Data protection
The controller defined by the General Data Protection Regulation (GDPR) is:
Mercedes-Benz Customer Solutions GmbH („We“)
Industriestraße 19
70565 Stuttgart
Deutschland
E-Mail: customersolutions@mercedes-benz.com
Data protection officer:
Mercedes-Benz Group AG
Corporate representative for Data Protection
HPC E600
D-70546 Stuttgart
Deutschland
E-Mail: data.protection@mercedes-benz.com
1. Data Protection
We appreciate you visiting our website and your interest in the products we offer. Protecting your personal data is very important to us. In this Privacy Policy, we explain how we collect your personal information, what we do with it, for what purposes and on what legal foundation we do so and what rights you have on that basis. We will also refer you to Mercedes-Benz Group's Data Protection Policy:
Data Protection Policy
Our privacy statement on the use of our websites and the Mercedes-Benz Group AG Data Protection Policy do not apply to your activities on the websites of social networks or other providers that can be accessed using the links on our websites. Please read the data protection provisions on the websites of those providers.
2. Collecting and Processing Your Personal Information
a. Whenever you visit our websites, we store certain information about the browser and operating system you are using; the date and time of your visit; the status of the interaction (e.g. whether you were able to access the website or received an error message); the usage of features on the website; any search phrases you entered; how often you visit individual websites; the names of the files you access; the amount of data transferred; the Web page from which you accessed our website; and the Web page you visited after visiting our website, whether by clicking links on our websites or entering a domain directly into the input field of the same tab (or window) of the browser in which you have our websites open. In addition, we store your IP address and the name of your Internet service provider for seven days. This is for security reasons; in particular, to prevent and detect attacks on our websites or attempts at fraud.
b. We will store other personal information only if you share that information; for instance, by filling out a registration form, contact form, survey, contest entry or to execute a contract. In such cases, we will store only the data we are allowed to keep based on consent given by you or in accordance with applicable legal regulations (more information on this can be found in the section titled "Legal Foundation for Processing").
c. You are neither legally nor contractually obligated to share your personal information. However, certain features of our websites may depend on the sharing or personal information. If you do not provide your personal information in such cases, you may not be able to use those features, or they may be available with limited functionality.
3. Purpose of Use
a. We use the personal information collected during your visit to any of our websites to make using them as convenient as possible for you and to protect our IT systems against attacks and other unlawful activities.
b. If you share additional information with us – for example, by filling out a registration form, contact form, chat, survey, con-test entry or to execute a contract with you – we will use that information for the designated purposes, purposes of customer management and – if required – for purposes of processing and billing and business transactions within the required scope in each instance.
c. For other purposes (e.g. display of personalized content or advertising based on your usage behaviour), we and, if applicable, selected third parties, use your personal data if and to the extent you give your consent through our consent management system. You will find further information and decisionmaking options under www.mercedes-benz-customer-solutions.com/ in the footer at the bottom of the website.
d. In addition, we use personal data to the extent that we are legally obliged to do so (e.g., storage for the fulfilment of commercial or tax-related retention obligations, release in accordance with official or judicial orders, e.g. to a law enforcement authority).
4. Transfer of Personal Information to Third Parties; Social Plugins
a. Our websites may also contain third-party offers. If you click on any such offers, we will transfer the amount of data required to the appropriate provider (e.g. the fact that you found the offer in question on our website and, if applicable, additional information that you have already provided for this purpose on our websites).
b. On our websites, whenever we use so-called "social plugins" from social networks like Facebook, Twitter and Google+, we incorporate them in the manner described below.
When you visit our websites, social media plugins are deactivated. That means no information whatsoever is transferred to the operators of those networks. If you wish to use one of the networks, click on the appropriate plugin in order to be connected directly to that network's server.
If you have a user account with that network and are logged in at the moment you activate the plugin, the network will be able to detect your visit to our websites and assign it to your user account. If you wish to prevent that, please log off from the network before activating the social plugin. A social network will not be able to detect that you have visited other Mercedes-Benz Group websites unless you have activated its social plugin on those sites as well.
When you activate a social plugin, the network transfers the content thus made available directly to your browser, which incorporates it into our websites. In that situation, data transfers initiated and controlled by the respective social network may also take place. Your connection to a social network, the data transfers that take place between the network and your system, and your interactions on that platform are governed exclusively by the respective network's data protection provisions.
The social plugin will remain active until you deactivate it or delete your cookies.
Whenever you click on the link to an offer or activate a social plugin, your personal information may be transferred to providers in countries outside the European Economic Area that, from the standpoint of the European Union ("EU"), do not guarantee an "appropriate level of protection" meeting EU standards for processing personal information. Please keep these circumstances in mind before you click on a link or activate a social plugin, thereby causing your data to be transferred.
5. Cookies
a. Cookies may be used when you are visiting our websites. Technically, these are so-called HTML cookies and similar software tools such as Web/DOM Storage or Local Shared Objects (so-called "Flash cookies"), which we collectively refer to as cookies.
b. Cookies are small files that are stored, and later read out, on your desktop, notebook or mobile device while you visit a website. Cookies make it possible, for example, to determine whether there has already been a connection between the device and the websites; take into account your preferred language or other settings, offer you certain certain functions (e.g. online shop, vehicle configurator) or recognize your us-age-based interests. Cookies may also contain personal data.
c. Whether and which cookies are used when you visit our websites depends on which areas and functions of our websites you use and whether you agree to the use of cookies that are not strictly, typically for technical reasons, required in our Consent Management System. You will find further information and decision-making options under www.mercedes-benz-customer-solutions.com/ in the footer at the bottom of the website.
d. The use of cookies also depends on the settings of the web browser you are using (e.g., Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies; however, you can usually change this setting. You can delete stored cookies at any time. Web/DOM storage and local shared objects can be deleted separately. You can find out how this works in the browser or device you are using in the manual of the learner.
e. The consent to, and rejection or deletion of, cookies are tied to the device and also to the respective web browser you use. If you use multiple devices or web browsers, you can make decisions or settings differently.
f. If you decide against the use of cookies or delete them, you may not have access to all functions of our websites or individual functions may be limited.
6. Security
We take technical and organizational security measures in order to protect your information managed by us from being tampered with, lost, destroyed or accessed by authorized individuals. We are continuously improving our security measures in line with technological advancements.
7. Legal Foundations for Processing
a. If you have given us your consent to process your personal information, then that is the legal foundation for processing it (Art. 6, para. 1, letter a, of the EU's General Data Protection Regulation, or GDPR). Regarding consent to transfer of data to recipients outside of the European Economic Area (Art. 49 para. 1 sentence 1 lit. a GDPR), please refer to section 12.
b. Art. 6, para. 1, letter b, of the GDPR is the legal basis for processing personal information for the purpose of entering into a contract or performing a contract with you.
c. If processing your personal information is required to fulfill our legal obligations (e.g. data retention), we are authorized to do so by Art. 6, para. 2, letter c, of the GDPR.
d. Furthermore, we process personal information for purposes of protecting our legitimate interests as well as the interests of third parties in accordance with Art. 6, para. 1, letter f of the GDPR. Examples of such legitimate interests include maintaining the functionality of our IT systems as well as the (direct) marketing of our products and services (to the extent not covered by your consent) and those of third parties and the legally required documentation of business contacts. As part of the consideration of interests required in each case, we take into account various aspects, in particular the type of personal information, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal information.
8. Deleting Your Personal Information
Your IP address and the name of your Internet service provider, which we store for security reasons, are deleted after seven days. Moreover, we delete your personal information as soon as the purpose for which it was collected and processed has been fulfilled. Beyond this time period, data storage only takes place to the extent made necessary by the legislation, regulations or other legal provisions to which we are subject in the EU or by legal provisions in third-party countries if these have an appropriate level of data protection. Should it not be possible to delete data in individual cases, the relevant personal data are flagged to restrict their further processing.
9. Rights of Data Subjects
a. As a data subject affected by data processing, you have the right to information (Section 15 GDPR), Correction (Section 16 GDPR), Deletion (Section 17 GDPR), Restricted processing (Section18 GDPR) and Data Transferability (Section 20 GDPR).
b. If you have consented to the processing of your personal information by us, you have the right to revoke your consent at any time. Your revocation does not affect the legality of the processing of your personal information that took place before your consent was revoked. It also has no effect on the continued processing of the information on another legal basis, such as to fulfill legal obligations (see section titled "Legal Foundation of Processing").
c. Right to object
For reasons relating to your particular situation, you have the right to file an objection at any time to the processing of personal data pertaining to you that is collected under Section 6 Clause (1e) GDPR (data processing in the public interest) or Section 6 Clause 1 f) GDPR (data processing on the basis of a balance of interests). If you file an objection, we will continue to process your personal data only if we can document mandatory, legitimate reasons that outweigh your interests, rights and freedoms, or if processing is for the assertion, exercise or defense of legal claims. To the extent we use your personal data for direct marketing based on legitimate interests, you have the right to object at any time without giving reasons.
d. We ask you to address your claims or declarations to the following contact address if possible: kundenrechte_mb[at]mercedes-benz.com
e. If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).
10. Newsletter
If you subscribe to a newsletter offered on our website, the information provided during registration for the newsletter will be used solely for the purpose of mailing the newsletter unless you consent to its use for additional purposes. You may cancel the subscription at any time by using the option to unsubscribe contained in the newsletter.
11. Mercedes-Benz Group AG's Central Registration Service
With the Central Registration Service offered by Mercedes-Benz Group AG, you can sign up for every website and application belonging to the Mercedes-Benz Group and its brands that are connected to the service. The applicable terms of use contain specific data protection provisions. Those terms of use can be found on the registration pages of affiliated websites and applications.
12. Data transmission to recipients outside the European Economic Area
a. When using service providers (see section 4. d.) and passing on data to third parties based on you consent (see section 3.c.), personal data may be provided to recipients in countries outside the European Union ("EU"), Iceland, Liechtenstein and Norway (= European Economic Area) are transferred and processed there, in particular USA, India.
b. In the following countries, from the EU's point of view, there is an adequate level of personal data protection (so-called "adequacy"), in compliance with EU standards: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. We agree with recipients in other countries on the use of EU standard contractual clauses, binding corporate rules or other applicable instruments (if any) to create an "adequate level of protection" according to legal requirements. For more information, please use the contact details given in section 9.d. above.
c. To the extent that you consent within our Consent Management System, you also consent to the transfer of data to recipients in countries outside of the European Economic Area in which no “adequate level of protection” exists. You may find information on data transferred, data recipients or categories of data recipients, and the relevant countries in our Consent Management System under "Cookie Settings" in the footer at the bottom of the website. Data protection law in these countries may not be fully comparable to that in the European Economic Area (e. g., regarding data subject rights, see section 9 above), no data protection authorities and/or no comparable options to oppose data protection violations. Among other things, public bodies (e. g., authorities) in these countries potentially may have easier access to data processed there and use such data for other purposes than in the European Economic Area. These circumstances may only partially be compensated through specific measures.