Privacy Policy

Data Privacy Policy pursuant to the GDPR

Name and address of the controller

The controller as defined by the General Data Protection Regulation and other national data privacy laws of the Member States as well as other provisions relating to data privacy legislation is:

BORN2DRIVE Automotive GmbH

Julian Kiss
Candidplatz 11
D-81543 München
Deutschland
Tel.: +49 89 614697-0
E-Mail: info@born2drive.com

Name and address of the Data Protection Officer

BORN2DRIVE Automotive GmbH

Julian Kiss
Candidplatz 11
D-81543 München
Deutschland
Tel.: +49 89 6146970
E-Mail: info@born2drive.com

I. General information on data processing
1. Extent to which personal data are processed
In principle, we collect and use personal data of our users only to the extent that this is necessary in order to provide a functional website and also our content and services. Personal data of our users are generally only collected after the user has consented to this. An exception applies in those cases where it is not objectively possible to obtain prior consent and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data
Where we obtain the data subject’s consent for personal data to be processed, the legal basis for processing personal data shall be provided by Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR).
When processing personal data required for performance of a contract where the data subject is a contracting party, the legal basis shall be provided by Article 6 (1) lit. b GDPR. This shall also apply to processing activities which are necessary in order to carry out pre-contractual measures.
Where processing of personal data is required in order to fulfil a legal obligation incumbent on our company, the legal basis shall be provided by Article 6 (1) lit. c GDPR.
If vital interests of the data subject or of another natural person render the processing of personal data necessary, the legal basis shall be provided by Article 6 (1) lit. d GDPR.
If processing is necessary in order to safeguard a legitimate interest of our company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not override said interest, the legal basis for the processing shall be provided by Article 6 (1) lit. f GDPR.

3. Data erasure and period of storage
The personal data of the data subject shall be erased or blocked as soon the purpose of storage ceases to apply. Data may be stored beyond this point if this is permitted by the European or national legislator in regulations, laws or other provisions under Union law to which the controller is subject. The data shall also be blocked or erased if a storage period prescribed by the specified standards expires, unless continued storage of the data is necessary for the purpose of concluding or performing a contract.

II.Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is visited, our system automatically records data and information from the computer system of the computer which accessed the website.
The following data are collected in such cases:

This section must be adapted accordingly. Data which are not applicable must be removed, and any missing data must be supplemented.
(1)Information on the browser type and the version used
(2)The user’s operating system
(3)The user’s Internet service provider
(4)The user’s IP address
(5)The date and time of access
(6)Websites from which the user’s system accessed our website
(7)Websites which were accessed by the user’s system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of the data and log files is Article 6 (1) lit. f GDPR.
Purpose of data processing

3. The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session
Storage in log files is designed to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our IT systems. The data are not analysed for marketing purposes in this context. These purposes also include our legitimate interest in data processing pursuant to Article 6 (1) lit. f GDPR.

4. Duration of storage
The data shall be erased as soon as they are no longer required to achieve the purpose for which they were collected. If the data are collected in order to make the website available, this shall be the case when the respective session has ended. Where data are stored in log files, this shall be the case no later than after seven days. Data may be stored for a longer period. In such case, the IP addresses of users shall be erased or altered so that it is no longer possible to assign the requesting client.

5. Ability to object and have data erased
The collection of data in order to make the website available and the storage of the data in log files are essential for the operation of the website. The user shall therefore have no right of objection.

III. Use of cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files which are stored in the Internet browser and/or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string which enables clear identification of the browser the next time the website is accessed.
We use cookies to make our website more user-friendly. Some elements of our website require that it is possible to identify the calling browser even after a change of web page.
(1)non user related analysis of visited pages, clicking, actual visits
(2)frequency of visits of a page
(3)usage of website functions
The user data collected in this way are pseudonymised by means of technical measures. It is therefore no longer possible to assign the data to the user accessing the website. The data are not stored together with other personal data of users.
When accessing our website, users are informed about the use of cookies for analysis purposes by means of an info banner and are notified of this data privacy policy. In this connection, users are also informed about how to configure their browser settings in order to prevent the storage of cookies.
If the user’s consent is obtained before cookies which are technically not necessary are installed and called up:

Cookie Settings

When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this connection is obtained. In this connection, the user is also informed about this data privacy policy.

2. Legal basis for the processing of data
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

3. Purpose of data processing
If cookies which are technically necessary are used:
Cookies which are technically necessary are used in order to simplify the use of websites for users. Some features of our website cannot be provided without the use of cookies. For this, it is necessary that the browser is also recognised even after a change in website.
We require cookies for the following applications:
The applications are listed below.
(1) non user related analysis of visited pages, clicking, actual visits
(2) frequency of visits of a page
(3) usage of website functions
The user data collected by technically necessary cookies are not used to create user profiles.
These purposes also include our legitimate interest in the processing of personal data pursuant to Article 6 (1) lit. f GDPR.

4. Duration of storage, ability to object and have cookies removed
Cookies are stored on the user’s computer and transmitted by this computer to our website. As user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser you can deactivate or restrict the transmission of cookies. Cookies which have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all features of the website in full.

V. Plug-ins and Tracker

1. Data privacy policy for the use of Facebook plug-ins (like button)
Plug-ins of the Facebook social network, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our website. The Facebook plug-ins can be recognised by the Facebook logo or the “like button“ on our website. An overview of Facebook plug-ins can be found here: http://developers.facebook.com/docs/plugins/.
When you visit our website, a direct connection between your browser and the Facebook server is established via the plug-in. In this way, Facebook receives information that you have visited our website using your IP address. If you click on the Facebook “like button“ while you are logged in to your Facebook account, you can link the content of our website to your Facebook profile. This enables Facebook to assign the visit to our website to your user account. Please note that, as the website provider, we have no knowledge of the content of the transmitted data or of their use by Facebook. Further information on this can be found in Facebook’s data privacy policy at http://de-de.facebook.com/policy.php.
If you do not wish Facebook to be able to assign the visit to our website to your Facebook user account, please log out of your Facebook user account.

2. Data privacy policy for the use of YouTube
Our website uses plug-ins of the website YouTube, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages with a YouTube plug-in, a link to YouTube’s servers will be established. In this way, the YouTube server is notified as to which of our website pages you have visited.
If you are logged in to your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Further information on handling user data can be found in YouTube’s privacy policy at https://www.google.de/intl/de/policies/privacy

3. Data privacy policy for the use of GoogleAnalytics

Wir setzen auf Grundlage unserer berechtigten Interessen (d.h. Interesse an der Analyse, Optimierung und wirtschaftlichem Betrieb unseres Onlineangebotes im Sinne des Art. 6 Abs. 1 lit. f. DSGVO) Google Analytics, einen Webanalysedienst der Google LLC („Google“) ein. Google verwendet Cookies. Die durch das Cookie erzeugten Informationen über Benutzung des Onlineangebotes durch die Nutzer werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert.

Google wird diese Informationen in unserem Auftrag benutzen, um die Nutzung unseres Onlineangebotes durch die Nutzer auszuwerten, um Reports über die Aktivitäten innerhalb dieses Onlineangebotes zusammenzustellen und um weitere, mit der Nutzung dieses Onlineangebotes und der Internetnutzung verbundene Dienstleistungen, uns gegenüber zu erbringen. Dabei können aus den verarbeiteten Daten pseudonyme Nutzungsprofile der Nutzer erstellt werden.
Wir setzen Google Analytics nur mit aktivierter IP-Anonymisierung ein. Das bedeutet, die IP-Adresse der Nutzer wird von Google innerhalb von Mitgliedstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum gekürzt. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt.
Die von Ihrem Browser übermittelte IP-Adresse wird nicht mit anderen Daten von Google zusammengeführt. Sie können die Speicherung der Cookies durch eine entsprechende Einstellung Ihrer Browser-Software verhindern. Wir weisen Sie jedoch darauf hin, dass Sie in diesem Fall gegebenenfalls nicht sämtliche Funktionen dieser Webseite vollumfänglich werden nutzen können. Sie können darüber hinaus die Erfassung der durch das Cookie erzeugten und auf Ihre Nutzung der Webseite bezogenen Daten (inkl. Ihrer IP-Adresse) an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem sie das unter dem folgenden Link verfügbare Browser-Plugin herunterladen und installieren: Browser Add On zur Deaktivierung von Google Analytics
Weitere Informationen zur Datennutzung durch Google, Einstellungs- und Widerspruchsmöglichkeiten, erfahren Sie in der Datenschutzerklärung von Google (https://policies.google.com/technologies/ads) sowie in den Einstellungen für die Darstellung von Werbeeinblendungen durch Google (https://adssettings.google.com/authenticated).
Die personenbezogenen Daten der Nutzer werden nach 14 Monaten gelöscht oder anonymisiert.

VI. SSL encryption
For security reasons and in order to protect the transmission of confidential content such as, for example, the enquiries which you send to us as website operator, this website uses SSL encryption. You can recognise an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in the browser line.
If SSL encryption is activated, the data which you transmit to us cannot be read by third parties.

VII. Use of Google Maps
This website uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. In order to use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA, where it is stored. The provider of this website has no influence on this data transmission.
Further information on handling user data can be found in Google’s privacy policy at: https://www.google.de/intl/de/policies/privacy/

VIII. Newsletter

The following is designed to inform you about the content of our newsletter and also about the registration, dispatch and statistical analysis process, as well as your rights of objection. By subscribing to our newsletter, you declare your consent to receive the newsletter and to the described procedure.

Content of the newsletter
We only send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as “newsletter“) with the consent of the recipients, or if we are in possession of a statutory permit. Where a newsletter registration process specifically describes the newsletter contents, these are authoritative for the users’ consent. In addition, our newsletters contain information on …

Double opt-in and recording
Registering for our newsletter is based on a double opt-in process. This means that after registering, you will receive an email in which you are asked to confirm your registration. This confirmation is necessary to ensure that no one can register using third-party email addresses.

Newsletter registrations are recorded in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and time of confirmation, as well as the IP address. Changes to your data stored at MailChimp are also recorded.

Use of the mail-handling service provider “MailChimp”
The newsletter is sent via “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients and also their additional data described within the framework of this information are stored on MailChimp servers in the USA. MailChimp uses this information to send and analyse the newsletter on our behalf. In addition, MailChimp can, according to its own information, use these data to optimise or improve its own services, e.g. for technical optimisation of the dispatch process and presentation of the newsletter, or for commercial purposes in order to determine the countries from which recipients originate. However, MailChimp does not use the data of our newsletter recipients in order to contact these recipients itself or to forward the data to third parties.
We have confidence in MailChimp’s reliability and in its IT and data security. MailChimp is certified according to the US-EU data privacy agreement “Privacy Shield“ and thus undertakes to comply with EU data privacy requirements. We have also concluded a “data-processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process said data on our behalf in accordance with its data privacy provisions and in particular not to forward the data to third parties. MailChimp’s data privacy provisions can be viewed here.

Registration data
To register for the newsletter, you only need to provide your email address.
You may, if you so choose, provide your first name and surname. This information is used solely to personalise the newsletter.

Collection and analysis of statistics
The newsletters contain a “web beacon“, i.e. a pixel-sized file which is called up by MailChimp’s server when the newsletter is opened. When this web beacon is accessed, technical information such as information on the browser and on your system, as well as your IP address and time of access, are initially collected. This information is used for technical improvement of the services based on the technical data or on the target groups and their reading behaviour, according to their access locations (which can be determined using the IP address) or access times.
The statistical information collected also includes ascertaining whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be assigned to the individual newsletter recipients for technical reasons, it is not our intention, or that of MailChimp, to monitor individual users. Rather, the analyses are used by us to identify reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Online access and data management
In some cases we direct newsletter recipients to MailChimp’s website. For example, our newsletters contain a link which newsletter recipients can use to call up the newsletters online (e.g. in the event of display problems in the email program). Newsletter recipients can also subsequently correct their data (e.g. email address). In addition, MailChimp’s data privacy policy can only be viewed on its website.
In this connection, we would point out that MailChimp’s website uses cookies and that, as a result, personal data are processed by MailChimp, its partners and service providers used (e.g. Google Analytics). We have no influence over the collection of such data. Additional information is available in MailChimp’s data privacy policy. We would also inform you about ways in which you can object to the collection of data for advertising purposes on the website http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European region).

Termination/revocation
You may terminate the receipt of our newsletter at any time, i.e. revoke your consent. This will at the same time end your consent to its dispatch by MailChimp and to the statistical analyses. Unfortunately, it is not possible to revoke dispatch via MailChimp or the statistical analyses separately.
A link to cancel the newsletter is provided at the end of every newsletter.

IX. Rights of the data subject

If your personal data are processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:

1.Right to be informed
You can ask the controller to confirm whether personal data concerning you are processed by us.
If such processing applies, you can demand the following information from the controller:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom personal data have been or will be disclosed;
(4) the envisaged period for which personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing of personal data concerning you, or to object to such processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) where personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether personal data relating to you are transferred to a third party or to an international organisation. In such case you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right of rectification
You have the right to obtain from the controller the rectification of inaccurate and/or the completion of incomplete personal data concerning you. The controller must carry out the rectification without undue delay.

3. Right to restriction of processing
You have the right to demand the restriction of processing of your personal data where one of the following applies:
(1) if you contest the accuracy of the personal data relating to you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing of personal data is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
(4) you have objected to processing pursuant to Article 21(1) GDPR pending verification whether the legitimate grounds of the controller override your legitimate grounds.
Where processing of personal data relating to you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If restriction of processing was obtained pursuant to the above prerequisites, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure
a)Obligation to erase data
You can demand from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing was based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(4) the personal data concerning you have been unlawfully processed;
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b)Provision of information to third parties
Where the controller has made personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
c)Exemptions
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to be notified
If you have asserted your right vis-à-vis the controller to the rectification or erasure of data or the restriction of processing, the controller shall be obliged to communicate any such rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about those recipients.

6. Right to data portability
You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defence of legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data privacy law
You have the right to withdraw your consent under data privacy law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject and such law also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Competent authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA – Bavarian Data Protection Authority)
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.