Privacy notices
Privacy notice
Last updated: 23rd June 2022
We are delighted that you are interested in our website. We take the protection of personal information very seriously and pay close attention to this aspect in our online activities. The processing of your personal information by Brose takes place in compliance with statutory requirements and – if necessary – based on your consent. The most important statutory basis for this is the European General Data Protection Regulation (GDPR) . We also comply with all other applicable data protection legislation, in particular Germany’s Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Telemedia Act (Telemediengesetz, TMG).
In the following we would like to inform you in detail about the applicable legal requirements, particularly those of the GDPR, concerning the processing of your personal data when you visit our website.
1. Controller
You are on the website “brose.com”. Brose Fahrzeugteile SE & Co. Kommanditgesellschaft, Coburg (“Brose”), Max-Brose-Str. 1, 96450 Coburg is responsible (the “controller”) for data processing associated with your use of the website.
2. Visiting pages on brose.com
- For what purposes do we process your data?
When you visit our website, your browser contacts our web server to retrieve the pages you wish to visit. You generally do not need to register or identify yourself to use this function. However, our server uses your IP address to allocate requests and responses, which could potentially be used to identify you.
In particular, personal data such as your IP address is transmitted to our web server as part of an HTTP/S call. This connection data is processed by our web server to allow access to the website. In some cases form data may also be processed containing data you have entered.
In addition, the respective HTTP/S calls are logged in a log file. We use this file for technical troubleshooting as well as to block and resolve attacks on our systems. We also utilize the already saved log files to create reports that we use to optimize our websites. The actual analysis is always anonymous, i.e. through a pooling of call data and thus it is no longer possible to use the data to identify a person. - On what legal basis do we process your data?
The legal basis of any processing of your data that takes place depends on the specific purpose of your visit:
- When you visit our website to initiate contracts or business relationships with us, the legal basis for the processing of your data is Art. 6 para. 1 (b) GDPR (initiation or performance of a contract).
- Also, as a general rule, processing takes place based on our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. Our legitimate interest is to operate a website for general information and communication purposes as well as to present our company.
Processing of log files takes place as a general rule based on our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. Our legitimate interest is to protect our plants and systems against attacks and, if necessary, to take legal action against attackers as well as to continue to develop our websites for commercial purposes. - Is there an obligation for you to provide your data and what happens if you choose not to?
It is not possible to use this website or its forms without processing your connection or form data. - Is your data shared with anyone? Or, who participates in the processing of my data?
As a general rule, processing is automatic. Our IT department has access to the log files. The competent internal departments use these files for the above mentioned purposes and, if necessary, the data is also transmitted to external recipients (in particular law enforcement agencies to prosecute attacks).
The visitor log files are stored at our CDN provider Akamai Technologies GmbH (Parkring 20 - 22, 85748 Garching, Germany). - How long is your data stored?
The log files are stored for 14 days. All other data is deleted immediately after executing the HTTP/S call.
You can find more information on data protection and the processing of personal data concerning you by Akamai here .
3. Contact form, communication by email
- For what purposes do we process your data?
On our site we offer the possibility to contact us by email and/or via a contact form. In this case the information you provide is stored for the purpose of processing your contact request and for any follow-up questions. If you contact us with a request or we contact you, we also process your personal data such as your name, address, phone number and the content of the communication for the purpose of exchanging information with you. - On what legal basis do we process your data?
The processing of your data as part of communication via the contact form or by email takes place on the basis of Art. 6 para. 1 (b) GDPR, provided the exchange is in conjunction with the initiation or performance of a contract with you.
For the remainder, the legal basis depends on the purpose of the exchange; Art. 6 para. 1 (f) GDPR (our legitimate interest, business correspondence or, for example, to answer requests related to data protection) will apply in most cases. - Is there an obligation for you to provide your data and what happens if you choose not to?
Your are not required to provide your data. However, communication by email or via the contact form is not possible without processing your personal data. - Is your data shared with anyone? Or, who participates in the processing of my data?
We only share your data internally with the department that is responsible for your request. In some cases, it may also be forwarded to another Brose Group company.
In order to provide forms on our website and to ensure a smooth process, we use the services of Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT UTRECHT. The use of Zoho services is regulated by a contract for order processing according to Art. 28 DSGVO. - How long is your data stored?
Your personal data is deleted when it is no longer required for the exchange of information with you. In some cases the data may be held longer on the basis of Art. 6 para. 1 (c) GDPR in conjunction with the applicable statutory retention periods (in particular in accordance with trade, tax and revenue law). In the case of business correspondence, this is usually six to ten years after the end of the year in which it is received.
For more information on data protection and the processing of personal data concerning you by ZOHO, please click here.
4. Cookies
Like virtually every other website, we use cookies and similar technologies. A cookie is a small text file consisting of letters and numbers that is stored on your device when you visit a website. A cookie contains information that is stored when you visit this website on your computer or mobile device for the duration of your visit (“session cookies”) or for a longer period of time (“permanent cookies”). When you visit pages on this website, our system – or another website that recognizes this cookie – can query the cookie. This makes it possible to distinguish your device from other devices when you visit our website.
More specifically, these cookies or similar technologies make it possible to save your user preferences or credentials for the duration of your visit or until your next visit or, for example, to offer you shopping cart or application functions across multiple pages of our website. Moreover, we use specific cookies to collect information about how visitors use our website, e.g. which pages were visited and the duration of the visits. Pseudonymized user profiles may be created for this purpose.
We use cookies on your website brose.com as part of the following processing operations:
Cookie settings
You can access the:
Cookie settings
Assuming your consent
We use optional cookies only with your prior consent (Art. 6 para. 1 lit a DSGVO). If you visit our website for the first time, a banner will appear on our website asking for your consent regarding the use of optional cookies. If you give your consent to this, we store a cookie on your computer and the banner is not displayed again for the lifetime of the cookie. Thereafter, or if you actively delete this cookie beforehand, the banner will be displayed again the next time you visit our website in order to obtain your consent again.
With your consent, you also agree to automatic data transfer to third countries. These third countries may be countries where there is no adequate level of data protection, which means, for example, that your data processing rights are no longer enforceable.
How to prevent the use of cookies?
Of course, you can also use our website without cookies. You can configure the use of cookies in the settings of your browser at any time or disable them completely. However, this may lead to restrictions in the functions or user-friendliness of our offer.
You can object to data processing and the use of cookies at any time with future effect in accordance with Section 15 (3) of the German Telemedia Act (TMG) or Article 21 (1) of the German Data Protection Act (DSGVO) or revoke your consent in accordance with Article 7 (3) of the DSGVO.
4.1 Technically required cookies
- For what purposes do we process your data?
We use Amazon Web Services (Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109) as the provider for the basic functions of our website and we use the service provider Haufe-Lexware Service GmbH & Co. KG (Frauenhoferstr. 5, 82152 Planegg, Germany) for our applicant portal.
For the purpose of delivery, acceleration, these providers use technically necessary cookies. These contain anonymous / pseudonymous session data.
To store your cookie settings, we set the cookie "_2BCookieSettings".
This is necessary to keep your cookie settings for the next visit.
- On what legal basis do we process your data?
Data processing and the required storage of cookies takes place based on our legitimate interests as per Art. 6 para. 1 (f) GDPR. Our legitimate interests relate to the smooth and accelerated display of our web content on brose.com and thus serve our business interests to operate a website for general information and communication purposes as well as to present our company.
Your cookie settings are stored in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO. - Is your data shared with anyone? Or, who participates in the processing of my data?
Your session data is passed on to Amazon and Haufe-Lexware, where it is automatically processed on our behalf. - How long is your data stored?
Your session data is stored by the cookies of Amazon and Haufe-Lexware only for your visit to the website and then automatically deleted (so-called session cookies). - Is there an obligation for you to provide your data and what happens if you choose not to?
Use of the website is not possible without the processing of this session data.
More information about privacy and the processing of your personal data by Amazon is available
here
.
More information about privacy and the processing of your personal data by Haufe-Lexware is available here.
4.2. Comfort Cookies
- For what purposes do we process your data?
Comfort cookies allow a website to store information that changes the behavior or appearance of the website, such as your preferred language or the region you are in. - On what legal basis do we process your data?
The data processing and storage of cookies required for this is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. - How long is your data stored?
See table "Comfort cookies“.
4.3. Plugins-Cookies
- For what purposes do we process your data?
We set cookies to detect whether you have agreed to the use of third-party plugins. In this case, data from these third-party providers is loaded directly when you visit the respective page and data is transmitted to these third-party providers (e.g. IP address). The data transfer may also take place to unsafe third countries. Here we cannot guarantee that a level of data protection is maintained that is comparable to the EU’s level. - On what legal basis do we process your data?
The data processing and storage of cookies required for this is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. - How long is your data stored?
See table „Plugins cookies“.
4.3.1 Plugin GoogleMaps
- Who is the controller for the Google Maps service?
Our website uses a map service called “Google Maps”. We have marked Brose group locations on Google Maps and embedded this map on our website under “Company/Locations”. Controller under data privacy protection laws: Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). We have no access to the data that Google collects in the scope of this map service. Google is solely responsible for any data processing that takes place.
Nevertheless, in order to be as transparent as possible, we would like to provide you with some information on how data is processed in connection with the Google Maps service.
For more information, please see Google’s privacy statement at policies.google.com/privacy. - What is the purpose of the Google Maps service?
We have marked the location of the Brose Group on Google Maps and embedded this map on our website under “Company/Locations” in order to enable visitors to find our locations quickly and to make our website as appealing as possible. - On what legal basis do we process your data?
Before our website contacts GoogleMaps, we obtain your consent pursuant to Art. 6 (1) lit. a DSGVO. This consent is given either by agreeing to the setting of the cookie "dsgvo_googlemaps_confirmed" or by clicking on the embedded map. - Is there an obligation for you to provide your personal data and what happens if you choose not to?
You are not required to provide your personal data. However, if your personal data cannot be processed, you will not be able to use our website brose.com or the Google Maps service embedded on our website. - Is your data shared with anyone? Or, who participates in the processing of my data?
We do not have any access to your personal data in connection with the Google Maps service, and we do not share any information with third parties. For more information on how Google, the controller, may share your personal data, please see Google’s privacy statement at policies.google.com/privacy. - Is your data shared with a third country or an international organization?
We will not transmit the personal data you share in connection with the Google Maps services with a third country or international organization. If the Google Maps service connects with the servers of Google, the controller, and your personal information is transmitted in the process, then further information on this is available in Google’s privacy statement at policies.google.com/privacy. - How long is your data stored?
We do not store any personal data in connection with the Google Maps service. For more information on how Google, the controller, may store your personal data, please see Google’s privacy statement at policies.google.com/privacy.
4.3.2 Plugin Brightcove
- For what purposes do Brightcove process your data?
We use videos to showcase our company and products. These are stored for fast delivery on servers of the company Brightcove, Inc. (290 Congress Street, 4th Floor, Boston MA 02210, USA).
When the videos are delivered, Brightcove stores usage data (server log files). - On what legal basis do we process your data?
Before our website contacts Brightcove, we obtain your consent pursuant to Art. 6 (1) lit. a DSGVO. This consent is given either by agreeing to the setting of the cookie "dsgvo_brightcove_confirmed" or by clicking on the embedded video. - Is there an obligation for you to provide your data and what happens if you choose not to?
You are not obliged to provide your personal data. However, without the processing of your personal data, the use of videos on brose.com is not possible. - Is your data shared with anyone? Or, who participates in the processing of my data?
The above-mentioned usage data is shared with Brightcove for the delivery of the videos. - Is your data shared with a third country or an international organization?
Brightcove is an international corporation. By consenting to use Brightcove, you also consent to the transfer of your usage data to third countries. - How long is your data stored?
The usage data on Brightcove's servers is automatically deleted after 42 days.
For more information about Brightcove's privacy practices and the processing of personal data about you, please click here .
4.3.3 Plugin Facebook
- Who is the provider for the Facebook-Plugin?
The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries. - What is the purpose of the Facebook-Plugin?
We use this plugin to display content from Facebook within our website.
You can find an overview of the Facebook plugins here . - What data is collected?
Brose does not collect any data through the plugin. However, a direct connection between your browser and the Facebook server is established via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy here .
If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account. - On what legal basis do we process your data?
Before our website contacts Facebook, we obtain your consent pursuant to Art. 6 (1) lit. a DSGVO. This consent is given either by agreeing to the setting of the cookie "dsgvo_facebook_confirmed" or by clicking on the embedded plugin. - Is there an obligation for you to provide your data and what happens if you choose not to?
You are not obliged to provide your personal data. However, without the processing of your personal data, it is not possible to use the Facebook plugin on brose.com. - Is your data shared with a third country or an international organization?
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here and here . - How long is your data stored?
Unfortunately, we cannot make any statement about how long Facebook will store your data collected via the plugin.
4.3.4 Plugin Twitter
- Who is the provider for the Twitter-Plugin?
The provider of this service is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02AX07, Ireland. - What is the purpose of the Twitter-Plugin?
We use this plugin to display content from Twitter within our website. - What data is collected?
Brose does not collect any data through the plugin. However, the plugin makes it possible to use Twitter and the "Re-Tweet" function. This links the websites you visit with your Twitter account and makes them known to other users. Data is also transferred to Twitter in the process. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter's privacy policy here .
You can change your privacy settings on Twitter in the account settings here .
If you do not want Twitter to be able to associate your visit to this website with your Twitter user account, please log out of your Twitter user account. - On what legal basis do we process your data?
Before our website contacts Twitter, we obtain your consent pursuant to Art. 6 (1) lit. a DSGVO. This consent is given either by agreeing to the setting of the cookie "dsgvo_twitter_confirmed" or by clicking on the embedded plugin. - Is there an obligation for you to provide your data and what happens if you choose not to?
You are not obliged to provide your personal data. However, without the processing of your personal data, it is not possible to use the Twitter plugin on brose.com. - Is your data shared with a third country or an international organization?
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here . - How long is your data stored?
Unfortunately, we cannot make any statement about how long Twitter will store your data collected via the plugin.
4.4 Statistics cookies
- For what purposes do we process your data?
We use the “etracker” service, which enables data traffic analysis for our website (web analytics). This helps us continuously improve the information and the design of our website. We use etracker for various purposes such as to analyze which sections and subpages of our website were visited – and how often and for how long – and where our users come from (other websites).
etracker GmbH (Erste Brunnenstraße 1, 20459 Hamburg, Germany) processes different usage data for this purpose and assigns an anonymous identifier to it. Additionally, certain information of the operator of website from which you came to us (in particular the URL of the previous page, any related search engine, any related search terms) may be processed. This usage data is used to create non-personalized reports on the use of our website. - On what legal basis do we process your data?
Data processing and the required storage of cookies takes place based on your consent as per Art. 6 para. 1 (a) GDPR. - Is your data shared with anyone? Or, who participates in the processing of my data?
Your usage data is shared with etrackerGmbH where it is automatically processed on our behalf. In principle, analysis options are used only internally by our IT and marketing department. - How long is your data stored?
See table "Statistics cookies".
4.5. Marketing cookies
4.5.1 Using of Dynamic Yield
- For what purposes do we process your data?
The recommendation tool of Dynamic Yield (Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, England RG7 1NT) is used to optimize our website to turn your visit into a personalized experience with recommendations and content specifically tailored to your preferences. To do this we use the page content you previously accessed to recommend similar or thematically related products or other content that might be relevant to you.
Dynamic Yield processes different usage data for this purpose. Cookies are used exclusively to save pseudonymized information under a randomly generated ID (pseudonym). Your IP addresses are only saved in anonymized form in the process. This means that it is not possible to associate the data to any particular user and that it cannot be (re)stored at a later time. - On what legal basis do we process your data?
Data processing and the required storage of cookies takes place based on your consent as per Art. 6 para. 1 (a) GDPR. - Is your data shared with anyone? Or, who participates in the processing of my data?
Your usage data is shared with Dynamic Yield where it is automatically processed on our behalf. In principle, analysis options are used only internally by our IT and marketing department. - How long is your data stored?
See table "Marketing-cookies".
More information about privacy and the processing of your personal data by Dynamic Yield is available here .
5. Applicant portal
We offer you the opportunity to apply for a job at Brose on our homepage.
The cookies required for the delivery of the portal can be found in our cookie declaration. In addition, the information provided regarding the storage of metadata and its deletion period is complied with as stated above.
Information on how Brose handles your applicant data can be found here.pdf .
6. Data security
We secure our website and other systems with up-to-date technical and organizational measures to prevent your data from being lost, destroyed, accessed, modified or disseminated by unauthorized persons. When sending personal data, we make use of encryption technology to ensure extremely high levels of confidentiality. Our servers use various security mechanisms and permission processes to make unauthorized access difficult. You should keep your access information secret at all times and close your browser window once you have finished communicating with Brose. This will ensure that no one apart from you can access your personal data if you share your computer with other people.
7. Your rights
If our company processes your personal data you have the following rights within the respective legal scope:
- Right of access, especially to obtain information from the controller concerning the personal data its stores and how it is processed (Art. 15 GDPR),
- Right to rectification of inaccurate or incomplete data (Art. 16 GDPR),
- Right to erasure, e.g. of unlawfully processed or no longer necessary data (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to data portability, provided the processing takes place based on consent or to perform a contract or by means of an automated process (Art. 20 GDPR).
- Right to object the processing, in particular if this takes place to safeguard the legitimate interests of the controller (Art. 21 GDPR).
If the processing is based on consent that you have provided (Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR), you have the right to revoke your consent at any time. This shall not affect the lawfulness of processing carried out on the basis of consent prior to your revocation.
In addition, you have the possibility of sending a complaint
- to our data protection officer Thomas Grimm, Max-Brose-Straße 1, 96450 Coburg, Germany, email: datenschutz@brose.com and
- the competent regulatory agencies. For Brose Fahrzeugteile SE & Co. Kommanditgesellschaft, Coburg, Germany, this is Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach, Germany, email: poststelle@lda.bayern.de.
Our social media appearances
Data processing through social networks
Brose has publicly accessible profiles on social networks. The social networks we use are listed below.
Social networks such as Facebook or Twitter et cetera can generally comprehensively analyze your behavior as user when you are visiting their website or a website with integrated social media content (e.g. like-buttons or advertising banners). When you visit our social media sites, various data protection relevant processing operations are being triggered. In detail:
If you are logged into your social media account and visit our social media site, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in. Even if you do not have an account with the relevant social media portal, your personal data can still be collected. In this case, the data is collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account on the social network, interest-based advertising can be displayed on all devices on which you are logged in or where you have been logged in.
Please also note that we cannot trace all processing steps on the social media networks. Depending on the provider, the operators of the social media portals may therefore carry out further processing operations. Details can be found in the terms of use and data protection regulations of the respective social media network.
Legal basis
Our social media sites should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
The responsible and the assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are responsible, together with the operator of the social media platform, for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaints) basically both against us and against the operator of the respective social media network (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our possibilities depend largely on the corporate policy of the respective provider.
If you have any questions, please contact us via datenschutz@brose.com
Storage time
The data collected directly by us via our social media sites will be deleted from our systems as soon as the purpose for its storage ceases to apply, you request that we delete it, you revoke your consent for storage or the purpose for data storage ceases to apply. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which are stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).
Social networks in detail
- Facebook
We have a profile at Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.
Through the Controller Addendum, we have agreed with Facebook to share responsibility for the processing of data (joint controllership). This agreement specifies the data processing operations that we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum - You can customize your advertising settings independently in your user account.
Just click on the following link and log in:
https://www.facebook.com/settings?tab=ads
Details can be found in the privacy policy of Facebook:
https://www.facebook.com/about/privacy/
Twitter
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified under EU-US-Privacy-Shield.
You can customize your Twitter privacy settings in your user account yourself. Please click on the following link and log in: https://twitter.com/personalization
Details can be found in the privacy policy of Twitter:
https://twitter.com/en/privacy
Instagram
We have a profile at Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how your personal data is handled, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875
XING
We have a profile at XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how your personal data is handled, please refer to XING´s privacy policy: https://privacy.xing.com/en/privacy-policy
LinkedIn
We have a profile at LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified according to the EU-US Privacy Shield. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Details on how they handle your personal data can be found in LinkedIn's privacy policy:
https://www.linkedin.com/legal/privacy-policy
YouTube
We have a profile on YouTube. Provider is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA
For details on how they handle your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en
kununu
We have a profile at kununu. The provider is kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Wien, Austria. For details on how your personal data is handled, please refer to kununu´s privacy policy: https://privacy.xing.com/en/privacy-policy
merchandise
Data Privacy Statement in accordance with the General Data Protection Regulation for Merchandise Sales
We wish to comply with our obligation to provide information under Article 13 of the General Data Protection Regulation (GDPR) with the following statement.
1. Controller
The controller within the meaning of the GDPR is Brose Fahrzeugteile SE & Co. Kommanditgesellschaft, Coburg (Max-Brose-Straße 1, 96450 Coburg, Germany).
2. Purpose of processing and legal basis
We process your personal data (name, contact data, order data) for the purpose of selling and handling shipments of merchandise (such as motor racing calendars). The legal basis within the meaning of the GDPR for processing of your personal data is Article 6 (1) point (b) GDPR.
3. Disclosure of data and period of storage
Your personal data is provided to the departments at the controller which need it to fulfill the above purposes. Your personal data is not passed on to third parties.
Your personal data is erased as soon as it is no longer required for achieving the purpose for which it was collected. If your personal data is processed as part of selling and handling shipments of merchandise (such as motor racing calendars), it is erased when all claims from the contractual relationship have become time-barred and there are no statutory retention periods standing in the way of that.
4. Your rights
You have the right under the applicable data protection legislation to:
- information, in particular on the data stored at the controller and the purposes for which it is processed (Article 15 GDPR),
- rectification of inaccurate or completion of incomplete data (Article 16 GDPR),
- erasure, for example of data that has been unlawfully processed or is no longer required (Article 17 GDPR),
- restriction of processing (Article 18 GDPR),
- data portability, if data processing is based on consent or is carried out to fulfill a contract or using automated processing methods (Article 20 GDPR).
5. Contact person
We will be pleased to assist you if you have any questions on the subject of data protection at Brose. If you have a complaint or wish to exercise your rights, you can contact our Data Protection Officer at datenschutz@brose.com.
If you believe that Brose has not adequately addressed your misgivings or complaint, you have the right to lodge a complaint with the responsible supervisory authority.