Data Protection Notice

The following notice provides you with an overview of which personal data Formel D GmbH (hereinafter referred to as Formel D GmbH, or “we”) collects during your visit to our website, for what purpose and how this data is used.

Objective

The purpose of this privacy policy is to set out the basic principles followed by Formel D and notify you of our general practices for all data that is processed, including what information we collect, with whom it is shared and how it is secured in respect of the processing of Personal Data of its customers, business partners, suppliers, employees, contractors and other individuals.

Scope

This policy applies to any processing of personal data within the area of responsibility of Formel D and is applicable in all group companies and at all locations. It also applies to all contractors who process personal data on our behalf, and to the handling of personal data that we process.

Policy Statement

Preamble

The companies of Formel D Group, (hereinafter referred to as “we”, “us” or “Formel D”) are active globally as service providers for the automotive and supplier industry. We develop market-leading concepts and individual, scalable solutions for quality assurance and process optimization along the entire automotive value chain – from development to production to aftersales. We support our customers in securing market maturity of vehicles and components and ensure the implementation and optimization of service processes. In all business activities and decisions, we are committed to complying with the applicable laws and other applicable regulations in the countries in which we do business. Thus, data protection at Formel D also plays a central role in the fulfillment of our tasks.

Protection of personal rights and compliance with legal regulations are essential parts of the self-conception of our organization. We also apply this standard conscientiously when we process personal data on behalf of our customers. We undertake to ensure the responsible handling of other people’s data and compliance with data protection regulations serve as a foundation for trusting relationships with employees, guests, customers, suppliers and other partners. Thus, Formel D commits itself to comply with data protection regulations within the framework of the European Data Protection Regulation (hereinafter referred to as “EU-GDPR”) as well as other relevant legal regulations.

If you have any questions about this policy, or requests for further information, please direct this to Formel D’s external Data Protection Officer at data-privacy@formeld.com or the internal Data Privacy staff at dps@formeld.com.

Basic Principles Regarding Personal Data Processing

Formel D has implemented measures to protect your personal data and ensure that it is handled in a secure and responsible manner and this includes the following, as applicable:

  • Processing is conducted in a lawful, fair and transparent manner, enabling proof of compliance with relevant legislation.
  • Processing is carried out exclusively for the specified, explicit and legitimate purpose and only to the extent and for the duration necessary.
  • Only personal data that is adequate, relevant and limited to what is necessary in relation to the purposes are processed.
  • Processing is transparent vis-à-vis the data subject and enables him to exercise his rights to information, correction and deletion, among others.
  • The nature of processing ensures that it is traceable and the data is accurate. Where necessary, taking reasonable steps to ensure that inaccurate personal data are erased or rectified in a timely manner.
  • Utilize appropriate technical or organizational measures to process personal data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure.
  • All processing operations and processes should be regularly reviewed with the aim of optimizing the protection of data subjects from the processing consequences.

The implementation of this policy is pursued via the data protection objectives, the description of the data protection organization, and Group-wide guidelines for implementation.

Privacy Notices to Data Subjects

Formel D ensures that all Data Subjects are properly informed of the following: the types of personal data collected, the purposes of the processing, processing methods, the data subjects’ rights with respect to their personal data, the external recipients, the retention period, potential international data transfers, if data will be shared with third parties and the our security measures to ensure the adequate protection of personal data. This information is provided through a Privacy Notice in clear and understandable language.

As part of its transparency obligation, Formel D has developed different Privacy Notices depending on the processing activity, the Data Subject and the categories of personal data collected. Our Data Privacy Staff (“DPS”) are responsible for creating and maintaining the Register of Privacy Notices.

Where Formel D, as a Processor, receives Personal Data from its subsidiaries, affiliates or other entities, it shall use such data in accordance with all applicable laws, regulations and contracts, including the GDPR. Where Formel D, as a Controller, receives personal data from third parties, it shall provide Data Subjects with an appropriate Privacy Notice within a reasonable period after obtaining the Personal Data, at the time of the first communication or first disclosure to another recipient.

Legal Basis for Processing

All personal data processed must be based on a valid legal basis. The most appropriate legal basis depends on the processing activity and a record of such will be documented. The most common legal basis for non-sensitive personal data processing are:

  • Consent
  • Performance of a contract
  • Legal obligation
  • Vital interests
  • Task carried out in the public interest
  • Legitimate interests

Where Formel D uses consent as a legal basis, the record of such consent is maintained. Consent can be withdrawn at any time. Appropriate processes to implement these revocations are implemented.

Use, Retention and Disposal

The purposes, methods, storage limitation and retention period of personal data are consistent with the information contained in the applicable Privacy Notice. Adequate security mechanisms designed to protect personal data are used to prevent personal data from being stolen, misused, or abused and prevent personal data breaches.

Disclosure to Third Parties

Formel D may share an individual’s personal data with customers, business partners, suppliers, contractors and other individuals in connection with services that these individuals or entities perform for, or with, us, if it is necessary and there is a valid legal basis. Whenever a third-party supplier is utilized to process personal data on Formel D`s behalf, Formel D ensures that this supplier can provide security measures to safeguard personal data that are appropriate to the associated risks. We always remain liable in cases of onward transfers of personal data to third parties contracted by us.

Prior to the use of any third party supplier, they must be assessed based on a strict criteria of IT and data privacy security measures. Where applicable, the supplier must only process personal data to carry out its contractual obligations towards Formel D or upon the instructions of Formel D and not for any other purposes.

Formel D may disclose personal data in response to lawful requests by public authorities, including to comply with national security or law enforcement requirements.

International Transfers of Personal Data

Transfers of Personal Data outside of your home country shall always be made in accordance with the data protection principals prescribed by international law and regulations applicable in the relevant countries. When transferring personal data, adequate safeguards will be used, such as including standard contractual clauses issued by the European Commission in contracts with third parties, where applicable.

Response to Personal Data Breaches or Incidents

In the event that Formel D learns of a suspected or actual Personal Data Breach, the DPS will perform an internal investigation and take appropriate remedial measures in a timely manner, according to its Data Incident Identification and Notification procedure. Where there is any risk to the rights and freedoms of Data Subjects, Formel D shall notify the relevant data protection authorities without undue delay and, when possible, within 72 hours, when it is acting as a Controller. Where Formel D acts as Processor, it shall notify the Controller of the Personal Data Breach in a timely manner. The incident will also be escalated to other internal groups for consideration, if necessary.

Continuous Improvement

Improving the level of data protection is a central component of the sustainable development of Formel D.

To this end, we have introduced a process of regular monitoring in order to ensure processing in line with Applicable data privacy laws and regulations and to be able to provide evidence of this.

The data protection requirements and implementation are consistently reviewed with the involvement of the Data Privacy Officer to ensure that they are up to date and effective.

Employees are encouraged to report potential improvements or weaknesses to the relevant department heads. Deviations are analyzed with the aim of improving data protection and keeping it constantly up to date.

Conflicts of Law

This policy is intended to comply with the laws and regulations in the place of establishment of the Formel D Group members. In the event of any conflict between this policy and applicable laws and regulations, the latter shall prevail.

The purpose of this privacy notice is to inform you about the processing of your personal data that we collect from you when you visit our website.

Formel D Group (Formel D GmbH, including all of its subsidiaries and affiliates) commits itself to complying with the legal regulations of the EU’s General Data Protection Regulation (GDPR) as well as other relevant data privacy laws and regulations, as amended and updated from time to time.

At all times your data will be treated in accordance with this Privacy Notice.

1. Responsible Person

Formel D GmbH (“Formel D”) is responsible for the content included on this website. You can contact us here.

2. Contact details of the Data Privacy Officer

We have appointed a Data Privacy Officer who can be contacted below:

Claus Wissing
Sachverständigenbüro Muelot GmbH
Grüner Weg 80
48268 Greven
data-privacy@formeld.com
Phone: 02571-5402-0

3. What personal data is collected from you?

Everytime you access our webpage, retrieve a file, or include information on any of our specific webpages we record specific data about you and data from your device (e.g. computer, mobile phone, tablet, etc), such as:

(1) Information about the type of browser and the version used;
(2) The operating system of the accessing device;
(3) The host name of the accessing computer;
(4) The IP address of the accessing device;
(5) The date and time of access;
(6) Websites and resources (images, files, other page content) that were accessed on our website by you;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Message as to whether the retrieval was successful;
(9) Volume of data transferred.

if you complete our “Contact Us” form. (1) First and last name, email address, company, country of location –

4. Why do we process your data?

The processing of your personal data through the use of our website is based on the following legal basis:

• Legitimate interests – in order to ensure the effective delivery of our website and to combat any potential misuse and eliminate malfunctions. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.
• Consent – if you subscribe to our newsletter or use our contact us form, we will use the personal data you provide to us to send you communications.

The purpose of the processing of your data is necessary during the course of a website visit in order to enable efficient delivery of the website. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.

In respect of the personal data you provide us when you utilize certain services on our website (i.e., contact us form and newsletter subscription) we process this information in order to process your request. If you wish to unsubscribe to our newsletter, you can do so by clicking the “Unsubscribe” button in the emails or by contacting the Data Privacy Officer above. The newsletter is sent by Cleverreach, who acts as a sub-processor for Formel D.

5. Recipients and Transfers to Third Parties

While processing your Personal Data for the purposes indicated above, we utilise a number of third party vendors/suppliers:

• Hosting of the website

In order to provide the content of our site, we work together with a service provider who supports us in providing the server capacities and storage options required for this purpose. Insofar as server access is required within the website, the data collected through this is stored for this purpose on servers of the company:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

Support and maintenance of the website

With regard to the maintenance of the website and the functions available on the website and the maintenance of the website, we work together with the following processor:

INCREON GmbH, Robert-Bürkle-Straße 3, 85737 Ismaning, Germany

For technical reasons, the above-mentioned processor receives in particular insight into the log files of the website within the framework of the interface management of the technical services operated by you.

• Customer Relationship Management

If you complete our Contact Us form, we use a customer relationship management tool from the company

Salesforce, salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich

• Use of web trackers

We collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was accessed, name of the file, date and time of the access, amount of data transferred and report on the success of the access (so-called web log). We use this access data exclusively in a non-personalised form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com – we use Google in order to be able to load further services from Google on the website, such as the data processing required for the provision of streams and fonts and relevant Google search content.

Google Tag Manager service of Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland – Google Tag Manager provides a technical platform for executing and bundling other web tools and web tracking programmes by means of so-called “tags”. For the analysis your surfing behaviour (so-called “tracking”), insofar as web tracking tools are executed using Google Tag Manager. The data generated by the “tags” are compiled, stored and processed by Google Tag Manager under a uniform user interface. All integrated “tags” are listed separately again in this data protection declaration.

Gstatic service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland – Gstatic is a background service used by Google to in particular, ensure the service loads background data for Google Fonts and Google Maps.

YouTube service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland – Videos from the YouTube platform are integrated on our website via the YouTube service. Through the integration, we can display videos directly on our website. If YouTube is activated on our website and a video is played, our website establishes a connection to the servers of Google Ireland Limited and transmits the data required to display the stream or video.

The processing of the personal data collected by the web trackers is based on your consent, which can be withdrawn by updating your settings.

• Use of external web services

Github service of the company GitHub BV, Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands – Github is a cloud service that allows us to upload content such as software / source code etc. to our site.

Google Cloud APIs in order to be able to load additional services from Google on the website, in particular to display the Google Fonts fonts and to provide the Google Maps map.

Google Fonts to be able to integrate attractive fonts on our website in order to be able to show you our website in a visually better version. The service may also be used on our website if other Google services are reloaded on our website that require Google Fonts fonts to run.

As some of the above suppliers/vendors process data outside of the EEA; Formel D will ensure appropriate guarantees are in place for any data transfers in accordance with Chapter 5 of the EU’s General Data Protection Regulation 2016/679, such as, but not limited to, an approved certification mechanism (i.e., EU-US Data Privacy Framework etc) or the European Commissions standard contractal clauses.

6. Retention

Your Personal Data will be stored for as long as necessary for the purpose for which it was collected. Any retention of personal data shall be made in accordance with the applicable laws. For sole website access, the data is deleted no less than 3 months after the end of the respective session.

7. Your Rights

As a Data Subject, you have a number of rights, subject to certain conditions and exceptions contained in applicable laws.

You may have the right to:

• Access and obtain a copy of your data on request;
• Require Formel D to change incorrect or incomplete data;
• Require Formel D to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
• Object to the processing of your data where Formel D is relying on its legitimate interests as the legal ground for processing;
• Ask Formel D to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override Formel D’s legitimate grounds for processing data;
• Receive your Personal Data and have the right to transmit that data to another company;
• Withdraw your consent to the processing of your data, where data processing is based on consent.

Some of the abovementioned rights may be limited depending on the legal basis used for processing and the applicable laws. If you would like to exercise any of these rights, please contact the Data Protection Officer or the Data Privacy Staff listed above.

You have the right to raise a complaint to any Supervisory Authority of your choosing if you believe that Formel D has not complied with your data protection rights. A list of European Union Supervisory Authorities can be found here.

Formel D’s relevant Supervisory Authority is the following:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-999
E-mail: poststelle@ldi.nrw.de

8. Cookies

We use cookies to personalise your user experience and continuously improve our website. Details on the use of cookies on our website, as well as options for changing your cookie settings can be found in the section below.

1. What are Cookies?

Cookies are small text files that are stored on your computer and saved by your browser. Among other things, they are used to determine the frequency of use and the number of users of the webpages and thus make the internet presence more user-friendly and effective. As soon as you visit our websites, cookies are downloaded by the internet browser to your end device, for example as a small text file.

Cookies do not cause any damage to your computer and do not contain viruses. You can prevent the storage of cookies by setting your browser preferences accordingly. If you choose not to accept cookies, it may limit the functionality of the website.

2. What are the Purposes of Cookies?

The cookies are set by our website or the external web services in order to maintain the full functionality of our website, to improve the user-friendliness or to pursue the purpose stated with your consent. Cookie technology also allows us to recognise individual visitors by pseudonyms, e.g. an individual or random IDs, so that we can offer more personalised services.

3. Types of Cookies

Session Cookies:

The use of session cookies is necessary for us to make the website available to you. This represents a legitimate interest for us. The legal basis for processing your personal data when using session cookies is your consent. You can object to the use of session cookies, but please note that without cookies some functions of our website cannot be offered. Your personal data will only be stored for the duration of your use of the website and deleted afterwards. You can revoke your consent at any time. If you withdraw your consent, the lawfulness of processing that took place by reason of consent until its withdrawal remains unaffected.

Persistent Cookies:

Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. With the help of cookies, we are able to track your usage patterns and thereby improve our service to you. They should also optimize your surfing experience on our website.

With your consent, we also integrate cookies from third parties. In this case, the corresponding data packages from third parties are stored in your browser or transmitted to them. You can usually also prevent the use of third-party cookies by adjusting your browser settings accordingly. The legal basis for processing your personal data when using third-party cookies is your consent. In this case you can also revoke your consent at any time. If you withdraw your consent, the lawfulness of processing that took place by reason of consent until its withdrawal remains unaffected.

The button at the bottom left of your browser takes you to our cookie banner to change your most recent settings.

4. Duration of storage

Our cookies are stored until they are deleted in your browser or, if they are session cookies, until the session has expired. Details are listed in the following table.

5. Cookies that we use

Cookie name Server Provider Purpose Legal basis Storage period Type
CONSENT (YouTube) .youtube-nocookie.com YouTube The CONSENT cookie stores the user’s permission to forward the data to YouTube after the user has given their consent. Art. 6 para. 1 lit. c DSGVO (fulfilment of legal obligation) approx. 24 months Cookie banner
LAST_RESULT_ENTRY_KEY www.youtube-nocookie.com YouTube Saves the user settings when retrieving a YouTube video integrated on other websites. Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO (consent) Session Comfort
nextId www.youtube-nocookie.com YouTube This cookie is used to assign a unique ID to the user. This allows data about the behaviour of the website visitor to be collected and used to compile statistics about which YouTube videos have been viewed by the site visitor on different websites. Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO (consent) Session Marketing
requests www.youtube-nocookie.com YouTube We embed videos from our official YouTube channel in YouTube’s private use mode. This mode may set cookies on your computer when you click on the YouTube video player, but YouTube does not store personally identifiable cookie information for the playback of embedded videos in private mode. Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO (consent) Session Configuration
wp-wpml_current_language Formeld.com Website operator The cookie stores language settings or recognises the browser language and directs the user of this website directly to the appropriate multilingual content. Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO (consent) Session Configuration
wp_dlm_downloading Formeld.com Website operator Through this cookie we can collect the number of downloads. Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO (consent) approx. 60 minutes Configuration
wpgeoip_once_redirect Formeld.com Website operator This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site. Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO (consent) approx. 24 hours Configuration
  1. Local Storage and Session Storage

Web storage” technology is a technical option that, similar to cookies, can store data and information on the user’s computer or terminal device.

Data can generally be stored in the web storage in two ways. The designation of the web storage depends on the storage duration. A distinction is made between permanent storage (localStorage) and storage limited to the “session” (sessionStorage). A session begins when the page is called up and ends when the page is exited (e.g. by closing the tab or the browser).

The localStorage or the sessionStorage is accessed via the scripts and web services used on the website.

We have created a table in which we explain the type of data and the purpose of the local or session storage.

Name Art Purpose Legal basis
yt-remote-connected-devices Configuration The Local Storage service is used to determine the optimal video quality based on the visitor’s device and network settings. Art. 6 para. 1 lit. a DSGVO (consent)
yt-remote-device-id Configuration Saves the user settings when retrieving a YouTube video. Art. 6 para. 1 lit. a DSGVO (consent)
ytidb::LAST_RESULT_ENTRY_KEY Configuration Saves the user settings when retrieving a YouTube video. Art. 6 para. 1 lit. a DSGVO (consent)
yt-remote-fast-check-period Session Saves the user settings when retrieving a YouTube video integrated on other websites. Art. 6 para. 1 lit. a DSGVO (consent)
yt-remote-session-app Session Saves the user settings when retrieving a YouTube video integrated on other websites. Art. 6 para. 1 lit. a DSGVO (consent)
yt-remote-session-name Session Saves the user settings when viewing a YouTube video integrated on other websites. Art. 6 para. 1 lit. a DSGVO (consent)
yt-player-bandwidth Configuration The Local Storage service is used to determine the optimal video quality based on the visitor’s device and network settings. Art. 6 para. 1 lit. a DSGVO (consent)
yt-player-headers-readable Configuration The Local Storage service is used to determine the optimal video quality based on the visitor’s device and network settings. Art. 6 para. 1 lit. a DSGVO (consent)
yt.inntertube::nextId Configuration Stores a unique ID to keep statistics of the videos the user has watched. Art. 6 para. 1 lit. a DSGVO (consent)
yt.inntertube::requests Configuration Stores a unique ID to keep statistics of the videos the user has watched. Art. 6 para. 1 lit. a DSGVO (consent)