@hochbahn.de

2. What data do we process?

The term "personal data" refers to any information relating to an identified or identifiable natural person.

We process personal data that we receive from you in the course of our business relationship. Furthermore, to the extent necessary for the provision of our service, we process personal data that we permissibly receive from other third parties.

In addition to contract data, we process your communication data that we receive from any contact you have with us (e.g. e-mail, customer dialog). Furthermore, we process your personal data on an occasion-related basis in connection with online or print applications in the context of job offers.

We regularly process the following data:

  • Contract data (depending on the product and service, this includes name, address details, date of birth, telephone number, e-mail address, bank details, billing and payment data, photo)
  • Communication data (name, address, e-mail address, telephone number, if applicable)
  • Correspondence (e.g. correspondence with you)
  • Advertising and sales data (e.g. products potentially of interest to you)
  • Applicant data (name, address data, telephone number, e-mail address, date of birth, application documents)

3. What do we process your data for (purpose of processing) and on what legal basis?

Below, we would like to inform you, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), what we process your data for, and on what legal basis.

3.1. For the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)

The processing of your personal data takes place for the execution of contracts with you (subscription, purchase of products) or also already pre-contractual measures (e.g. application procedure).

3.2. Within the framework of the balancing of interests (Art. 6 para. 1 lit. f GDPR)

We also process your data, where necessary, to protect the legitimate interests of us or third parties. This is done, for example, for the following purposes:

  • Ensuring IT security and IT operations
  • Advertising or market and opinion research, unless you have objected to the use of your data.
  • Assertion of legal claims and defense in legal disputes
  • Consultations with and data exchange with credit agencies to determine creditworthiness and default risks
  • In connection with handling customer inquiries, etc.
3.3. Based on your consent (Art. 6 para. 1 lit. a GDPR)

Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of the processing is based on your consent. Consent given can be revoked at any time. This also applies to any consent granted before the entry into force of the GDPR, i.e. before May 25, 2018. . Please note, however, that the revocation is always effective only for the future.

3.4. Due to legal requirements (Art. 6 para. 1 lit. c GDPR)

We also process your data to fulfill legal obligations, e.g. for proof of retention periods under commercial or tax law. These include, for example, the German Commercial Code and the German Fiscal Code.

4. Who receives my data?

Within FFG Fahrzeugwerkstätten Falkenried GmbH, your data will be disclosed to those departments that need it to fulfill the stated purposes and legal bases. All corresponding employees are obligated to comply with the data protection framework at our company. Processors used by us may also receive data for these purposes. These are, for example, companies from the categories of IT services, financial service providers, document processing, archiving, file disposal, debt collection, consulting, marketing and sales.

Within the framework of separate contracts, the order processors are obligated to confirm and comply with all measures required under data protection law.

5. How long will my data be stored?

As your contractual partner, FFG processes and stores your personal data only for as long as is necessary to achieve the purpose of the processing or to fulfill its contractual and legal obligations.

If the data is no longer required for the fulfillment of contractual or legal obligations, the data is deleted, unless its (temporary) further processing is necessary for the following purposes:

  • Compliance with retention periods under commercial or tax law: These include, for example, the German Commercial Code and the German Fiscal Code. The periods of retention or documentation provided for there are up to 10 years.
  • Preservation of evidence under the statute of limitations: According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods are generally 3 years, but may in individual cases be as long as 30 years.

Data from applicants is usually deleted after 6 months. To enable us to contact you at a later date for other vacant positions, you have the option of giving us your consent to store your data for a total of 36 months in the online questionnaire or in writing upon request. After the aforementioned periods have expired, your information will be completely deleted (see III. Data Processing in the Applicant Management System).

6. What other data protection rights do I have?

Every data subject has the right to information according to Art. 15 of the GDPR, the right to rectification according to Art. 16 of the GDPR, the right to erasure according to Art. 17 of the GDPR, the right to restrict processing according to Art. 18 of the GDPR, and the right to data portability according to Art. 20 of the GDPR.

Furthermore, in accordance with Art. 77 GDPR in conjunction with Section 19 of the Federal Data Protection Act (BDSG), you have the right to lodge a complaint with a data protection supervisory authority.

You can contact the competent supervisory authority as follows:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany
Phone: +49 (0) 40 / 428 54 4040
E-mail: mailbox@datenschutz.hamburg.de

7. To what extent is there automated decision-making in individual cases

For the establishment and implementation of a business relationship, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

8. To what extent will my data be used for profiling?

We do not use automated processing to make a decision about the establishment and implementation of a contractual relationship or a business relationship.

9. Information concerning your right of objection

a. Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 f of the GDPR (processing of data on the basis of a balance of interests).

If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

b. Right to object to processing of data for direct marketing purposes

In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made without any formalities and should be addressed to the “controller" mentioned above under 1. FFG Fahrzeugwerkstätten Falkenried GmbH; Lademannbogen 138; 22339 Hamburg.

II. Data Processing on our Website www.ffg-hamburg.de

Thank you for your interest in our website and our services and products. The protection of your data and your privacy when using our website is very important to us. We would, therefore, like to inform you here, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), what personal data of yours is collected in relation to your visit to our website and for what purposes it is used.

The collection of your data occurs when you provide it to us yourself. In addition, for technical reasons, data is automatically collected when you visit our website.

1. Server log files

When you visit our website, data is automatically collected by the access provider. These mainly technical data serve internal system-related and statistical purposes and are logged by the access provider and stored as so-called "server log files". This usually includes the following data:

  • IP address of the requesting computer
  • Date and time of the request
  • Name and URL of the retrieved file
  • The amount of data transferred
  • Message about successful retrieval
  • Source / reference (referrer URL) from which the access was made
  • Browser used, operating system of your computer (if applicable) and the name of the requesting provider

However, no personal data is transmitted on your part, as the IP addresses of the visitors are only recorded in abbreviated (anonymized) form. The logged files are stored at the access provider for a maximum of 7 days.

The processing serves to ensure the security and administration of the website and is based on the legal basis of legitimate interest (Art. 6 para. 1 lit f) GDPR).

2. Applications

In addition, personal data is collected when you apply to us online via our career portal. Detailed information on this can be found at the bottom of this page under III. Data Processing in the Applicant Management System (onlyfy one).

3. Provider / Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 Telecommunications Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the Telecommunications Telemedia Data Protection Act (TTDSG). Your consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.

4. SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as applications or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Use of cookies, social plugins and analytics tools

No social plugins or analytics tools are used on our website. Cookies are only used if you apply via the career portal provided by talentsconnect AG.
(https://www.talentsconnect-ag.de/docs/privacy-en)

6. Google Web Fonts

Our website uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts used are installed locally. A connection to Google servers does not take place.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy.

7. Hyperlinks to external websites

This Privacy Policy only applies to the content of our website, but not to websites that can be accessed via external links. When we provide links, we strive to ensure that they also comply with our privacy and security standards. However, we have no influence on the compliance with data protection and security regulations by other providers. Therefore, please also become aware of the privacy policies of the websites of the other providers.

You can recognize external links on our web pages by the symbol "      ".

III. Data Processing in the Applicant Management System (onlyfy one)

Information on data protection

FFG Fahrzeugwerkstätten Falkenried GmbH uses the onlyfy one (by XING) service to process applications. This privacy policy informs you about the processing of your data.

onlyfy one

onlyfy one is part of New Work SE's comprehensive XING service, which aims to help improve and simplify users' working lives through a variety of different applications (onlyfy one as well as the XING social network, kununu, etc.) and to make the world of work more fulfilling for individuals and at the same time make companies even more successful. Onlyfy one, as part of the comprehensive XING service, is an online platform that brings talents and companies together. On or via onlyfy one, companies can publish job adverts, identify interesting talents (possibly also from the XING professional network), receive and manage applications and exchange information with talents and applicants. New Work SE supports this coming together of talents and companies on or via onlyfy one. This is done, among other things, by recommending talents and displaying them in the customer's company account, as well as by generating and providing recruiting-relevant information and analyses based on data that New Work SE processes in onlyfy one and, if necessary, in other XING applications or outside.

Shared responsibility

With regard to the interaction in the company account of FFG Fahrzeugwerkstätten Falkenried GmbH, there is a so-called joint responsibility of FFG Fahrzeugwerkstätten Falkenried GmbH and New Work SE in accordance with Art. 26 GDPR, as they jointly determine the purposes and means of processing within the meaning of Art. 4 No. 7 GDPR. The current version of the agreement on joint responsibility in accordance with Art. 26 GDPR, which New Work SE concludes with the companies that use onlyfy one, can be downloaded here as an attachment to the GTC https://www.xing.com/terms/onlyfy-one to find out about the essentials of the agreement.

Data processing by New Work SE

With regard to the data processing for which New Work SE is solely responsible or is responsible within the framework of joint responsibility with FFG Fahrzeugwerkstätten Falkenried GmbH, you will find more detailed information in XING's data protection declaration, https://privacy.xing.com/de/datenschutzerklaerung. There, you will also find the contact details of New Work SE and the company data protection officer of New Work SE.

Interruption of your online application

You can interrupt the creation of your online application at any time and continue at a later date. Cookies are used for this purpose. Data provided by you to create the user account, as well as uploaded documents, are recorded in the company account of FFG Fahrzeugwerkstätten Falkenried GmbH in onlyfy one. The data will remain recorded even if you interrupt and/or do not complete an application. In this case, your application will be marked as incomplete and the data will remainaccessible to FFG Fahrzeugwerkstätten Falkenried GmbH to a limited extent.

Visibility of your data

You can view, edit or update the data you provided as part of the online application in your candidate profile at any time.

Notes on special functions of onlyfy one

Calendar function

If the calendar function is used, your data will be processed as part of and for the purpose of making appointments in the application process. The legal basis is Art. 6 para. 1 lit. f GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is categorised as a secure third country on the basis of the European Commission's adequacy decision. You can find more information about Cronofy's data protection here:
https://www.cronofy.com/gdpr/ and
https://docs.cronofy.com/policies/privacy-notice/

Data processing by FFG Fahrzeugwerkstätten Falkenried GmbH

Below, you will find information from FFG Fahrzeugwerkstätten Falkenried GmbH regarding the data processing for which FFG Fahrzeugwerkstätten Falkenried GmbH is solely responsible or is responsible within the scope of joint responsibility with New Work SE.

We are pleased that you want to apply for a job at FFG Fahrzeugwerkstätten Falkenried GmbH. Transparency and trustworthy handling of your personal data is an important basis for good cooperation. Therefore, we would like to inform you about how we process your data and how you can exercise your rights that you are entitled to under the General Data Protection Regulation (GDPR). The following information provides you with an overview of the collection and processing of your personal data in connection with the implementation of the application process. Please read the following carefully before applying.

1. Data protection contact

If you have any questions about data processing , please contact: the data protection officer of FFG Fahrzeugwerkstätten Falkenried GmbH, available at:
datenschutzbeauftragter@hochbahn.de.

2. What is personal data?

According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Which data is processed?

The following data or categories of data are processed in order to carry out the application procedure:

  • Applicant master data (first name, last name, title, e-mail address, telephone number, address, date of birth, citizenship)
  • Qualification data (cover letter, letter of motivation, CV, previous activities, professional qualifications and competencies)
  • Voluntary information, such as an application photo, details of severely disabled status or other information that you voluntarily provide to us in your application or upload voluntarily
  • Additional questions depending on the respective tender (e.g. driver's license, citizenship)
  • The communication between you and us, as well as comments and evaluations written about you in the course of your application process
  • Other data/categories of data, e.g. publicly accessible, job-related data, e.g. a profile on professional social media networks such as XING or LinkedIn
  • Special categories of personal data: If you provide information in your application documents that contains special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. information that allows for conclusions to be drawn about your sexual orientation; information about your health; information that allows for conclusions to be drawn about your ethnic origin or your religion), we will also only process this data to the extent permitted by law.

4. For what purposes do we process your data and on what legal basis?

Data processing for the purposes of the employment relationship

Your personal data will be processed for the purposes of personnel selection to fill vacancies, i.e. to initiate an employment contract. The necessity and scope of the data collection are assessed, among other things, according to the position to be filled. If your intended position involves the performance of particularly confidential duties, increased personnel and/or financial responsibility, or is subject to certain physical and health requirements, more extensive data collection may be necessary. Your data may also be used to remind you to finalise your application. The legal basis is § 26 para. 1 of the German Federal Data Protection Act (BDSG).

Consent – Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR, § 26 para. 2 BDSG

If you have given us your voluntary consent to the processing of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases, we process your personal data on the basis of consent given by you:

  • For a longer period of data storage for our company i.e. we store the application documents in our company account beyond the current application procedure for consideration in later application procedures of our company.

If we base data processing on your consent, you have the right to revoke your consent at any time with effect for the future. If possible, please send the revocation by e-mail to datenschutzbeauftragter@hochbahn.de. The lawfulness of the processing of your data until the time of revocation remains unaffected.

Data processing based on legitimate interest – Art. 6 para. 1 lit. f GDPR

In certain cases, we process your data to protect a legitimate interest of ours or of third parties. A legitimate interest exists, for example, if your data is required for the assertion, exercise or defense of legal claims in the context of the application process (e.g. claims under the General Law on Equal Treatment). In the event of a dispute, we have a legitimate interest in processing the data for evidentiary purposes.

5. Who will your data be shared with?

Your data is mainly processed by our personnel department. In some cases, however, other internal and external bodies are also involved in the processing of your data.

Internal bodies can be specialised areas or departments or the works council of our company.

We use New Work SE as an external service provider. New Work SE, Strandkai 1, 20457 Hamburg, Germany, operates onlyfy one, the online platform we use to bring talents and companies together at . You can find more information about onlyfy one above.

If you apply via onlyfy one, your personal data will be recorded directly in onlyfy one. We can alsotransfer your datafrom us toonlyfy one in the event of a postal or e-mail application.

6. How long will your data be stored in our onlyfy one company account?

We store your personal data for as long as is necessary to make a decision about your application. Insofar as an employment relationship between you and us does not come about, we may also continue to store data insofar as this is necessary for the defense against possible legal claims. As a rule, your data will be deleted within six months of the end of the application process for our company .

If no employment relationship is established, but you have given us your consent for the further storage of your data ("applicant pool of FFG Fahrzeugwerkstätten Falkenried GmbH"), we will store your data until you withdraw your consent, but for no longer than three further years.If there is a specific reason, we may also store your data for a longer period of time for the purpose of defending against possible legal claims.

If you withdraw your application before the end of the application process, i.e. delete your data and your account, the stored data will be blocked for the period of the ongoing application process and deleted six months after the end of the application process for our company.

If you do not make any further changes to your candidate profile, such as completing a current application, starting a new application or changing the data of an existing application, your data will be deleted within six months of the end of the last active application process for our company.

If you no longer use your candidate profile and have not given your consent to longer data storage in our applicant pool, the data will be deleted within six months of the end of the application process for our company .

You can submit a deletion request for your candidate profile and your application documents at any time. After the deletion request has been made, you will be informed of the exact deletion date and your data will be automatically deleted in accordance with the conditions set out in this privacy policy.

7. What rights do you have in connection with the processing of your data?

You can request information about whether we have stored personal data about you. If you wish, we will tell you what the data is, the purposes for which the data is processed, to whom the data is disclosed, how long the data is stored and what other rights you have in relation to this data.

In addition, you have the right to have your data corrected or deleted. You may also request that we provide any personal data you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice.

You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. As part of the application process, we do not use exclusively automated processing for decision-making.

You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e GDPR (data processing in the public interest) or on the basis of Art. 6 para. 1 lit. f GDPR (data processing for the protection of a legitimate interest); this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In addition, there is a right of appeal to the competent data protection supervisory authority.

To exercise your rights, you can send an e-mail to the data protection officer, who can be contacted at:
datenschutzbeauftragter@hochbahn.de.

We will process your requests promptly and in accordance with legal requirements and inform you of the measures we have taken or will take.

8. Is there an obligation to provide your personal data?

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide the personal data. However, the provision of personal data is necessary for the implementation of the application process. This means that if you do not provide us with personal data when applying, we will not be able to carry out the application process.

IV. Data Processing on our Used Vehicle Platform

1. General information

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), the following information provides you with a simple overview of what happens to your personal data when you visit the used vehicle platform. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our Privacy Policy on the used vehicle platform listed below.

2. Who is the controller in regard to data processing and whom can I contact?

The controller is:
FFG Fahrzeugwerkstätten Falkenried GmbH
Lademannbogen 138
22339 Hamburg, Germany
Phone: +49 (0) 40 / 53903 - 0
E-mail: info@ffg-hamburg.de

You can reach our company Data Protection Officer at:
Data Protection Officer of FFG Fahrzeugwerkstätten Falkenried GmbH
at Hamburger Hochbahn AG
Data Protection Unit
Steinstraße 20
20095 Hamburg, Germany
E-mail: datenschutzbeauftragter@hochbahn.de

3. What data is processed and what do we process your data for (purpose of processing)

Your data is collected by you providing it to us. This may be data that you enter in our registration form:

a) Registration on this website

Registration on this website is necessary to use additional features on the site. The personal and company data collected (see Point 3. Registration) may be used by us for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is carried out for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b GDPR) or on the basis of your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

In order to view and bid on vehicles in the FFG vehicle market, you must have completed the registration process, which asks for the following data:

  • Username
  • E-mail address
  • Company
  • Street, house number
  • Postal code, city
  • Contact
  • Phone number
  • Commercial register excerpt / trade license

We do not share this data without your consent.

b) Technical data

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are in the so-called access log:

  • IP address
  • Directory protection log in
  • Date, time
  • Pages viewed
  • Protocols
  • Data volume
  • Referrer
  • User Agent
  • Retrieved hostname

The IP addresses are stored anonymously. For this purpose, the last three digits are removed. The anonymized IP addresses are kept for 60 days. Information about the directory protection log in used is anonymized after one day.

So-called error logs, which record erroneous page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

c) Cookies

  1. PHPSESSID
    This cookie is used to temporarily store an entry made by a user on the website in a form so that the entries can subsequently be transmitted.
  2. wordpress_logged_in
    This cookie is set when a user logs in via the WordPress backend. Therefore, it will be set only for registered and logged in users.
  3. wordpress_logged_in_ & wordpress_sec_
    This cookie is a pure session cookie and helps WordPress to keep users logged in.
  4. wordpress_test_cookie
    This is a test cookie from WordPress. The cookie serves purely to test whether cookies can be set at all.
  5. wp-settings-{time}-[UID]
    WordPress sets a few more cookies only for logged in users. These cookies change the view of the admin backend, for example. .

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR.

4. Who receives my data?

Within FFG Fahrzeugwerkstätten Falkenried GmbH, your data will be disclosed to those departments that need it to fulfill the stated purposes and legal bases. All corresponding employees are obligated to comply with the data protection framework at our company. Processors used by us may also receive data for these purposes. These are, for example, companies from the categories of IT services, financial service providers, document processing, archiving, file disposal, debt collection, consulting, marketing and sales.

Within the framework of separate contracts, the order processors are obligated to confirm and comply with all measures required under data protection law.

5. Storage period

Unless a more specific storage period has been specified within this Privacy Policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for the deletion of data or to revoke consent to any data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

6. What rights do you have regarding your data

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the rectification or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions on the subject of data protection.

a) Information, deletion and rectification

Within the framework of the applicable legal provisions, you have the right at any time to free information concerning your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to rectification or deletion of this data. You can contact us at any time with regard to this and other questions on the subject of personal data.

b) Right to the restriction of processing

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data has happened/is happening unlawfully, you may request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have filed an objection pursuant to Art. 21 para. 1 DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

c) Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

d) Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

e) Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy statement. If you object, we will no longer process your personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR).

f) Right of appeal to the competent supervisory authority

As a data subject, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR.

The competent supervisory authority in connection with the use of our used vehicle platform is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany
E-mail: mailbox@datenschutz-hamburg.de
Internet: https://datenschutz.hamburg.de

7. Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 Telecommunications Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the Telecommunications Telemedia Data Protection Act (TTDSG). Your consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.

8. SSL or TLS encryption

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

9. Google Web Fonts (local hosting)

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts used are installed locally. A connection to Google servers does not take place.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy.