The companies of the Webasto Group (Webasto SE, Webasto Roof & Components SE and Webasto Thermo & Comfort SE and their affiliated companies pursuant to Sections 15 et seq. of the German Stock Corporation Act (AktG)) respect your privacy and take the protection of personal data very seriously. We would like you to know when we store what data and how we use it. We have taken technical and organizational measures to ensure that the relevant data protection regulations are observed. We process personal data exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG].
Anonymous data collection
As a general rule, you can visit the non-personalized webpages of the Webasto Group (www.webasto.com, www.webasto-group.com, www.webasto-comfort.com and www.webasto-career.com) without telling us who you are. When you visit our website, the IP address currently used by your PC, the browser type and your PC's operating system, the website from which you visited us, the date, time, and websites visited by you are recorded. However, inferences cannot be made based on personal data and are not intended. This information is evaluated for statistical purposes. You remain anonymous as an individual user.
Personal data is information relating to your person. This includes information such as your name, address, postal address and telephone number. Furthermore, when you visit our online presence (www.webasto.de, www.webasto.com and www.webasto-group.com), further usage data is logged such as
- the IP address,
- the browser type and operating system of your PC,
- the website from which you are visiting us, and
- the date, time and the websites that you have visited.
Personal data is only collected by the companies of the Webasto Group if it is generated automatically as part of the usage process or if you provide us with this voluntarily, for example when filling out a registration form, registering for personalized services or submitting an application. Your data entered in the form will be stored solely for the following purposes:
- for Webasto to meet your quotation request
- to register for the newsletter and to send you the newsletter
- to forward your data to the relevant HR department in the scope of an application.
- to analyze anonymized user data for the purpose of expanding and improving our website
Purposes of processing and legal basis
For the fulfilment of contractual obligations (Article 6(1) lit. b GDPR)
Your data will be processed on the basis of Article 6(1) lit. b GDPR for the purpose of performing and executing orders and contracts within the scope of the implementation of our contracts with our customers and suppliers or for the purposes of implementing pre-contractual measures which are taken at your request. This includes, in particular, concrete inquiries that we receive at events such as trade fairs. Furthermore, the relevant legal provisions apply to those processing operations that are necessary for us to be able to make our online services available to you.
The purposes of data processing depend primarily on the specific product and/or service provided and may include, but are not limited to, demand analyses, consultations, purchase contracts and contracts for work and labor as well as regulatory requirements. Further details on data processing purposes can be found in the relevant contract documents and terms and conditions.
Irrespective of established contractual relationships and your interest in our services, you also enter into a user relationship with us by visiting our online presence. The processing of usage data resulting from the visit of our online presence is also legitimized by Article 6(1) lit. b GDPR.
(1) Within the scope of the balancing interests (Article 6(1) lit. f GDPR)
If necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. Due to the multitude of processing contexts that are theoretically conceivable, the following points should only be understood as a selection of the most practice-relevant situations. We can provide more detailed information within the framework of specific claims for information. This includes in particular
- the consultation of and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness and default risks in our transactions
- the review and optimization of procedures for demand analyses for the purpose of direct customer approach,
- advertising or market and opinion research, unless you have objected to the use of your data,
- the recording and storage of contact data when business cards are handed over in the event of someone being interested in our services, e.g. at trade fairs,
- the enforcement of legal claims and defense in legal disputes,
- ensuring the company’s IT security and operation,
- the prevention and investigation of criminal offences,
- video surveillance for the protection of domiciliary rights, for the collection of evidence in the event of burglary (see also Section 4 BDSG),
- measures ensuring building and plant security (e.g. access controls),
- measures to secure domiciliary rights,
- measures for business management and further development of services and products,
- risk management in the Webasto Group.
Based on your consent (Article 6(1) lit. a GDPR)
If you have granted your consent to the processing of personal data for specific purposes (e.g. advertising measures for non-customers or the use of photographs), the lawfulness of this processing is established by virtue of this consent.
A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. The withdrawal of a consent only takes effect for the future and does not affect the lawfulness of the data processed until this withdrawal.
(2) Based on legal requirements (Article 6(1) lit. c GDPR)
In addition, as a company, we are subject to various legal obligations, i.e. statutory requirements (e.g. German Money Laundering Act [Geldwäschegesetz, GwG], tax laws and regulatory requirements). The purposes of processing include, among other things, creditworthiness checks, identity and age checks, fraud and money laundering prevention, compliance with control and reporting obligations under tax law, and the assessment and management of risks within the company.
Transfer of personal data to third parties
We transfer your data to other companies in the Webasto Group for general administrative purposes in accordance with Article 6(1) lit. f GDPR and to our authorized dealers and service partners if required in order to respond to your enquiry or to fulfil the contract. If you request an offer from a dealer via our website www.webasto-comfort.com, we will pass on the personal data you have provided to the dealers you have selected.
Webasto will of course be happy to support you in the context of a justified request to access or erase data by also forwarding the request to the service provider on your behalf.
With regard to the transfer of data to recipients outside of our company, it should first be noted that we only transfer required personal data in compliance with the applicable data protection regulations. We are only allowed to transfer personal data of our suppliers if this is required by law, if the person concerned has consented to such or if we are otherwise authorized to do so. Under these conditions, recipients of personal data may be, for example:
- public authorities and institutions (e.g. tax authorities, criminal prosecution authorities) where there is a legal or official obligation,
- creditors or insolvency administrators enquiring within the scope of execution writs
- public auditors. Data cannot be transferred to any other third parties unless you have expressly consented to this.
The use of our range of social media and map services may result in data transmissions and subsequent processing of usage data by the respective services in the U.S. The basis for any processing activities is your explicit declaration of consent which you have given via the cookie banner. Your declaration of consent justifies such data processing by way of exception and on a case-by-case basis pursuant to Art. 49 (1) lit. a GDPR. Please note that there is no data protection in the USA which would be comparable to the level in the EU and EEA. In particular, it is possible that state authorities may access your personal data on the basis of legal authorisations without us or you being informed. There are no comparable opportunities for enforcing the law of another country in the U.S. so that this does not appear promising.
A local language version is being prepared at the moment.
Duration of the storage
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations.
If the data is no longer required for the fulfilment of our contractual or legal obligations, it is deleted at regular intervals, unless its – time-limited - further processing is necessary for the following purposes:
- compliance with obligations to preserve business records under commercial and tax law,
- German Commercial Code [Handelsgesetzbuch, HGB], Fiscal Code of Germany [Abgabenordnung, AO], or the German Money Laundering Act [Geldwäschegesetz, GwG]. The periods for storage and documentation specified there are generally two to ten years.
- Preservation of evidence within the framework of the statutory statute of limitations. According to Sections 195 et seq. of the German Civil Code [Bürgerliches Gesetzbuch, BGB], these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
You have the following statutory rights regarding the processing of your personal data:
- the right of access to your stored personal data;
- the right to rectification;
- the right to erasure;
- the right to object;
- the right to restriction of processing;
- the right to data portability.
You can withdraw your consent to the processing of your personal data at any time.
In addition, you have the right to appeal to the competent data protection supervisory authority in Bavaria (Article 77 GDPR in conjunction with Section 19 BDSG).
Should you no longer agree to the storage of your personal data or should this data have become inaccurate, we will, upon receipt of corresponding instructions, arrange for the deletion, amendment, or blocking of your data within the limits of the relevant statutory provisions. Upon request, you will receive information regarding all of your personal data that we have stored on you free of charge. The restrictions according to Sections 34 and 35 BDSG apply to the right of access and the right of erasure. If you have any questions regarding the collection, processing, or use of your personal data, for information, rectification, blocking, or erasure of data as well as for the use of further rights, please contact the Webasto Group Data Protection Officer (firstname.lastname@example.org) or the respective Webasto Group company in writing.
Cookies are used on our websites. Cookies are small text files that are placed on your computer when you visit our websites. We set cookies for the purposes of guaranteeing the use of our online services, for individual website optimization and to guarantee IT security. For further information on our cookies, please refer to the following link: www.webasto-group.com/de/cookies/
Cookies that are absolutely necessary to use our online services or to guarantee IT security do not require your consent. The use of these cookies and related processing activities are permitted by Article 6(1) lit. f) GDPR.
Cookies for all other purposes, such as for individual website optimization, for marketing or for carrying out statistical evaluations of your activities on our website, however, require your consent.
Links to other websites
Our online presence includes links to other websites. We do not have any influence over whether the operators of these websites comply with the relevant data protection regulations. So you should examine the data protection policies offered separately in each case. Nor do we have any influence whatsoever over the lawfulness of the contents of these websites. We therefore reject any responsibility for the contents of other websites.
AT Internet data protection notes
We utilise a solution from AT Internet for analysing our website usage. Our aim is to design our website so that it is optimally tailored to your needs. We want to improve both the user-friendliness and quality of our web presence and bring you the products and information that are most relevant to you in a prompt and customer-friendly manner.
In order to be able to achieve the above-stated aim we need to collect and analyse statistics about user behaviour on our website. To do this, we analyse the collected data for the following purposes:
- To make performance and profitability comparisons for our website
- To count the number of visitors
- To track user awareness of, for instance, online advertising, partner and affiliate programs, rich media content and special campaigns that appear on the website
- To rate the areas of the website that are particularly attractive to you
- To evaluate the origin of online users in order to localise the content of our website
We differentiate between raw data (1) and processed data (2):
(1) The following data is collected:
- Either a cookie (which is a small text file that a website stores on your computer), which contains several items of information:
- the name of the server the cookie was sent from,
- an anonymous identifier which takes the form of a unique number,
- an expiry date,
- or a mobile identifier (which is a unique number that allows the device to be uniquely identified)
- and the IP address, which is used for geolocation. The IP address is anonymised by truncating the last three digits.
- All navigation data that is collected in relation to this identifier.
(2) Once the raw data has been processed we speak of processed data, which provides the following information:
- a unique visitor ID,
- all digital analytics data connected with this identifier that is processed by the contract data processing company.
The following storage periods are applicable:
- The raw data is deleted six months after collection.
- The processed data is stored for the duration of the agreement between us and our provider, plus six months.
We and AT Internet, as our contract data processing company, have access to the digital analytics data.
You can object to your data being processed by AT Internet by following this link:
Map service Google Maps of Google Inc.
This website uses Google Maps to represent interactive maps and to generate driving directions. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps services, information about the use of this website including your IP address and the (starting) address you enter when using the route planning feature may be transmitted to Google in the USA. When you access or view our website, which contains Google Maps, your browser establishes a direct connection with the Google servers. The content of the maps is transmitted directly to your browser, which thereby links to our website. We therefore have no influence on the scope of data collected by Google in this manner. To the best of our knowledge, and according to the information provided by Google Inc., this involves the following data
- Date and time of day of your visit to the website concerned,
- Internet address or URL of the website accessed, as well as
- IP address, the (starting) address entered in the course of route planning.
We have no influence whatsoever on the further processing and use of the data by Google and are therefore unable to assume any responsibility for this.
Please refer to Google’s data protection (privacy) policies for the purpose and scope of its data collection and the further processing of the data by Google Inc. as well as the relevant rights and setting options to protect your privacy (https://policies.google.com/privacy?hl=en).
Management of online advertising measures with Netzeffekt GmbH
For the optimization and billing of our advertising measures and in order to enable the re-addressing of visitors to our websites, Netzeffekt GmbH, Theresienhoehe 28, 80339 Munich, Germany is collection, storing and processing on our account anonymized, non-personalized data about your visit. For this purpose, cookies are used occasionally. Netzeffekt GmbH cannot and will not connect these visitor data with your name or other personal information you provided us with.
You can object to the data processing by Netzeffekt GmbH via the following link:
Use of social plugins from Facebook, Twitter and XING
We do not use social plugins on our websites, but solely links to the respecitve social networks.
On our website you can find links to the following social networks/services:
- The external social network Facebook of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.
The plugins can be identified by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" symbol) or are marked with the "Facebook Social Plugin" label.
The list and appearance of the Facebook Social Plugins can be viewed under https://developers.facebook.com/docs/plugins/.
- The external service Twitter of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, U.S.A.
They can be identified by terms such as "Twitter" or "follow" associated with a stylized blue bird.
The buttons can be viewed under developer.twitter.com/en/docs/twitter-for-websites/follow-button/overview.html.
Through the use of the buttons it is possible to share a contribution or page on our website on Twitter or to follow us on Twitter.
- The network XING of XING AG, Gänsemarkt 43, D-20354 Hamburg. The plugins are identified by the XING share button.
If plugins should be used, they will be deactivated by default and would need to be expressly activated by you. The functions assigned to the links to the respective networks/services (Facebook, Twitter, XING), in particular the transmission of information and user data, are not activated simply by visiting our website, but instead only after clicking on the corresponding link. If these links are followed by clicking on them, the plugins from Facebook, Twitter, and/or XING are activated and your browser establishes a direct connection to the servers of the respective network/service, i.e. from Facebook, Twitter, and/or XING. If you follow the links during your visit to our website and are logged into the respective network/service over your personal user account (Facebook, Twitter, XING), the information that you have visited our website will be forwarded to the respective operator (Facebook, Twitter, XING). The respective operator (Facebook, Twitter, XING) can assign the visit to the website to your account. This information is transmitted to the operators (Facebook, Twitter, XING) and if applicable stored there. In order to prevent this, you must log out of your account before clicking on the link. You can find additional information regarding the saved information under the following links:
- Facebook: https://www.facebook.com/help/186325668085084/
- XING: https://www.xing.com/app/share?op=data_protection
Even if you are not a member of the aforementioned social networks/services, there is a possibility that they will obtain your IP address over the social plugin and if applicable store it. Details regarding the purpose and scope of the processing, collection, and use of data on the part of Facebook, Google+, Twitter, and XING and your rights and setting options with regard to this can be found under the following data protection statements:
- Facebook: http://www.facebook.com/about/privacy/
- Twitter: https://twitter.com/privacy
- XING: https://privacy.xing.com/en/privacy-policy
In addition, there is the possibility of blocking social plugins through the use of add-ons for your browser; for example, the Facebook plugin with the "Facebook Blocker" that can be downloaded from the internet. In some cases, you can also change data protection settings, e.g. under twitter.com/account/settings.
We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") only with the consent of the recipient or as permitted under law. If the contents of the newsletter are specifically described within the scope of registration, they are decisive for the consent of the user.
If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you in order to send you our e-mail newsletter on a regular basis. Unsubscribing from the newsletter is possible at any time and can be done either by sending a corresponding request to the contact person indicated below or via a link provided for this purpose directly in the newsletter.
In order to subscribe to the newsletter, it is sufficient to enter your e-mail address. The registration to our newsletter is carried out in a so-called double-opt-in procedure. This means that, after subscribing, you will receive an e-mail in which you will be asked to confirm your subscription. This confirmation is necessary in order to ensure that nobody can subscribe using the e-mail address of someone else.
Subscriptions to the newsletter are recorded in order to ensure that we can verify the registration process according to the statutory requirements. This includes the storage of information on the time of the registration and confirmation as well as the IP address.
You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent. At the same time, your consent to its dispatch will expire. You can find a link for the cancellation of the newsletter at the end of each newsletter.
Questions and comments
If you have any questions, suggestions or comments on the subject of data protection, please send an e-mail to our Group Data Protection Officer (email@example.com).
Controller within the meaning of data protection law
Kraillinger Straße 5
You can contact our Group Data Protection Officer at:
Mr. Reinhard Bersch
Phone: +49 (89) 8 57 94-0