The protection of personal data and the right to informational self-determination is an important matter for us.
1. The controller for the purposes of the EU General Data Protection Regulation (GDPR) is:
MAHLE Aftermarket Inc.
23030 MAHLE Drive, Farmington Hills, Michigan
2. Data protection officer:
Corporate Data Protection Officer
Dr. Alexander Deicke
3. Legal specifications
MAHLE is committed to strict compliance with the national and international laws and regulations to safeguard the right to informational self-determination.
We observe European regulations on data protection and privacy law and the national provisions that arise from them in collecting, storing, and processing personal data.
4. Collection and processing of your personal data
When you visit our websites, we automatically store on an anonymized basis the name of your Internet service provider, the website from which you visit us, the Web pages you visit when you are on our site, websites you visit from our site, and the date and duration of your visit. We may analyze and interpret this information on an anonymized basis. Further personal data are not collected or stored unless you expressly permit us to do so. Our data protection information applies exclusively to the use of our websites, not to your activities on the websites of social networks or other providers that you may be able to reach using the links on our websites. Please consult these providers’ websites for information on their privacy and data protection policies.
Where permissible by law, we disclaim any and all liability for damage and/or losses arising from the use of the linked websites.
We do not store other personal data unless you communicate these data to us, for example within the scope of a contact form, a survey, a prize competition, registration, or to perform a contract, and even in these cases we do so only to the extent that we are permitted to do so based on your consent or pursuant to the applicable legal provisions (see “Legal basis for processing”).
There is no legal or contractual obligation for you to provide your personal data. However, it is possible that certain functions of our website may depend on the provision of personal data. If you do not provide personal data in these cases, this may cause certain functions to be restricted or unavailable.
5. Purposes of processing of personal data
Your personal data are used only for the purpose for which you have voluntarily provided these data to us and to protect our IT systems against attacks and other unlawful actions. Should you have communicated further personal data to us, for example within the scope of a contact form, a survey, a prize competition, registration, or to perform a contract, we process these data for the purposes mentioned, for purposes of customer management and – to the extent necessary – for purposes of executing and billing for any business transactions, in each case in the scope necessary to that end. We obligate our employees and service providers to observe the strictest confidentiality.
6. Legal basis for processing
Where you have consented to our processing of your personal data, this consent constitutes the legal basis for the processing (point (a) of Article 6(1) GDPR).
Point (b) of Article 6(1) GDPR forms the legal basis for processing of personal data for the purpose of taking steps prior to entering into a contract or performing a contract with you.
Where the processing of your personal data is necessary to fulfill our legal obligations (e.g., to store data), we are authorized to do so pursuant to point (c) of Article 6(1) GDPR.
Beyond that, we process personal data for the purposes of the legitimate interests pursued by us or by a third party in accordance with point (f) of Article 6(1) GDPR. Maintaining the functionality of our IT systems, marketing our own and third-party products and services, and the legally required documentation of business contacts constitute such legitimate interests.
7. Disclosure of personal data to third parties
Except in the cases indicated separately, we share your personal data with third parties only if
· you have consented pursuant to point (a) of Article 6(1) GDPR,
· this is necessary for the performance of a contract with you pursuant to point (b) of Article 6(1) GDPR, or
· in the event that there is a statutory obligation of disclosure pursuant to point (c) of Article 6(1) GDPR.
· this takes place for the purposes of the legitimate interests pursued by the controller pursuant to point (f) of Article 6(1) GDPR. Examples include:
- Reviewing and optimizing procedures for analyzing demand for purposes of directly approaching customers
- Optimization and demand-driven design of the website
- Advertising or market and opinion research, to the extent that you have not objected to the use of your data
- Safeguarding our company’s IT security and IT operations
- Preventing and investigating criminal acts
- Measures for managing the business and further developing services and products
If personal data are transferred to a third country outside the European Economic Area (EEA) or to an international organization, this is stated separately.
8. Processing of personal data for the purpose of sending newsletters
We are happy to keep you informed of current news on the basis of your consent (point (a) of Article 6(1) GDPR) via the specific newsletter offered on the website.
For us to send out a newsletter, you need to provide us with the required information indicated (e.g., name and e-mail address). You can also enter and submit further information voluntarily. After you have communicated your e-mail address to us, you will receive an e-mail from us at the e-mail address you provided, asking you to click a confirmation link to verify the e-mail address you provided (known as a “double opt-in” process).
We will store your data only for purposes of sending out our newsletter. We will also store your IP address and the date when you registered so we have documentation that you signed up for the newsletter in case of any doubt. To measure our newsletters’ success, we also collect information on whether newsletters are opened, when they are opened, and which links are clicked.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in the newsletter footer.
9. Use of the contact form
When you contact us (e.g., via contact forms), we store your data for purposes of processing your inquiry (point (b) of Article 6(1) GDPR) and in the event that further correspondence should take place. Otherwise, your data are erased after your matter is processed. This does not apply to data for which there are statutory or otherwise stipulated obligations of storage.
a) “Strictly necessary cookies”
“Strictly necessary cookies” are essential to the basic functions of the website. These cookies cannot be deactivated. If you have disabled cookies in your browser, you may find that some functions are not available to you and/or the website does not display correctly. These cookies are:
Counts the number of sessions and assigns an anonymous identifier to each visitor.
Until the end of the session
Provides information on whether the user has confirmed the cookie notice.
Provides information on whether the user has confirmed the cookie notice.
You can also delete all cookies at any time by adjusting the settings on your device accordingly. This takes place as follows:
Most browsers are set to automatically accept cookies by default. You can change this default setting by activating the “do not accept cookies” setting in your browser.
You can delete existing cookies at any time. For details of how to do this, please see the instructions provided by the maker of your browser or device.
11. Use of Google Analytics
We use the “Google Analytics” Web analytics service on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses the analysis cookies noted above. The Google Analytics cookies are stored on the basis of point (a) of Article 6(1) GDPR. The data collected are anonymous to us as the operator of this website. We cannot draw any conclusions regarding users’ identity.
We have activated the IP anonymization function on this website. This means that Google truncates (shortens) your IP address within Member States of the European Union or in other states that are signatories to the Agreement on the European Economic Area before transferring it to the United States. Only in exceptional cases is the full IP address transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, compile reports on website activity, and provide the website operator with further services associated with the use of the website and of the Internet.
We have entered into a contract for processing of data with Google.
You can object to the processing of data by Google at any time by using the opt-out plugin: https://tools.google.com/dlpage/gaoptout or via the ad display settings: https://adssettings.google.com/authenticated .
Social media plugins connect the website with social networks such as Facebook, Twitter, and Google Plus. Social media plugins are integrated into websites. The content is shared in further social channels. These plugins are small buttons, including the Facebook “Like” button or the “Share” button of Twitter, Google, Instagram, etc. Activities on the part of users who are not logged in or members of these sites can also be tracked in this way. This is because user data are automatically shared with the social network channels that are represented on the page when these pages are accessed.
12. Use of YouTube
Our website uses embedded videos of the service “YouTube.” The service provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a platform that enables playback of audio and video files.
When you access a page of our website, the YouTube player embedded there establishes a connection to YouTube to ensure the technical transfer of the video or audio file. Data are transferred to YouTube when the connection to YouTube is established.
The use of
YouTube takes place in the interest of an appealing presentation of our online
offerings. This constitutes a legitimate interest within the meaning of point
(f) of Article 6(1) GDPR.
13. Visiting our online presence on social media
We maintain an online presence within social networks and on platforms in order to be able to communicate with the customers, potential customers, and users who are active there and inform them there about our services.
Please note that user data may be processed outside the territory of the European Union during the course of these activities. This may give rise to risks for users because it could be more difficult for users to assert their rights, for example.
Furthermore, users’ data are typically processed for market research and advertising purposes. For example, user behavior and the interests of users indicated by that behavior can be used to create use profiles. These use profiles can in turn be used to serve ads that are presumed to match users’ interests on and off these platforms, for example. For these purposes, cookies are typically stored on users’ computers, storing their use behavior and interests. Furthermore, data can also be stored in the use profiles independently of the devices used by the users (especially if the users are members of the platforms in question and are logged in there).
For detailed information on the relevant types of processing and the possibilities of objecting (opting out), please see the information from the providers that is linked below.
In the case of inquiries concerning access to information and the assertion of user rights as well, please note that it is most effective to raise these matters with the providers. Only the specific provider has access to users’ data and can take appropriate action directly and provide access to information. Should you still need help even after contacting the providers, please feel free to contact us.
We take organizational and technical measures to ensure that those of your data that we process are protected against manipulation, loss, destruction, and access by unauthorized persons. We adjust the security measures we take to this end to reflect the state of the art on an ongoing basis.
15. Erasure of your personal data
We erase your personal data as soon as the purpose for which we have collected and processed them ceases to apply. Storage takes place beyond that point in time only if this is necessary according to the laws, regulations, or other legal provisions of the European Union or a Member State of the European Union to which we are subject.
16. Rights of data subjects
Please note that as the data subject, you have the following rights in conjunction with the processing of your personal data:
· Right of access pursuant to Article 15 GDPR
· Right to rectification pursuant to Article 16 GDPR
· Right to erasure pursuant to Article 17 GDPR
· Right to restriction of processing pursuant to Article 18 GDPR
· Data portability pursuant to Article 20 GDPR
If you have consented to the processing of your personal data by us, you are free to withdraw your consent to the processing of your personal data at any time.
Finally, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you and to processing which is based on point (f) of Article 6(1) GDPR (data processing on the basis of weighing of interests). If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
The lawfulness of processing of your personal data up until the withdrawal of consent is not affected by the withdrawal thereof. Withdrawal of consent also does not affect the possible further processing of these data on a different legal basis, for example to meet legal obligations (see the section titled “Legal basis for processing.”)
If you consider that the processing of your personal data violates legal provisions, you have the right to lodge a complaint with a data protection supervisory authority with jurisdiction pursuant to Article 77 GDPR.
17. Contact person
If you have any questions regarding data protection at MAHLE or wish to exercise your right of access to information or to make declarations as a data subject, please contact our company’s Corporate Data Privacy (CY) department. You can reach this department by e-mail at email@example.com or use the official address of MAHLE International GmbH, Pragstraße 26-46, 70376 Stuttgart, Germany.
You can also reach our corporate data protection officer at the above address or firstname.lastname@example.org.