The party responsible within the meaning of the General Data Protection Regulation (GDPR) is:
Mercedes-Benz AG („We“)
Data protection officer:
Chief Officer Corporate Data Protection
1. Data protection
We are pleased to welcome you to our website and thank you for your interest in our offers. The protection of your personal data is important to us. In this data protection notice, we tell you how we collect your personal data, what we do with it, the purpose and legal basis of doing so, and what your rights and entitlements are in this regard. We also make reference to the Daimler data protection policy.
Our data protection notice for the use of our web pages and the data protection policy of Daimler AG do not apply to your activities on the web pages of social networks or other providers accessible to you from the links on our web pages. Please see these providers’ websites for their data protection regulations.
2. Collection and processing of your personal data
a. When you visit our web pages, we store certain details about your browser and operating system, the date and time of your visit, the access status (e.g. whether you were able to open a web page or received an error message), use of web page features, search terms you may have entered, how frequently you visit individual web pages, the names of retrieved files, data volume transferred, the website from which you arrived at our website, and the website you visit from our website, either by clicking on links on our website or by entering a domain directly in the input field of the same tab (or window) of the browser in which you opened our website. For security reasons, in particular to prevent and detect attacks on our website or attempted fraud, we store your IP address and the name of your internet service provider for seven days.
b. We store other personal data only if you disclose such data to us, e.g. as part of registration, filling in a contact form, a survey, a prize competition or for the performance of a contract, and even in these cases we store your data only where you have permitted us to do so on the basis of consent issued by you or in accordance with applicable legislation (you will find further information on this below in the section “Legal basis for processing”).
c. You are neither legally nor contractually obliged to give us your personal data. However, certain features on our web pages may depend on your letting us have your personal data. If, in such cases, you do not give us your personal data, this may lead to features either not being available or being available only to a limited extent.
3. Purposes of use
a. The personal data we collect when you visit our web pages is used to make our web pages as convenient as possible for you to use and to protect our IT systems from attacks and other illegal acts.
b. Where you provide us with further personal data, e.g. as part of registration, filling in a contact form, a survey, a prize competition or for the performance of a contract, we use such data for the specified purposes, for purposes of customer management and – where necessary – for purposes of the processing and invoicing of transactions, in each case to the necessary extent.
4. Transfer of personal data to third parties; social plug-ins; use of service providers
a. Our web pages may also contain offers from third parties. When you click on such an offer, we transfer data to the relevant provider to the necessary extent (e.g. to indicate that you found this offer on our site and any other relevant information you have already entered on our website).
b. When we use social plug-ins of social networks such as Facebook, Twitter and Google+ on our website, we incorporate these as follows:
The social plug-ins are deactivated when you visit our website, i.e. no data of any kind is transferred to the operator of these networks. If you would like to use one of the networks, click on the relevant social plug-in to make a direct connection with the network’s server.
If you have a user account on the network and are logged in to the network when you activate the social plug-in, the network can assign your visit to our website to your user account. If you would like to prevent this, please log out of the network before activating the social plug-in. A social network cannot assign a visit to other Daimler websites unless you have also activated a social plug-in on such websites.
The social plug-in remains active until you deactivate it or delete your cookies.
c. When you click on the link to an offer or activate a social plug-in, personal data may be sent to providers in countries outside the European Economic Area that, from a European Union (“EU”) perspective, do not guarantee an “adequate level of protection” in line with EU standards for the processing of personal data. Please bear this in mind before you click on a link or activate a social plug-in to initiate the transfer of your data.
d. For the operation, optimisation and protection of our web pages, we also use qualified service providers (IT service providers, marketing agencies). We transmit personal data to such service providers only where this is necessary for the provision and use of the web pages and their functionalities, for the tracking of legitimate interests or where you have given your consent (see section 8). This may involve data being transferred to recipients outside the European Economic Area; please see section 13. below.
5. Evaluation of usage data; use of analytics tools
We aim to tailor the content of our web pages as accurately as possible to your interests in order to improve our offer for you. We use the following analytics tool(s) to identify usage preferences and especially popular parts of the web pages: Google Analytics, Adobe Analytics.
a. If you do not want us to collect and evaluate information about your visit using the above-mentioned analytics tools, you can opt out at any time for the future.
We implement your opt-out request by setting an opt-out cookie in your browser. This cookie serves only to indicate that you have opted out. Please note that, for technical reasons, an opt-out cookie is effective only in the browser in which it was set. If you delete the cookies or use a different browser or device, please opt out again.
b. The following contains information on the providers of the analytics tools we use and the relevant opt-out options:
- i. Google Inc. („Google“):
You can prevent the transfer of your data and its collection and processing by Google. Google provides relevant information at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
- ii. Adobe Systems Inc. (“Adobe“):
To opt out of Adobe Analytics evaluating your data, follow this link: http://www.adobe.com/en/privacy/opt-out.html.
c. The use of analytics tools may involve data being sent to recipients outside the European Economic Area; please see section 13.
6. Usage-based information (targeting and retargeting)
We use so-called retargeting technologies to tailor our online marketing (e.g. banner ads) on the web pages of our retargeting partners (Flashtalking, Google Adwords, Google Doubleclick and Vivaki) to your needs and interests. For this purpose, your interest in our products and services is stored in cookies. When you visit other websites that cooperate with our retargeting partners, these cookies are retrieved and used to provide you with information tailored as closely as possible to your interests. This is done in anonymised form, i.e. you cannot be identified via the retargeting process.
If you do not wish Daimler and its retargeting partners to collect, store and analyse information about your visit and tailor banner ads to your interests, you can object to the future use of your data at any time (opt-out).
For the technical implementation of your objection, it is necessary to install an opt-out cookie in your browser. This cookie serves only to indicate that you have opted out. Please note that, for technical reasons, the opt-out cookie will affect only the browser in which it was set. If you delete the cookies or use a different browser or device, please opt out again.
The use of retargeting technologies may involve data being sent to recipients outside the European Economic Area; please see section 13. below.
We apply technical and organisational security measures to protect your data in our possession from manipulation, loss, destruction and access by unauthorised parties. We continuously improve our security measures in line with technological developments.
8. Legal basis for processing
a. Where you have given your consent to our processing your personal data, this constitutes the legal basis for processing (Art. 6 (1) a GDPR).
b. Art. 6 (1) b GDPR constitutes the legal basis for the processing of personal data for the purposes of initiation or fulfilment of a contract with you.
c. Where the processing of your personal data is necessary for fulfilment of our legal obligations (e.g. for the storage of data), we are authorised to do so under Art. 6 (1) c GDPR.
d. In addition, we process personal data for the purposes of our legitimate interests and the legitimate interests of third parties in accordance with Art. 6 (1) f GDPR. Maintaining the operability of our IT systems, the (direct) marketing of our own and third-party products and services, and the legally required documentation of business contacts are examples of such legitimate interests. As part of the necessary balancing of interests, we take account in particular of the nature of the personal data, the purpose of processing, the circumstances of processing and your interests in the confidentiality of your personal data.
9. Deletion of your personal data
We delete your IP address and the name of your internet service provider, which we store only for security purposes, after seven days. Otherwise we delete your personal data as soon as the purpose for collecting and processing it no longer applies. Beyond that time, we store your data only where required by the laws, regulations or other legislation to which we are subject in the European Union or by legislation in third countries where there is an adequate level of data protection. Where, in individual cases, deletion is not possible, the relevant personal data is marked with the aim of limiting its future processing.
10. Rights of data subjects
a. As a data subject, you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).
b. Where you have consented to our processing your personal data, you have the right to withdraw your consent at any time. The lawfulness of the processing of your personal data up until withdrawal of consent is not affected by withdrawal. Equally, the continued processing of such data on a different legal basis, such as to fulfil our legal obligations, remains unaffected (see “Legal basis of processing”).
c. Right to object You have the right at any time to object, for reasons arising from your particular situation, to your personal data being processed on the basis of Art. 6 (1) e) GDPR (data processing in the public interest) or Art. 6 (1) f) GDPR (data processing on the basis of balancing of interests). Where you lodge an objection, we will continue to process your personal data only where we can provide compelling legitimate reasons for doing so that outweigh your interests, rights and freedoms, or where processing serves the purpose of the assertion, exercise or defence of legal claims.
d. Where possible, please send your claims or explanations to the following contact address: firstname.lastname@example.org
e. If you are of the opinion that the processing of your personal data is in breach of the law, you have the right to lodge a complaint with a responsible data protection authority (Art. 77 GDPR).
When you subscribe to a newsletter offered on our website, the data you provide when subscribing to the newsletter will be used only for the sending of the newsletter, unless you have consented to your data being used for other purposes. You can cancel the subscription at any time by using the unsubscribe option provided in the newsletter.
12. Central access service of Daimler AG
Data transfer to recipients outside the European Economic Area
a. The use of service providers (see section 4. d.), analytics tools (see section 5) and retargeting technologies (see section 6) may involve personal data being sent to and processed by recipients in countries outside the European Union (“EU”), Iceland, Liechtenstein and Norway (= European Economic Area), in particular the USA, India.
b. From an EU perspective, the following countries do not have an adequate level of protection in line with EU standards for the processing of personal data (so-called adequacy decision): Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. With recipients in other countries we agree the application of EU standard contractual clauses, binding corporate regulations or the EU-U.S. or Swiss-U.S. Privacy Shield in order to create an adequate level of protection in line with the legal requirements. Relevant information is available through the contact details given in section 10.d. above.
Information on the cookies we use and their features can be found in our Cookie Statement.