The protection of your personal data is very important to us. With the following information, we provide you with an overview of how we process your personal data and of your rights under data protection law.

General information and contact details

The controller responsible for data processing is:

Verband der Automobilindustrie e. V. (VDA)
Behrenstr. 35
10117 Berlin
Germany
Tel.: +49 30 897842-0
Fax: +49 30 897842-600
E-mail: [email protected]

For questions regarding data protection and for the exercise of your rights under data protection law (see Section 7), please contact our Data Protection Officer.

You can reach our Data Protection Officer as follows:

Postal address:
Data Protection Officer
Verband der Automobilindustrie e.V. (VDA)
Behrenstr. 35
10117 Berlin
Germany
[email protected]

Below you will first find separate information on data processing via the VDA website and subsequently separate information on data processing within the VDA.

Privacy Notice Regarding the VDA Website

1. What sources and data do we use on the website?

We process only the personal data that is necessary for the respective processing purpose (see section 3). This includes data that we have received directly from you (e.g., data you entered when subscribing to a newsletter).

2. For what purposes do we process your data (purpose of processing) and on what legal basis?

Your personal data is processed in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Web Server Log Files

When visiting our website, access data (e.g., file name, date/time, IP address, browser type) is automatically stored in server log files. This information is used to ensure the technical security and statistical evaluation of the website.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest).

Cookies

Our website uses cookies to provide functionality and improve the user experience. Both technically necessary cookies and – subject to your consent – optional cookies (e.g., for web analytics or personalized content) are used.

When you first visit our website, a cookie banner will appear allowing you to define your preferences. Your selection will be stored in a cookie so that the banner does not appear again on subsequent visits.

You may withdraw your consent at any time with effect for the future and adjust your settings via the following link:

Technically necessary cookies are exempt from this.

Alternatively, you can manage cookie storage through your browser settings. Please note that disabling certain cookies may limit the functionality of the website.

Social Media and External Content (Plugins)

“Share” function

Our website offers the possibility to share content via links to Facebook, TikTok, Instagram and LinkedIn. Only when you click on the respective symbol will you leave our website and be redirected to the respective platform. In this process, data may be transmitted to the respective provider. We have no influence over the scope and purpose of the data processing carried out there.

YouTube

We use plugins of the YouTube service on our website (Google Ireland Limited, Ireland; or Google LLC, USA). A data connection to YouTube is only established after you have explicitly given your consent. Only with your consent will the respective YouTube video be loaded and a connection to YouTube servers be established. In this process, personal data, in particular your IP address and possibly further technical information, may be transmitted to YouTube. If you are logged into your YouTube or Google account, YouTube may also associate your usage behavior with your personal profile. You can prevent this by logging out of your YouTube account before activating the video.

The processing of your data takes place on the basis of your consent in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy

Vimeo

For the provision of video content, we use plugins of the video portal provider Vimeo (Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA) after obtaining your consent. Vimeo is an internet video portal that allows video publishers to upload video clips and other users to watch videos. By means of the plugin, we can integrate video content that has been published on Vimeo into our website.

These videos are initially blocked. Only after you have given your consent to play the respective video by interacting with the plugin (e.g. by pressing the start button of a video) will a connection to the Vimeo server be established and the video loaded. The content of the plugin is then transmitted directly by Vimeo to your browser and embedded in the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not logged into Vimeo. If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account.

This information, including your IP address, is transmitted directly from your browser to a server of Vimeo in the United States and stored there. If you do not wish such transmission of information to Vimeo, you can prevent this by logging out of your Vimeo user account before using our website and deleting the corresponding Vimeo cookies.

The use of Vimeo is based on Article 6(1)(a) GDPR. By activating the plugin, you give your consent to the processing of data.

Further information on the purpose and scope of data collection as well as the further processing and use of data by Vimeo and your related rights and settings options for protecting your privacy can be found in Vimeo’s privacy policy: https://vimeo.com/privacy

Provision of the website and technical security through Cloudflare

Our website is delivered via the content delivery network (CDN) Cloudflare of Cloudflare Inc. (USA). Cloudflare is used for the secure, fast and reliable delivery of our web content. For this purpose, Cloudflare processes technically necessary data, in particular your IP address, browser and device information, access times as well as the requested content. The use of Cloudflare also protects our website against abusive access, DDoS attacks and other malicious activities.

In addition, we use the Cloudflare function Turnstile, which is intended to detect automated access (bots) and prevent misuse of our contact forms. Unlike conventional CAPTCHAs, Turnstile does not set tracking cookies and is used exclusively for security verification. In this process, technical information about your device and your browser environment may be processed.

The processing takes place on the basis of Article 6(1)(f) GDPR, the legitimate interest of the VDA in ensuring the technical security, functionality and stability of its websites and in preventing misuse. Cloudflare processes the data as our processor. In individual cases, personal data may be transferred to the United States. The protection of your data is ensured by the conclusion of the Standard Contractual Clauses approved by the European Commission.

Further information on data processing by Cloudflare can be found in Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy

Analytics tools

In order to improve our website and to tailor its content to users’ needs, we use analytics tools. In this context, personal data are processed on the basis of Article 6(1)(f) GDPR, namely the VDA’s legitimate interest in optimizing its digital services, measuring reach and presenting content in a user-friendly manner.

Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited (Ireland; where applicable Google LLC, USA). Google Analytics is used exclusively on the basis of your express consent. The purpose of the processing is the statistical evaluation of user behaviour in order to improve our online offering from both a technical and content-related perspective, to increase user-friendliness and to analyse the reach and effectiveness of our content and communication measures.

The legal basis for the data processing is your consent pursuant to Article 6(1)(a) GDPR, which you may withdraw at any time with effect for the future.

Google Analytics uses cookies that are stored on your end device and collect information about your use of our website. This includes, for example, pages visited, duration of visit, technical information about your device and your IP address. We have activated IP anonymisation (IP masking), so that your IP address is shortened within the EU or the EEA before any transmission to Google servers in the USA takes place. Only in exceptional cases will the full IP address be transmitted.

Google processes the collected data on our behalf in order to compile reports on website activity and to provide further services related to website use. The IP address transmitted within the framework of Google Analytics is not merged with other Google data.

You may withdraw your consent at any time via our consent management tool. In addition, you may disable the storage of cookies in your browser settings, although this may restrict the functionality of the website, or install the browser plugin to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
.

Matomo

For the analysis and optimisation of our website, we use the privacy-friendly web analytics service Matomo (open source). The processing is carried out on the basis of Article 6(1)(f) GDPR, namely the VDA’s legitimate interest in understanding the use of its website, tailoring content to users’ needs and improving technical functionality and reach.

Matomo may use cookies which make it possible to recognise returning visitors and to carry out statistical evaluations more accurately. So-called fingerprinting is also used, whereby automatically transmitted technical information such as IP address, screen resolution, page URL and browser settings is evaluated. In this process, the IP address is pseudonymised directly so that no conclusions can be drawn about individual persons.

However, these cookies are only set if you have expressly consented to this in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time via the consent management tool used for this purpose.

Services on the Website
In order to promote the interests of the automotive industry, the VDA provides various services on its website for all interested parties.

Ordering information materials
Information materials relating to topics of the automotive industry (e.g. publications, recommendations, educational materials or training information) can be ordered via the website. For this purpose, the required data must be entered into a contact form. The data are processed for the purpose of fulfilling contractual obligations pursuant to Article 6(1)(b) GDPR.

Member area
The VDA provides its members with a protected area in which they can find an overview of the VDA committees as well as the respective topics, dates and relevant links. For this purpose, you must register using your personal data. The data provided during registration are used solely for the purpose of login and verification and are processed on the basis of your consent pursuant to Article 6(1)(a) GDPR.

Contact form
The VDA offers the possibility of contacting the association directly. For this purpose, you must enter the data required for communication in a contact form. The data entered in the form are processed by the VDA solely for the purpose of communicating directly with you and on the basis of your consent pursuant to Article 6(1)(a) GDPR. The data you enter in the contact form will remain with us until you request deletion, withdraw your consent to the storage of the data or the purpose for storing the data no longer applies (for example after the processing of your request has been completed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

Privacy Notice for Data Processing within the VDA

1. What sources and data do we use within the VDA?

We process only the personal data that are necessary for the respective purpose of processing (see section 3). These include data that we have received directly from you, for example data that you have entered in a contact form or otherwise communicated to us, contact details of representatives reported to us by members of the VDA, as well as data that we have lawfully obtained from publicly accessible sources (for example the internet, media or press) and that may be processed.

2. For what purposes do we process your data (purpose of processing) and on what legal basis?

The aforementioned personal data are processed by us in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act in its current version (BDSG). The VDA is also the organizer of the International Motor Show (IAA). Separate privacy notices published on the IAA website apply to this event.

The association represents and promotes the interests of the entire German automotive industry, in particular the common interests of its members in all areas of the transport economy. In addition to the development and formulation of common positions, this also requires dialogue with politics and society. For this purpose, the following processing activities are carried out.

Committee work

• The VDA organizes its work, among other things, through committees (for example committees and working groups) covering various topics of the automotive industry. These committees consist of representatives of the members whose data are processed for this purpose on the basis of the performance of a contract pursuant to Article 6(1)(b) GDPR as well as on the basis of legitimate interest pursuant to Article 6(1)(f) GDPR. External third parties may participate in committee meetings upon invitation of the VDA. Their data are processed on the basis of their consent pursuant to Article 6(1)(a) GDPR. For this purpose and on the same legal bases, communication and the transmission of information relating to automotive topics to the representatives of the members and any third parties involved in committee meetings also take place (for example newsletters).

Association policy

• In order to introduce the positions and interests of the German automotive industry into the political discourse, the VDA communicates and sends information on association-related topics to members of parliament, ministerial officials and other associations. Their data are processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR.

Public relations

• For the purpose of political and societal dialogue, the VDA conducts public relations activities. The related processing of personal data is carried out on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR.
  • Press and communications work: For this purpose, the VDA sends information to press officers, journalists and media representatives (e.g. distribution of VDA press releases, invitations to press events).
  • Public relations activities also include sending informational materials relating to association topics to other interested parties and stakeholder groups in the automotive sector with whom the VDA is already in contact in the context of representing the interests of the automotive industry, for example the annual report or policy briefings. Invitations to expert events organized by the VDA on automotive topics serve the same purpose.

Services

• The VDA offers various services to all interested parties.
  • The VDA organizes expert events and information events relating to automotive topics for professional and political dialogue. Participants may register for these events by providing the required data in a contact form. The data are processed for the performance of contractual obligations pursuant to Article 6(1)(b) GDPR. If film and/or photographic recordings are made at these events, by participating you declare your consent to the creation, processing and use of image, video and audio recordings for documentation purposes as well as for press and public relations activities of the VDA. Your data will be stored unless and until you declare a withdrawal to us. If you do not agree to this, please contact the contact details listed in section 1.
  • Information materials relating to the automotive industry (for example publications, recommendations, educational materials or training information) may also be ordered. For this purpose, the required data must be entered in a contact form. The data are processed for the performance of contractual obligations pursuant to Article 6(1)(b) GDPR.
  • It is also possible to subscribe to a free newsletter on our website. The processing is carried out on the basis of Article 6(1)(a) GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent until the withdrawal. You may unsubscribe from the newsletter at any time using the corresponding link contained in the newsletter or by notifying us accordingly. Your email address and name will then be removed from the distribution list. You also consent to the evaluation of personal user behaviour through newsletter tracking.
    For this purpose, we analyse user behaviour by means of tracking pixels and specific link URLs. For subscription to our newsletter we use the so-called double opt-in procedure. This means that after you register, we send an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter.
    Your data are processed by a service provider commissioned by us for email marketing.

Operational activities

• For the operation of the association, the VDA maintains business relationships with business partners such as suppliers or catering providers. This includes communication with and the provision of information to these business partners. Their data are processed for the performance of contractual obligations pursuant to Article 6(1)(b) GDPR.

Who are the recipients of your personal data?

a. Internal recipients

Within the VDA, only those departments and employees who require access to your personal data in order to fulfil their functions or tasks will have access to such data.

b. External recipients

We only disclose your personal data to external recipients if this is necessary for the fulfilment of the purposes mentioned above, if another legal permission or obligation exists, or if you have given your consent. External recipients may include the following.

Data processor

External service providers acting as processors whom we engage for the provision of services, in particular IT services. These processors are carefully selected and regularly monitored by us to ensure that they comply with the legal requirements of data protection law. They may use the data provided by us only for the purposes specified by us.

Banks and payment service providers

Banks and payment service providers may receive data for the purpose of processing payments and credit checks. One of the payment service providers used in our web shop is PAYONE (PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, Germany). If you make payments at an event stand on site, we also use payment terminals provided by PAYONE to process payments. In these cases PAYONE also acts as the acquirer. The processing of data by PAYONE takes place under PAYONE’s own responsibility. Further details regarding data processing by PAYONE can be found in PAYONE’s privacy policy:
https://www.payone.com/DE-de/dsgvo

The legal basis for the transmission of payment information to payment service providers is the performance of a contract and our legitimate interest in carrying out payment transactions pursuant to Article 6(1)(b) and (f) GDPR. The legal basis for storing your data for a period of generally three years, insofar as this may be relevant for potential legal disputes, is our legitimate interest in defending ourselves against possible claims pursuant to Article 6(1)(f) GDPR. The provision of personal data is mandatory for the conclusion of a contract.

Public authorities

Public authorities such as tax authorities may also receive personal data where we are legally required to transmit such data.

Other bodies may also gain access to your personal data in individual cases within the framework of applicable data protection requirements. In such cases, the confidentiality required by law is ensured.

c. Transfer to third countries

If we transfer your data to recipients in third countries outside the European Union or the European Economic Area, we ensure that either an adequacy decision exists for the respective third country, the transfer is permitted on the basis of statutory exceptions (for example your explicit consent), or appropriate safeguards are in place to ensure an adequate level of data protection. You may contact us using the contact details above to obtain a copy of the relevant safeguards.

How long are personal data stored?

The duration for which your data are stored depends on the purpose of the data processing. We therefore store your data only for as long as is necessary for the purposes for which they are processed.

If we process your personal data on the basis of your consent, we also store the documentation of your consent until the end of the third calendar year after withdrawal of the consent in order to comply with our legal obligations to provide proof and to safeguard our legitimate interest in demonstrating consent in the event of a legal dispute. The legal basis for this processing is Article 6(1)(c) in conjunction with Article 5(1)(a), Article 5(2) and Article 7(1) GDPR as well as Article 6(1)(f) GDPR.

If the data are no longer required for the fulfilment of the purpose, they are regularly deleted unless further processing is necessary for the fulfilment of statutory retention obligations under commercial or tax law or for the preservation of evidence within the framework of statutory limitation periods.

All data relevant to contracts and accounting are stored in accordance with statutory tax and commercial retention periods for a period of ten calendar years after the end of the contract. Data that may be relevant for the defence against possible claims are stored for three years (statutory limitation period).

What data subject rights exist?

Right of Access: You have the right to access the personal data we process about you.

Right to Rectification: You may request that we correct any inaccurate personal data about you. You may also request that we complete any incomplete personal data.

Right to Erasure: In certain cases, you may request that we erase your personal data.

Restriction of processing: In certain cases, you may request that the processing of your data be restricted.

Data portability: If you have provided data based on a contract or consent, you may request to receive the data you have provided in a structured, commonly used, and machine-readable format, or to have it transferred to another data controller.

Right to object on grounds relating to your particular situation: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(f) of the GDPR; this also applies to profiling based on these provisions. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
Right to object to the processing of data for direct marketing purposes: In certain cases, your data is processed for the purpose of direct marketing. You have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Withdrawal of Consent: If you have given your consent to the processing of your data, you may withdraw it at any time with future effect. The lawfulness of the processing of your data prior to withdrawal remains unaffected.

Exercising Your Rights: To exercise any of the rights listed above, please contact us at [email protected] or by mail at the address provided in Section 1 above. Please ensure that we are able to clearly identify you.

Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your workplace, or the place where the alleged infringement occurred, if you believe that the processing of your personal data is unlawful.