As Ibeo Automotive Systems GmbH („Ibeo“) we take data protection very seriously. This information consists of two parts.

The first part informs you how we process your data and what claims and rights you are entitled to under data protection regulations.

The second part contains supplementing information for the visit on our website.

For legislative and/or organizational reasons changes or amendments will be necessary from time to time. For this reason please be sure to refer to the current version.

Part I

1.1     Office responsible for data processing and contact data

responsible office in the meaning of data-protection law

Ibeo Automotive Systems GmbH

Merkuring 60-62

22143 Hamburg

+49 40 298 676 - 0

info@ibeo-as.com

Contact data of our data-protection officer:

HEC Harald Eul Consulting GmbH

Datenschutz + Datensicherheit

Auf der Höhe 34

50321 Brühl

datenschutz-ibeo-as@he-c.de

1.2    Purposes and legal foundations upon which we process your data

We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutzgesetz - BDSG) and other applicable data-protection provisions (details are provided in the following). The details of which data are processed and how they are used depends largely on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e. g. in the context of the use of our website or our terms and conditions).
 

1.2.1  Purposes pursuant to fulfilment of an agreement or pre-contractual measures (Art. 6, section 1 b of the GDPR)
The processing of personal data is carried out in order to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e. g. with interested parties. In particular, the processing thus serves to provide services regarding the LiDAR-systems according to your orders and wishes and include the necessary services, measures and activities. This essentially includes contract-related communication with you, the verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. Parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security ((inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal offences; control by supervisory bodies or supervisory authorities (e. g. auditing).
 

1.2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6, section 1 f of the GDPR)

Above and beyond the actual fulfilment of the (pre-) agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:

  • advertising or market and opinion research, as far as you have not objected to the use of your data;
  • obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
  • the examination and optimization of processes for needs analysis;
  • the further development of services and products as well as existing systems and processes;
  • the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
  • for comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations;
  • the enrichment of our data, e. g. by using or researching publicly accessible data;
  • statistical evaluations or market analysis;
  • of benchmarking;
  • the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship;
  • the restricted processing of data, if a deletion is not possible or only possible with disproportionately high effort due to the special type of storage;
  • the development of scoring systems or automated decision-making processes;
  • the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
  • building and plant security (e. g. by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
  • internal and external investigations, safety reviews;
  • Preservation and maintenance of certifications of a private-law or official government nature;
  • the seizure and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.

     

1.2.3   Purposes within the framework of your consent (Art. 6, section 1 a of the GDPR)

Your personal data can also be processed for certain purposes (e.g. use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) including as a result of your consent. As a rule, you can revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e. prior to 25 May 2018. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent.                
Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.


1.2.4  Purposes relating to adherence to statutory requirements (Art. 6, section 1 c of the GDPR) or in the public interest (Art. 6, section 1 e of the GDPR)

Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws, product specific provisions), but also if applicable supervisory law or other requirements set out by government authorities (e.g. international trade laws, customs laws). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terror lists),  compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.


1.3     The categories of data that we process as long as we do not receive data directly from you, and its origin

If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g. credit agencies). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions.

Relevant personal data categories may in particular be:

  • personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data)
  • contact data (address, e-mail address, telephone number and similar data)
  • Address data (population register data and comparable data)
  • payment confirmation/confirmation of cover for bank and credit cards
  • ­information about your financial situation (creditworthiness data including scoring, i. e. data for assessing the economic risk)
  • customer history
  • data about your use of the telemedia offered by us (e. g. time of access to our websites, apps or newsletter, clicked pages/links of us or entries and comparable data)
  • Video data

 

1.4     Recipients or categories of recipients of your data

At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations or that require such data within the framework of processing and implementing our legitimate interests. 
Your data is disclosed/passed on to external offices and persons solely

  • in connection with the execution of the contract;
  • for purposes where we are obligated or entitled to give information, notification or forward data (e.g. employer's liability insurance association, health insurance schemes, fiscal authorities) in order to meet statutory requirements or where the forwarding of data is in the public interest (see number 2.4);
  • to the extent that external service-provider companies commissioned by us process data as contract processors or parties that assume certain functions (e.g. external data centres, support and maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing plants or companies for data disposal, courier services, logistics);
  • as a result of our legitimate interest or the legitimate interest of the third party within the framework of the purposes cited under number 2.2 (e.g. to government authorities, credit agencies, collection agencies, attorneys, courts of law, appraisers, companies belonging to company groups and bodies and control instances) ;
  • if you have given us consent to transmit data to third parties.

 

We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.


1.5     Length of time your data is stored

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO). The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under §§ 195 ff. of the German Civil Code (BGB), the regular time-barred period is three years, but time-barred periods of up to 30 years may also be applicable.

If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing - for a limited period - is necessary to fulfil the purposes listed under number 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense and processing for other purposes is excluded by appropriate technical and organisational measures.
 

1.6     Processing of your data in a third country or through an international organisation

Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. if you are despatched to another country), such is required by law (e.g. notification obligations under tax law), such is in the legitimate interest of us or a third party or you have issued us your consent to such.

At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of a reasonable level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data-protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.

You can request information on the suitable or reasonable guarantees and the possibility, how and where to receive a copy of these from the company data-protection officer or the human resources department in charge of you.
 

1.7     Your data-protection rights

If certain conditions are met, you can assert your data-protection rights against us

  • Thus, you have the right to receive information from us on the data stored on you in accordance with the rules of Art. 15 of the GDPR (if applicable with restrictions in accordance with § 34 of the German Federal Data-Protection Act (BDSG))
  • If you so request, we shall correct data stored on you in accordance with Art. 16 of the GDPR if such data is incorrect or flawed.
  • If you so desire, we shall delete your data in accordance with the principles of Art. 17 of the GDPR if such is not prevented by other statutory provisions (e.g. statutory retention obligations or the restrictions laid down in § 35 of the German Federal Data-Protection Act (BDSG)) or an overriding interest on our part (for example, to defend our rights and claims)
  • Taking into account the preconditions laid down in Art. 18 of the GDPR, you can demand that we restrict the processing of your data .
  • Furthermore, you can file an objection to the processing of your data in accordance with Art. 21 of the GDPR, as a result of which we have to stop processing your data. This right of objection only applies, however, if very special circumstances characterise your personal situation, whereby the rights of our company may run counter to your right of objection.
  • You also have the right to receive your data in accordance with the arrangements laid down in Art. 20 of the GDPR in a structured, commonplace and machine-readable format or transmit such data to a third party.
  • You furthermore have the right to revoke consent that has been issued to us to process personal data at any time effective into the future (see number 2.3).
  • You are in addition entitled to file a complaint with a data-protection supervisory authority (Art. 77 of the GDPR). We recommend, however, to first always send a complaint to our data-protection officer.
     

Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.

Scope of your obligations to provide us your data

You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to conclude the agreement or continue to perform such. This may also relate to data that is required later within the framework of the contractual relationship. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.

1.8     Presence of an automated decision made in individual cases (including profiling)

We do not use any purely automated decision-making procedure as set out in Article 22 of the GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.

Under certain circumstances, we may process your data in part with the aim of evaluating certain personal aspects (profiling).

In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable a needs-oriented product design, communication and advertising including market and opinion research.

Such procedures can also be used to assess your solvency and creditworthiness as well as to combat money laundering and fraud. "Score values" can be used to assess your creditworthiness and creditworthiness. In the case of scoring, the probability is calculated using mathematical methods with which a customer will meet his payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing our creditworthiness, decision-making in the context of product deals and are incorporated into our risk management. The calculation is based on mathematically and statistically recognised and proven methods and is based on your data, in particular income, expenditure, existing liabilities, profession, employer, length of service, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies.

Information on nationality and special categories of personal data according to Art. 9 GDPR are not processed.

 

Information on your right of objection under Art. 21 of the GDPR

  1. You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f of the GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e of the GDPR (data-processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Art. 4, no. 4 of the GDPR.

    If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and 
    freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
     
  2. We will also use your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future.

    We shall no longer process your data for the purpose of direct advertising if you object to processing for this purpose.

The objection can be filed without adhering to any form requirements and should if possible be sent to

Ibeo Automotive Systems GmbH
Merkuring 60-62
22143 Hamburg

Part II

Supplementing information for the visit on our website

2.1 Internet browser log data

When you visit our web pages, personal data is also processed.

In order for the pages to be displayed in your browser, the IP address of the end device you are using must be processed. In addition, there is further information about the browser of your end device.

Under data protection law, we are also obliged to guarantee the confidentiality and integrity of the personal data processed with our IT systems.

For this purpose, the following data is logged:

  • Date of access
  • Time of access
  • URL of the referring website
  • Retrieved file
  • Amount of data transferred
  • Browser type and version
  • Operating system
  • IP address

The IP address is deleted from all systems used in connection with the operation of this website after 7 days at the latest. We can then no longer establish a personal reference from the remaining data.

The data is also used to correct errors on the website.

The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the operation of this website and the associated implementation of the protection goals of confidentiality, integrity and availability of the data.
 

2.2 Contact options via the website

The website www.ibeo-as.com of Ibeo Automotive Systems GmbH contains information that enables a quick electronic contact to our company as well as an immediate communication with us, which also includes an e-mail address. In addition, there are contact forms where the personal data collected is derived from the input mask used for this purpose. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject.

The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the communication with customers and interested parties.
 

2.3 Newsletter

On the website of Ibeo Automotive Systems GmbH, users are given the opportunity to subscribe to the newsletter. Which personal data is processed when ordering the newsletter, results from the input mask used for this purpose. When registering for the newsletter, a confirmation e-mail is sent to the registered e-mail address using the double opt-in method for legal reasons. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorized the receipt of the newsletter.

The personal data collected as part of a registration for the newsletter is used exclusively for sending our newsletter, i.e. e-mails with information about publications, events, services and our company. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. The subscription to our newsletter can be revoked at any time. For the purpose of revocation, a corresponding link can be found in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter at any time by sending an e-mail to marketing@ibeo-as.com.

We use tracking for statistical evaluation of the newsletter and to optimize our information offering. In the tracking, we record the openings and internal clicks.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 a) GDPR.
 

2.4 Registration for events, webinars and seminars

When registering for our seminars and events, we collect personal data. The personal data that is processed is indicated in the input mask used for this purpose. Such personal data transmitted voluntarily by a data subject to the data controller will be processed for the purposes of processing in the context of the event, webinar or seminar and for contacting the data subject.

In the context of the implementation of webinars, the following personal data will also be transmitted to us by the webinar service provider after completion of the webinar:

- Participation yes/no

- Questions submitted during the webinar

- Duration of participation

We store the information as to whether or not participation has taken place and the questions submitted and use this data to provide the person concerned with information on the webinar topic afterwards. The information about the duration of participation is provided by default by the webinar service provider and is not used by us.

The legal basis for this data processing is the participation contract for the event pursuant to Art. 6 (1) b) GDPR.
 

2.5 Download of publications and e-books

On the website of ibeo Automotive Systems GmbH, users are given the opportunity to request publications. Which personal data is processed when ordering the publication results from the input mask used for this purpose. If a data subject requests a publication via a form, the personal data provided by the data subject will be stored. The personal data collected in the context of a request for publications and e-books will be used to send the requested publication or the link to download the publication. Furthermore, we reserve the right to contact the person concerned by e-mail, telephone or mail for sales purposes.

The legal basis for this data processing is the contract pursuant to Art. 6 para. 1 lit. b) GDPR.
 

2.6 Cookies

General information on the use of cookies

When visiting and using our website, cookies are stored on your computer. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a character string that enables the browser to be uniquely identified when the website is called up again.

The legal basis for data processing when using essential cookies is Art. 6 para. 1 p. 1 lit. f DS-GVO, when using all other cookies the legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO. For more information on individual cookies, please see the information in the cookie banner on the website. You can revoke your consent at any time by calling up the cookie banner again. This can be done by clicking on the icon at the bottom left of the screen.

If we do not process your data on the basis of your explicit consent, your personal data will only be processed to the extent necessary to protect our legitimate interests or the legitimate interests of a third party and to the extent that this does not override your interests or fundamental rights and freedoms that require the protection of personal data.

2.7 Google Tag Manager

This website uses the Google Tag Manager. With Google Tag Manager it is possible to manage website tags through one interface. The Tag Manager tool itself is a cookieless domain. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. For more information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard, please contact: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland; privacy policy http://www.google.de/tagmanager/faq.html as well as the privacy statement: http://www.google.de/intl/de/policies/privacy.

In exceptional cases, personal data is also transferred to the USA and stored there. In principle, the USA has a level of data protection which, in the opinion of the ECJ, does not fully match the level of data protection available in the EU. There is no adequacy decision by the European Commission or suitable guarantees. In particular, there is a risk, and it cannot be ruled out, that government authorities may also gain access to this data under the laws applicable there, with only limited possibilities for legal protection. There is a data protection agreement with Google including the EU Standard Contractual Clauses with Google. Further information from Google at: https://privacy.google.com/businesses/compliance/#!#gdpr

The legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a) DS-GVO.
 

2.8 YouTube videos

We have integrated YouTube videos into our website, which are stored on http://www.Youtube.de or http://www.YouTube.com and can be played directly from our website. By visiting our website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data that is compulsorily collected for technical reasons each time you visit our website is passed on to YouTube. For more information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard, please contact: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland; https://www.google.de/intl/de/policies/privacy.

The data processing, in particular the data transfer to YouTube, is carried out for the purpose of simplifying the use of our media content and increasing the attractiveness of our website.

In exceptional cases, personal data is also transferred to the USA and stored there. In principle, the USA has a level of data protection which, in the opinion of the ECJ, does not fully match the level of data protection available in the EU. There is no adequacy decision by the European Commission or suitable guarantees. In particular, there is a risk, and it cannot be ruled out, that government authorities may also gain access to this data under the laws applicable there, with only limited possibilities for legal protection. There is a data protection agreement with Google including the EU Standard Contractual Clauses with Google. Further information from Google at: https://privacy.google.com/businesses/compliance/#!#gdpr

The legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a) GDPR.
 

2.9 Test vehicles with camera

The purpose of the camera data collection is to test Ibeo's own LiDAR sensors under real conditions, for example in real road traffic, in order to ensure product safety and to continuously develop the products according to the state of the art.

The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR.

Right to erasure: Since an identification of the data subject is not required for the processing of the data, this is also not carried out. According to Art. 11 GDPR, personal data can nevertheless be deleted if the data subject provides further data to identify the person. For this purpose, please fill out the following form, indicating the vehicle registration number.
 

2.10 Security and encryption

Ibeo protects the customer data collected by storing the data on password-protected servers secured by firewalls and by using encryption techniques to protect it from unauthorized access. Data transmitted to us during the use of the website is transferred using SSL encryption technology.

Even though we try to offer you a secure environment for your data with these precautionary measures, no absolute security of your data can be guaranteed on the Internet. We therefore recommend that you take every possible precaution to protect your personal data when connecting to the Internet. Please pay particular attention to the use of secure passwords, sufficient and up-to-date virus scanners and a secure browser.
 

2.11 External links

Hyperlinks on our websites or advertising banners take you to websites of third-party companies that are subject to different data protection practices. Ibeo does not adopt the content of these websites as its own and is not liable for them or for the data protection practices of other providers that can be reached via the hyperlinks on our websites.

 

 

Contact form