Information about the processing of personal data
Please read below for further information about how we process the personal data of our website users. Personal data are all information relating to an identified or identifiable natural person such as e.g. last name, first name, address, e-mail address, membership number, user behavior, etc
I. Controller’s name and address
The controller in the sense of the General Data Protection Regulation and the Member States’ various national data protection legislation as well as other data protection provisions is:
II. Data protection officer’s name and address
The controller’s data protection officer is:
Data Protection and Data Security (DSS)
Phone: : +49 89 76 76 53 62
III. General information
1. Extent to which personal data are processed
In principle, we process the personal data of our users only to the extent required to provide a fully-functioning website as well as our offered services and contents.
2. Legal basis for the processing of personal data
The processing of personal data shall be based on the applicable legal provisions and/or the user’s consent.
If and to the extent that we ask the data subject to consent to the processing of his or her personal data, Art. 6(1) (a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.
If and to the extent that the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6(1) (b), GDPR, shall serve as the legal basis. This also applies to the processing necessary for taking steps prior to entering into a contract.
If and to the extent that processing is necessary for compliance with a legal obligation to which our organization is subject, Art. 6(1) (c), GDPR, shall serve as the legal basis.
Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6(1) (d), GDPR, shall serve as the legal basis.
Where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6(1) (f), GDPR, shall serve as the legal basis for processing.
3. Data erasure and storage period
We will erase personal data or make them unavailable as soon as the purposes for which they were stored no longer apply. We may store personal data if required by Union or Member State regulations, laws or other provisions. Unless required to retain the data for the conclusion or performance of a contract, we will comply with the applicable storage periods and make the data unavailable or erase them upon expiry of the storage periods.
IV.Processing of website users’ personal data and creation of log files
Whenever you visit our website, our system collects data and information by automated means from your computer.
1. Legal basis
The legal basis for the temporary storage of data and log files is Art. 6(1) (f), GDPR.
2. Description and extent of data processing
If you use our website to browse for information only, i.e. if you do not register or transfer information in any other way, we will only collect the personal data your browser transfers to our server. If you want to view our website, we will collect the data below which we require for technical reasons for you to be able to view our website and for us to ensure its stability and security:
- IP address
- Date and time of inquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (concrete page)
- Access status/http status code
- Respective transmitted data volume
- Website on which the request was generated
- Browser (type and version)
- Operating system and user interface
- Language and version of browser software.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user’s computer. For this purpose, the user's IP address must be stored for the duration of the session.
We store such data in log files to ensure the functionality of the website. In addition, we use the data to optimize our website and to ensure the security of our information technology systems. We do not analyze these data for marketing purposes in this context.
These purposes constitute our legitimate interest in data processing pursuant to Art. 6(1) (f), GDPR.
4. Storage period
The data will be erased once they are no longer necessary for the purpose for which they were collected. As regards the collection of data for the provision of the website, this is the case when the respective session has ended.
Where the storage of data in log files is concerned, this is the case no later than after 7 days. Longer storage periods are possible. In such case, the user’s IP address is deleted or anonymized to prevent any future matching to the client that generated the pageview.
5. Option to object and erase
For the provision and operation of the website, it is essential that we collect the data and store them in log files. Therefore, users have no option to object.
1. Legal basis
The legal basis for the processing of personal data using cookies that are technically necessary is Art. 6(1) (f), GDPR.
2. Description and extent of data processing
Our website uses the following types of cookies, the extent and function of which are explained in the following:
– Transient cookies (see a) below)
– Persistent cookies (see b) below)
a) Transient cookies first and foremost include session cookies. The latter store a session ID which enables to associate the various queries generated by your browser while you navigate the website. This enables us to recognize your computer when you return to our website.
b) Persistent cookies remain on a device for longer and are deleted automatically after a defined period of time which may differ depending on the cookie.
c) Flash cookies are used in relation with the Adobe Flash Player. They are files where user-related data are stored on the user's PC when browsing the Internet to enable the respective website or web application to retrieve these data at a later time. Rather than by your browser, Flash cookies are collected by your Flash plug-in.
d) In addition, we use HTML5 storage objects which are stored on your device. They store the required data independently of the browser you use and do not expire automatically.
3. Purpose of data processing
Cookies are used to make websites more user-friendly and effective. The purpose of using technically necessary cookies is to enhance the use of a website. Without cookies, some functionalities of our website will not work since they require the browser to be identified also after visiting another website.
For the purpose of improving our website’s quality and contents, we use analysis cookies. They give us an understanding of how our website is used and help us constantly improve our offer. For instance, we can thus focus on and expand topics viewed by large numbers of our users. If the analysis shows that topics are of little interest for our users, we will reduce our efforts while putting our focus on areas our users find more interesting.
4. Storage period
a) Transient cookies are deleted automatically when you close your browser. Session cookies as a form of transient cookies are deleted when you log off or close your browser.
b) Persistent cookies remain on your hard drive after you close your browser and are deleted automatically after a defined period of time which may differ depending on the cookie.
5. Option to object and erase
Please note that you will not be able to fully utilize all of the site functionality if you chose one of the above options.
If you want to opt out of the processing of Flash cookies, install an add-on such as Better Privacy for Mozilla Firefox ( https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome.
To prevent the use of HTML5 storage objects, set your browser to private mode. We also recommend you manually delete your cookies in your browser history once in a while.
VI. Use of web analytics tools
We use web analytics tools to analyze our users’ browsing behavior and regularly improve our website
The legal basis for the use of analytics tools is Art. 6(1) (f), clause 1, GDPR.
1. Description and extent of data processing
a) To optimize the services offered on its website, ADAC uses a web analytics tool from Webtrekk GmbH (hereinafter referred to as “Webtrekk”) which runs on our server. Webtrekk promptly anonymizes the IP addresses ensuring that they cannot be used to identify visitors. The anonymized statistics are stored separately from any personal data you may have entered. Again this prevents tracking a certain person. You have the right to object to the use of your anonymized visitors’ data to generate usage profiles at any time. This will prevent the collection of such data during future visits. An opt-out from being tracked on the ADAC Internet portal by Webtrekk is provided by a cookie called webtrekkOptOut placed by the www.(m)adac.de domain. Your opt-out will be effective until you delete this cookie. This will happen for instance if your browser is set to deleting cookies when closing the browser. This cookie covers the above-mentioned domain, a specific browser and PC. If you visit the ADAC Internet portal both from your home and your workplace PC or use different browsers to access the portal, you must place the cookie on each PC and browser. If your decision to opt out is final, click Send.
Click the link below to place a cookie to prevent the use of the anonymized data of your visit on the ADAC website.
Place cookie [https://www.adac.de/datenschutz-cookies/]
To analyze our website users’ browsing behavior, we use the open-source software tool Matomo (formerly PIWIK).
b) Our advertising partner Mapp Digital Germany GmbH is in charge of collecting data for the delivery of promotional material using Dynamic 1001 GmbH’s ec track web analytics service.
We use the web analytics service to measure the success of marketing campaigns.
To prevent such user-targeted advertising, click the link below to place an opt-out cookie on your device:
c) Our advertising partner Catbird Seat GmbH is in charge of collecting data for the delivery of promotional material using Refined Labs GmbH’s and intelliAd Media GmbH’s bid management web analytics service. We use the web analytics service to measure the success of marketing campaigns.
To prevent such user-targeted advertising, click the links below to place an opt-out cookie on your device:
d) To ensure that our website meets ADAC members’ and customers’ specific needs, we use the optimization tool of Maxymiser GmbH (hereinafter referred to as “Maxymiser”). Rather than personal data, we use anonymized or pseudonymized data to generate usage profiles. We do not combine usage profiles created from pseudonymized data with the data of the individual the pseudonym belongs to. The information generated by cookies about your use of the ADAC website will be transmitted to and stored on a Maxymiser server.
Click the link below to place a cookie preventing recordings of your data by Maxymiser’s tools.
Place cookie [https://www.adac.de/datenschutz-cookies/]
g) DoubleClick by Google / DoubleClick Campaign Manager
The marketing tools used will cause your browser to automatically link directly to the Google server. We have no control over the extent and further use of the data collected by Google via this tool. Therefore, based on what we know, we advise as follows: when DoubleClick is embedded, Google will be informed that you have clicked on the corresponding part of our website or on one of our ads. If you have registered with a Google service, Google will be able to correlate the visit with your account. Even if you have not registered with Google or are not logged in, the provider may potentially identify and store your IP address.
Moreover, using DoubleClick Floodlight cookies allows us to understand if you are performing certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or any other platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content with which you have interacted on our websites so as to be able to send you targeted ads later. There are different ways for you to avoid being subject to this tracking method: a ) set your browser software accordingly: by suppressing third-party cookies, in particular, you can block third-party ads; b) deactivate the cookies for conversion tracking by setting your browser to block cookies from the www.googleadservices.com domain, via https://www.google.de/settings/ads; however, these settings will be deleted as soon as you delete your cookies; c) deactivate providers’ interest-based ads, which are part of the “About Ads” self-regulation campaign, via the link http://www.aboutads.info/choices; this setting will be deleted, though, as soon as you delete your cookies; d) permanently deactivate ads in your browsers, such as Firefox, Internet Explorer or Google Chrome, clicking on http://www.google.com/settings/ads/plugin; change your cookies settings accordingly. Please note that you may not be able to fully utilize all of the site functionality if you choose one of the above options.
Go to https://www.google.de/doubleclick for further information on DoubleClick by Google, or to https://www.google.de/intl/de/policies/privacy. Ato learn more about Google’s general data protection policy. As an alternative, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework .
VII. Data subject’s rights
Whenever and wherever your personal data are processed, you are a data subject as defined in the GDPR and entitled to exercise the following rights towards the controller:
1. Right of access
You have the right to obtain from us as the controller confirmation as to whether or not we process personal data concerning your person.
If this is the case, you may request the following information from the controller:
- the purposes of the processing of personal data;
- the categories of personal data processed;
- the recipients or categories of recipients to whom your personal data have been or will be disclosed;
- the envisaged period for which your personal data will be stored, or, if no specific information can be provided, the criteria used to determine the storage period;
- the existence of the right to request from the controller rectification or erasure of your personal data or restriction of the processing of your personal data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4), GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to be informed about whether or not your personal data are transferred to a third country or to an international organization. Where this is the case, you may request information about the appropriate safeguards pursuant to Art. 46, GDPR, relating to the transfer.
2. Right to rectification
You have the right to request the controller to rectify or complete inaccurate or incomplete personal data concerning your person without undue delay.
3. Right to restriction of processing
You have the right to request the controller to restrict the processing of your personal data where one of the following applies:
- you challenge the accuracy of your personal data for as long as the controller needs to verify the accuracy of your personal data;
- the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims; or
- you have objected to the processing pursuant to Art. 21(1), GDPR, pending the verification whether or not the legitimate grounds of the controller override yours.
Where processing has been restricted, the relevant personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted for one of the above grounds, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You have the right to obtain from the controller the erasure of your personal data without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to Art. 6(1) (a) or Art. 9(2) (a), GDPR, and there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21(1), GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2), GDPR.
- Your personal data have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- Your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1), GDPR.
b) Notification of third parties
Where the controller has made your personal data public and is obliged pursuant to Art. 17(1), GDPR, to erase your personal data, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure will not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9(2) (h) and (i) as well as Art. 9(3), GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1), GDPR, in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claims.
5. Right to be informed
Where you requested the controller to rectify or erase any data or restrict the processing, the controller is under the obligation to communicate such rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.
At your request, the controller must inform you about those recipients.
6. Right to data portability
You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to Art. 6(1) (a), GDPR, or Art. 9(2) (a), GDPR, or on a contract pursuant to Art. 6(1) (b), GDPR; and
- the processing is carried out by automated means.
In exercising this right, you are also entitled to have your personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6(1) (e) or (f), GDPR, including profiling based on those provisions.
The controller will no longer process your personal data unless demonstrating compelling legitimate grounds for the processing which override your interests, rights and freedoms or for establishing, exercising or defending legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw the data protection consent
You are entitled to withdraw your data protection consent at any time. Your withdrawal of consent will not affect the lawfulness of processing based on your consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning your person or similarly significantly affects you. This shall not apply if the decision
- is necessary for entering into, or performance of, a contract between you and the controller;
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
Such decisions, however, shall not be based on special categories of personal data referred to in Article 9(1), GDPR, unless point (a) or (g) of Article 9(2), GDPR, applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3) above, the controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78, GDPR.
VIII. Service partners
Should we contract individual functions of our offer out to service partners, we will inform you on the respective procedures in detail, specifying also the applicable criteria for the storage period.
Our service partners for operating our website are:
Agentur für interaktive Medien
INDV Individuelle Datenverarbeitungs- und Vertriebs GmbH