1. Information obligations according to Art. 13 para. 1 EU-GDPR
Herewith we inform you according to article 13 Abs. 1, 14 und 22 of the EU-GDPR about our collection of personal data by the data subject.
1.1 Identity of the person responsible
CUBE brand communications GmbH
85080 Gaimersheim, Germany
1.2 Contact details of the data protection officer
CUBE brand communications GmbH
85080 Gaimersheim, Germany
1.3 Purposes of processing
Fulfilment of contractual obligations (Art. 6 para. 1 letter b GDPR)
Within the framework of the contractually agreed service, we process and transmit the data for the fulfilment of contractual services, payment processing, delivery of contractually ordered products and services, transmission of vehicle data to the manufacturer within the framework of order fulfilment and transmission of your contact data to other contractual partners within the framework of order fulfilment.
Consent (Art. 6 para. 1 letter a GDPR)
Based on your voluntary consent, we may transfer data and process data in accordance with the declaration of consent for the sending of information on products and campaigns, the transfer of your contact data to the manufacturer for direct marketing purposes, the transfer of data collected in the vehicle to the manufacturer for the keeping of a digital service record / repair history and for other purposes in accordance with the consent.
Legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)
We may also use your personal data on the basis of a weighing of interests to protect the legitimate interest of us or third parties. This may include: Direct advertising, video surveillance for the protection of domestic rights as protection against burglary and vandalism offences, transmission of customer and vehicle data to the manufacturer for product improvement / further development etc.
Compliance of legal obligations (Art. 6 para. 1 c GDPR)
We process and transmit your personal data, if this is necessary for the fulfilment of legal obligations. This may include receivables management, storage and retrieval obligations, otherwise legal obligations (e.g. German Anti Money Laundering Act), product monitoring/product monitoring, recall campaigns, etc.
1.5 Recipients of data
We pass on your personal data within our company to those areas that require this data to fulfil their contractual and legal obligations or to implement our legitimate interest.
In addition, the following parties may receive your data:
– Testing companies such as TÜV, DEKRA, KÜS, etc.
– Contract processors used by us (Art. 28 GDPR), service providers for supporting activities and other persons responsible within the meaning of GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external computer centres, support/maintenance of IT applications, archiving, document processing, bookkeeping and controlling, data destruction, purchasing/procurement, customer administration, letter shops, marketing, telephony, website management, tax consultancy, auditing services, credit institutions
– Public bodies and institutions where there is a legal or official obligation under which we are obliged to provide information, report or pass on data or where the passing on of data is in the public interest
– Bodies and institutions based on the legitimate interest of us or third parties (e.g. authorities, credit agencies, debt collection agencies, lawyers, courts, experts, group companies and bodies and supervisory bodies, subsidiaries, manufacturers)
– Other places for which you have given us your consent for the data transfer
1.6 Transfer to third countries
A transfer of your data to third countries outside the EU does not take place and is not planned.
2. Information obligations according to Art. 13 para. 2 EU-GDPR
2.1 Duration of processing
We process your data only as long as it is necessary for the fulfilment of our contract, for the fulfilment of given consents or for the fulfilment of valid legal regulations as well as the care of our relationship with you. We process data at most for 5 years after the last contact. We only process data for a longer period if this is necessary due to storage obligations.
According to legal requirements, business documents are stored for a maximum of 6 or 10 years and deleted at the end of the period.
2.2 Rights of the parties concerned
According to the EU-GDPR you are entitled to
➢ Information about the processing of your data
➢ Correction or deletion of your data
➢ Processing restrictions
➢ Opposition to the processing
➢ Data portability
➢ Revocation of your given consent with effect for the future
➢ Complaints to the data protection supervisory authority
Your competent supervisory authority
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
91522 Ansbach, Germany
2.3 Revocability of Consents
If you have agreed to a processing of personal data by consent, this can be revoked at any time. The revocation does not affect the lawfulness of the processing or other lawful processing carried out on the basis of your consent.
2.4 Right of appeal to the supervisory authority
We inform you that you can complain to a supervisory authority pursuant to Art. 77 EU-GDPR if you have the opinion that the processing of your personal data is unlawful.
2.5 Obligation to provide personal data
You only need to provide the data that is necessary for the execution of a contract. Without this data we will generally not be in a position to fulfil the contract agreed with you. If we also request data from you, you will be informed of the voluntary nature of the information separately.
2.6 Automated decision making and profiling
As soon as we, as the responsible body, carry out automated decision procedures in accordance with Art. 22 GDPR or other profiling measures in accordance with Art. 4 GDPR, we inform the affected person of the particular scope and desired effects of such procedures. This duty to inform extends to information on the logic or algorithm used for this purpose.
If you have any questions or wish to exercise your rights, please contact the responsible office or the data protection officer.