Data Protection Declaration

Personal data

Personal data is information relating to your person. This includes information such as your name, address, postal address and telephone number. Furthermore, when you visit our online presence further usage data is logged such as

• the IP address,
• the browser type and operating system of your PC,
• the website from which you are visiting us, and
• the date, time and the websites that you have visited
• the customer interactions during the visit of our website(s)
• customer interests
• contact details (e.g.: name, postal address, email address, phone number, fax number)

Personal data is only collected by the companies of the Webasto Group if it is generated automatically as part of the usage process or if you provide us with this voluntarily, for example when filling out a registration form, registering for personalized services or submitting an application.

Purposes of precessing

Your data entered in the form will be stored solely for the following purposes:

• for Webasto to meet your quotation request
• to register for the newsletter and to send you the newsletter
• to answer your inquiry
• to analyze anonymized user data for the purpose of expanding and improving our website

Legal basis

Based on your consent (Article 6(1) lit. a GDPR) 

If you have granted your consent to the processing of personal data for specific purposes (e.g. advertising measures for non-customers or the use of photographs), the lawfulness of this processing is established by virtue of this consent.  

A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. The withdrawal of a consent only takes effect for the future and does not affect the lawfulness of the data processed until this withdrawal.
 

For the fulfilment of contractual obligations (Article 6 (1) lit. b GDPR) 

Your data will be processed on the basis of Article 6 (1) lit. b GDPR for the purpose of performing and executing orders and contracts within the scope of the implementation of our contracts with our customers and suppliers or for the purposes of implementing pre-contractual measures which are taken at your request. This includes, in particular, concrete inquiries that we receive at events such as trade fairs. Furthermore, the relevant legal provisions apply to those processing operations that are necessary for us to be able to make our online services available to you.  

The purposes of data processing depend primarily on the specific product and/or service provided and may include, but are not limited to, demand analyses, consultations, purchase contracts and contracts for work and labor as well as regulatory requirements. Further details on data processing purposes can be found in the relevant contract documents and terms and conditions. 

Irrespective of established contractual relationships and your interest in our services, you also enter into a user relationship with us by visiting our online presence. The processing of usage data resulting from the visit of our online presence is also legitimized by Article 6 (1) lit. b GDPR.
 

Based on legal requirements (Article 6 (1) lit. c GDPR) 

In addition, as a company, we are subject to various legal obligations, i.e. statutory requirements (e.g., tax laws and other regulatory and statutory requirements). The purposes of processing include, among other things, creditworthiness checks, identity and age checks, fraud and money laundering prevention, compliance with control and reporting obligations under tax law, and the assessment and management of risks within the company. 

Within the scope of the balancing interests (Article 6 (1) lit. f GDPR) 

If necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. Due to the multitude of processing contexts that are theoretically conceivable, the following points should only be understood as a selection of the most practice-relevant situations. We can provide more detailed information within the framework of specific claims for information. This includes in particular

• the consultation of and data exchange with credit agencies to determine creditworthiness and default risks in our transactions
• the review and optimization of procedures for demand analyses for the purpose of direct customer approach,
• advertising or market and opinion research, unless you have objected to the use of your data,
• the recording and storage of contact data when business cards are handed over in the event of someone being interested in our services, e.g. at trade fairs,
• the enforcement of legal claims and defense in legal disputes,
• ensuring the company’s IT security and operation,
• the prevention and investigation of criminal offences, measures for business management and further development of services and products,
• risk management in the Webasto Group.

Transfer of personal data to third parties

We transfer your data to other companies in the Webasto Group for general administrative purposes in accordance with Article 6 (1) lit. f GDPR and to our authorized dealers and service partners if required in order to respond to your enquiry or to fulfil the contract.  

Webasto will of course be happy to support you in the context of a justified request to access or erase data by also forwarding the request to the service provider on your behalf. 

With regard to the transfer of data to recipients outside of our company, it should first be noted that we only transfer required personal data in compliance with the applicable data protection regulations. We are only allowed to transfer personal data if this is required by law, if the person concerned has consented to such or if we are otherwise authorized to do so. Under these conditions, recipients of personal data may be, for example:

• public authorities and institutions (e.g. tax authorities, criminal prosecution authorities) where there is a legal or official obligation,
• creditors or insolvency administrators enquiring within the scope of execution writs
• public auditors.

Data will not be transferred to any other third parties unless you have expressly consented to this.

Duration of data storage

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations.

If the data is no longer required for the fulfilment of our contractual or legal obligations, it is deleted at regular intervals, unless its – time-limited - further processing is necessary for the following purposes:

• compliance with obligations to preserve business records under commercial and tax law,
• Commercial Code, Fiscal Code, or other statutory laws. The periods for storage and documentation specified there are may vary between two to ten years.
• Preservation of evidence within the framework of the statutory statute of limitations. According to statutory laws, these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.

Your rights

You have the following statutory rights regarding the processing of your personal data: 

• the right of access to your stored personal data;
• the right to rectification;
• the right to erasure;
• the right to object;
• the right to restriction of processing;
• the right to data portability.

You can withdraw your consent to the processing of your personal data at any time. 

In addition, you have the right to appeal to the competent data protection supervisory authority in Bavaria (Article 77 GDPR). 

Should you no longer agree to the storage of your personal data or should this data have become inaccurate, we will, upon receipt of corresponding instructions, arrange for the deletion, amendment, or blocking of your data within the limits of the relevant statutory provisions. Upon request, you will receive information regarding all of your personal data that we have stored on you free of charge. If you have any questions regarding the collection, processing, or use of your personal data, for information, rectification, blocking, or erasure of data as well as for the use of further rights, please contact the Webasto Group Data Protection Officer (dataprotection@webasto.com) or the respective Webasto Group company in writing.

Links to other websites

Our online presence includes links to other websites. We do not have any influence over whether the operators of these websites comply with the relevant data protection regulations. So you should examine the data protection policies offered separately in each case. Nor do we have any influence whatsoever over the lawfulness of the contents of these websites. We therefore reject any responsibility for the contents of other websites.