Data protection

In the following privacy policy, we would like to inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes, on what legal basis and to what extent.

To data protection for test vehicles

Controller

The controller responsible for the collection and processing of your personal data is:

FSD Fahrzeugsystemdaten GmbH

Central Agency under the German Road Traffic Act (StVG)

Wintergartenstrasse 4
01307 Dresden
Germany

You can contact the controller at: datenschutz@fsd-web.de

Data protection officer

Our data protection officer is available to answer your questions and act as a contact person for data protection issues. Their contact details are:

FSD Fahrzeugsystemdaten GmbH

Central Agency under the German Road Traffic Act (StVG)

Wintergartenstrasse 4
01307 Dresden
Germany

You can contact our data protection officer at dsb@fsd-web.de or on +49 (0)351 / 652888176

Use of our web pages

Depending on the purpose of the web page, it is possible to visit it with or without expressly providing personal data. Personal data are collected to the extent necessary on technical and functional grounds for the use of our web pages. The following data are automatically collected and logged each time you access our web pages:

  • Date and time of access
  • Name of the requested file • Web page from which the file was requested
  • Access status (e.g. file transferred, file not found) • The web browser you are using and the operating system of your device
  • The IP address of the requesting device

When you visit our web pages, the IP address is stored in the server log without being anonymised.

The stored IP addresses are not evaluated and will be deleted after 62 days. The server logs are analysed exclusively in the event of technical problems and are not stored on a central server or in a central database.

The legal basis for the temporary collection and storage of data and log files is our legitimate interest pursuant to point (f) of Article 6(1) GDPR and serves to detect security validations, intrusion attempts, data loss and data breaches by third parties, as well as to ensure the smooth establishment of a connection to the website and for other administrative purposes.

The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the web page.

Registration on web pages

If a web page requires registration, the following data are required alternatively and, in some cases, cumulatively:

  • User name
  • Email address
  • Password

For the management of registrations, we use Joomla. Joomla is a content management system that is used as a so-called website editorial system. Further details about Joomla can be found at https://www.joomla.de.

These data are used exclusively for the administration of user accounts.

The legal basis for processing the data during registration is your consent in accordance with point (a) of Article 6(1) GDPR. You may withdraw your consent at any time. An informal notification by email is sufficient for withdrawal. Withdrawal of consent does not affect the lawfulness of data processing that has already taken place.

Contacting us

When you contact us (e.g. via contact form, email or telephone), we process the information provided by the enquirer(s) to the extent necessary to respond to the enquiry.

As the Central Agency under the Road Traffic Act (StVG), responding to enquiries is part of our public-law obligation within the meaning of point (c) of Article 6(1) GDPR.

We respond to enquiries within the scope of contractual relationships or relationships prior to entering into a contract in order to fulfil our contractual obligations or to respond to contract-related enquiries or enquiries prior to entering into a contract and, in all other respects, on the basis of our legitimate interests in responding to the enquiries. Accordingly, data processing is based on the legal grounds of point (b) of Article 6(1) GDPR and point (f) of Article 6(1) GDPR.

Plugins and tools

Google Fonts (local hosting)

This site uses Google Fonts, which are provided by Google, to ensure the consistent display of fonts. The Google Fonts are installed locally. No connection to Google servers is established during this process.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en-GB.

Font Awesome (local hosting)

This site uses Font Awesome for the consistent display of fonts. Font Awesome is installed locally. No connection to Fonticons, Inc. servers is established during this process.

Further information about Font Awesome can be found in the Font Awesome privacy policy
at: https://fontawesome.com/privacy.

Wordfence

We have integrated Wordfence into this website. The provider is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as “Wordfence”).

Wordfence serves to protect our website from unwanted access or malicious cyber attacks. To this end, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.

The use of Wordfence is based on point (f) of Article 6(1) GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyber attacks. If consent has been requested, processing will be carried out exclusively on the basis of point (a) of Article 6(1) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG) insofar as the consent covers the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

The transfer of data to the United States is based on the EU Commission’s standard contractual clauses. You can find details here: https://www.wordfence.com/help/general-data-protection-regulation/.

Elfsight LinkedIn Feed Widget

On our website we use the Elfsight LinkedIn Feed Widget to display the latest updates and posts from our LinkedIn page in real time. The widget allows you to view our latest news, projects and posts directly on our website without having to visit LinkedIn.

The widget is integrated on the basis of point (f) of Article 6(1) GDPR, as we have a legitimate interest in keeping our website visitors up to date and presenting our activities on LinkedIn in a clear manner. If consent has been requested, processing will be carried out exclusively on the basis of point (a) of Article 6(1) GDPR.

Further information on Elfsight’s privacy policy can be found here: https://elfsight.com/privacy-policy/.

Data processing agreement

We have concluded a data processing agreement (DPA) for use of the above-mentioned service. This is a contract required by data protection law which ensures that the personal data of our website visitors are only processed in accordance with our instructions and in compliance with the GDPR.

Cookies

We use session cookies to enable certain functions on some web pages (e.g. personalised access). These are small text files that are stored on your device and deleted when you close your browser. They are used exclusively for the operation of the web pages and their functions. As technically necessary cookies, session cookies do not require consent.

We do not set any cookies that are not technically necessary.

Burst Statistics

Our website uses Burst Statistics software (https://burst-statistics.com/) to statistically analyse visitor traffic without using cookies. We host Burst Statistics ourselves and do not collect any personal data for statistical evaluations. In this process, your IP address is immediately anonymised by automatically masking the last two bytes, so that you as the user remain anonymous to us. We do not transfer any of the data collected by Burst Statistics to third parties.

Skribble

We use Skribble for the digital signing of contracts and documents. Skribble acts on our behalf. For digital signatures, the following personal data in particular will be collected from you and processed, depending on the document:

  • Communication data (first name/surname, email address, IP address)
  • Your digital signature via Skribble
  • Telephone number for the advanced electronic signature (AES) for the purpose of sending a confirmation text message and storing it in the signature

Processing of the data is necessary for the submission and acceptance of the digital signature and serves the secure and verifiable electronic signing of (contract) documents. The legal basis for the processing of personal data is points (b) and (f) of Article 6(1) GDPR.

Your personal data will be stored for as long as is necessary to achieve the purposes set out above and for as long as statutory and/or contractual retention obligations apply. Skribble AG is based in Switzerland and is subject to Swiss and European data protection law in accordance with the GDPR. There is a data processing agreement in place. Further information on data processing by Skribble can be found at the following link: https://www.skribble.com/en-eu/privacy/.

Server location

Personal data are stored within the EU; your data will not be transferred to third countries.

Recipients of personal data

Only those individuals within our company who require your personal data for the respective specified purposes have access to them. Your data will only be passed on to external recipients if this is permitted by law or if we have your consent. Below you will find an overview of the relevant recipients:

Processor: We sometimes use external service providers to handle our business transactions (e.g. for IT, technical infrastructure, maintenance). We select and review them carefully and they only act on our instructions. They have been contractually obligated within the meaning of Article 28 GDPR to comply with data protection regulations.

Public bodies: Authorities or state institutions, insofar as this is necessary to fulfil a legal obligation. The legal basis for the transfer is then point (c) of Article 6(1) GDPR.

Transfer of data to a third country

Data are not transferred to countries outside the EU or the EEA (known as third countries).

Erasure periods

The data we process will be erased in accordance with legal requirements as soon as the consents permitting their processing are withdrawn or other permissions cease to apply (e.g. if the purpose of processing these data no longer applies or if the consents are not required for the purpose).

If the data are not erased because they are required for other, legally permissible purposes, their processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons, or whose storage is necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Within the scope of our data protection information, we can provide users with further information on the erasure and storage of data that applies specifically to the respective processing procedures.

Security measures

In accordance with Article 32 GDPR, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying degrees of probability of occurrence and the extent of the threat to the rights and freedoms of natural persons

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, assurance of availability and separation relating to them. We also have a data protection management system in place that ensures that the rights of data subjects are upheld, data are erased and responses are made to data breaches. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in line with the principle of data protection, through technical design and privacy-friendly default settings.

Rights of data subjects

As a data subject, you have the following rights:

1. Right of access

Under Article 15 GDPR, you have the right to obtain information as to whether or not we process your personal data, including vehicle data from periodic technical inspections. If this is the case, you have the right to obtain information about these personal data and other information related to their processing.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of your personal data if the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the rectification without undue delay.

In the case of data processing for scientific, historical or statistical research purposes, your right to rectification may be restricted to the extent that this would be likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

3. Right to restriction of processing

Under the conditions set out in Article 18 GDPR, you have the right to obtain restriction of the processing of personal data concerning you. An example of this is if you dispute the accuracy of your data. You may then obtain restriction of the processing for the period required to verify the accuracy of the data.

4. Right to erasure

You have the right to obtain the erasure of your data if the conditions set out in Article 17 GDPR are met. You may obtain the erasure of your data if, for example, they are no longer necessary for the purposes for which they were collected or if we process your data on the basis of your consent and you withdraw this consent. Please note that your right to erasure may be subject to restrictions. For example, we are not permitted to erase data if there are statutory retention obligations or if processing is necessary in order to fulfil a legal obligation or to establish, exercise or defend legal claims.

5. Right to be informed

If you have established your right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter will be obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed of these recipients by the controller.

6. Right to data portability

If the data processing is based on consent or the performance of a contract and is also carried out using automated means, you have the right to receive your data in a structured, commonly used and machine-readable format and to transmit those data to another data processor.

According to the second sentence of Article 20(3) GDPR, you do not have this right if the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, if the processing is based on points (e) or (f) of Article 6(1) GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. When exercising such an objection, unless the objection is to direct marketing, we ask that you explain the reasons why we should not process your data as we have done. If your objection is justified, we will examine the situation and either cease or adjust the data processing or set out our compelling legitimate grounds on the basis of which we will continue the processing.

8. Right of withdrawal

If the data processing is based on consent, you have the right under Article 7(3) GDPR to withdraw your consent to data processing free of charge at any time with effect for the future.

9. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR. An overview of the respective state data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

Your contact for exercising your rights: If you wish to exercise any of your rights or receive further information about them, please send an email to betroffenenauskunft@fsd-web.de or write to the address given above under “Controller”.

Links to other web pages

These web pages may contain links to external websites. We are not responsible for the data protection measures or the content of websites outside our company. For this reason, we recommend that you carefully read the privacy policies of these external websites carefully.

This privacy policy also applies to the following linked web pages:

https://fahrzeugsystemlexikon.de
https://hu-wissen21.de
https://ag-bafo.de
https://elearning.fsd-web.de
https://mangelbaum.de
https://fsd-lernportal.de
https://termine.fsd-web.de
https://infopoint.fsd-web.de
https://www.fahrzeugsystemdaten.de
https://cloud.fsdweb.de
https://aktuelle-vorgaben.de
https://hua-firmware.fahrzeugsystemdaten.de

Last updated: 1 June 2023