Data Privacy Declaration

These data protection provisions apply to the portal of Ico-International GmbH, Berner Str. 107, 60437 Frankfurt.

The regulations of the Data Privacy Declaration are required to use the website.

1. Name and address of the controller
The controller under data protection law and other data protection provisions is:

Ico-International GmbH

2. Name and address of the Data Protection Officer
The controller’ s Data Protection Officer is:

Petra Haase
Ico-International GmbH
Berner Str. 107
60437 Frankfurt

3. Responsible supervisory authority

The responsible supervisory authority and contact for Data Protection Officers in the German states, the supervisory authorities for non-public sectors, radio, churches, in Europe and in other foreign countries as well as the virtual data protection office are available at the link for the Federal Commissioner for Data Protection (BFDI) at  https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

4. Object of data protection
Personal data shall be subject to data protection.

Under the Federal Data Protection Act (BDSG), personal data includes all information on the personal or factual circumstances of an identified or identifiable natural person. The GDPR furthermore defines “personal data” as all information related to an identified or identifiable natural person; a natural person is considered identifiable if they can be identified either directly or indirectly, in particular by associating them with some identifier such as a name, an ID number, location data or an online ID.
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing is any procedure carried out with or without the help of automated processes, or any such sequence of procedures associated with personal data, such as the collecting, recording, organizing, ordering, storing, adjusting, changing, reading out, querying, using, disclosing through transmission, distribution or some other form of provision, comparison or linking, restriction, deletion or destruction of data.

5. General information on data processing
5.1 Scope of processing personal data

We only collect and use the personal data of our users insofar as this is necessary to provide a functional website and to provide our content and services. We only collect and use the personal data of our users if allowed by the law or based on a user consent.

5.2 Legal basis for processing personal data
If we obtain consent from a data subject in order to process their personal data, then Art. 6 Abs. 1 lit. a of the General Data Protection Regulation (GDPR) serves as the legal basis.
When we process personal data in order to fulfill a contract to which the data subject is a contractual party, then Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing procedures necessary to carry out pre-contractual measures.
If we must process personal data to fulfill a legal obligation to which our company is subject, then Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make processing personal data necessary, then Art. 6 Abs. 1 lit. d GDPR serves as the legal basis.
If we must process data in order to safeguard the legitimate interest of our company or another third party, and if the interests, basic rights and basic freedoms of the data subject do not outweigh the interests above, then Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

5.3 Data deletion and storage term
The data subject’s personal data is deleted or blocked as long as it is no longer required for the purpose for which it was stored. Furthermore, data may be stored if this is provided under European or national law, EU regulations, laws or other ordinances to which the controller is subject. Data is blocked or deleted even if the retention period prescribed by the standards above expires, unless the data must continue to be stored in order to conclude or fulfill a contract.

5.4 Transmission of personal data
Your personal data will only be used without your specific consent for the purposes of initiating, carrying out or ending a legal transaction or some other similar contractual obligation, or in order to fulfill our obligations under public law. If you have granted us a specific declaration of consent to use and transmit your personal data, then your personal data may be transmitted to the recipients indicated in the declaration.
If personal data is transmitted to service providers in the course of processing, then they are also obligated to observe the GDPR/BDSG and any other applicable legal regulations. We conclude processing agreements with third party processors that fulfill the requirements of the GDPR in order to ensure they process data only in accordance with our instructions.
We do not transmit personal customer data to third parties for any other purposes. If we are obligated by law, court order or an enforceable official order, then we will transmit your personal data to entities entitled to receive it. Furthermore, we will transmit your personal data to third parties if transmission is necessary to enforce existing agreements or our rights and claims related to our existing obligations to you, or to protect the rights of other users and/or third parties.

6. Collection of data when you visit our website
6.1 Scope of processing personal data

Each time a data subject or an automated system accesses this website, the website collects a range of general data and information.
The following data is collected:

Information on browser and browser version
The user’s operating system
The user’s internet service provider
The user’s IP address
The date and time of access
Websites from which the user’s system accesses our website
Websites accessed by the user’s system through our website
Search terms entered
Frequency of page visits
Language settings

6.2 Purpose of data processing
This general data and information is stored in a web server’s log files. The user’s browser type and version, the operating system used by the accessing system, the website from which the accessing system reaches our website (called a referrer), the sub-paces activated on our website by the accessing system, the date and time of website access, an internet protocol address (IP address), the internet service provider of the accessing system and other similar data and inform that could be used to prevent risks in case of attacks against our IT systems may be collected.
None of this information or data is associated with a particular data subject when it is used.
Instead, we require this information to deliver the content of our website correctly, to optimize the website content for the user, ensure the ongoing function of our IT systems and website technology, and to provide information required by law enforcement agencies in case of a cyber attack. Therefore, collected data and information is analyzed on a statistical basis, with the goal of improving data protection and data security within the company, in order to ultimately provide an optimal level of protection for processed personal data. Anonymous data from server log files is stored separately from all personal data provided by the data subject.

6.3 Storage term
Data is pseudonymized after statistical analysis.
If data is stored in log files, the data will be pseudonymized after 30 days at most. It may also be stored for a longer term. In this case, the user’s IP address is deleted or disguised so that it is impossible to associate the data with the accessing client.

6.4 Legal basis
The legal basis for temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

6.5 Objection and deletion
We must collect data in order to provide our website and we must store data in log files in order to operate the web page. Therefore, the user cannot object to such collection and storage.

7. Use of cookies
7.1 Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the user’s web browser or on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string allowing the browser to be identified when the user accesses the website again later on.
We use cookies to make our website more user-friendly. Some elements of our website require that it be possible to identify the accessing browser even after the user goes to a different page. The following data is stored and transmitted in the cookies:

Language settings
Information on whether the quick booking screen was open
Session cookie (for the duration of the browser session) for temporary storage of filter selections or information on completed forms
Our website also uses cookies that allow us to analyze user surfing behavior.
This may involve transmission of the following data:
Information on browser and browser version
The user’s operating system
The user’s internet service provider
The date and time of access
Websites from which the user’s system accesses our website
Websites accessed by the user’s system through our website
Search terms entered
Information on the user’s device type
Language settings
Frequency of page visits
Location

User data collected in this manner is pseudonymized through technical means. Therefore, the data can no longer be associated with the accessing user. Data is not stored together with other personal data of the user. When the user accesses our website, an info banner appears informing them that the website uses cookies for analytic purposes, and referring to this Data Privacy Declaration. It also includes a notice that the user can prevent cookies from being saved by changing their browser settings.
After our notice appears on the home page that we use cookies and that we analyze your user behavior, if you (i) use our online services and (ii) agree to accept cookies in your browser setting, then this indicates that you want to use our products and services and that you agree to the use of cookies, services and other technologies.

7.2 Legal basis for data processing
The legal basis for processing personal data using technically required cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for processing personal data using cookies for analytic purposes is Art. 6 para. 1 lit. a GDPR, if the user has consented to such processing.

7.3 Purpose of data processing
The purpose of using technically required cookies is to make using the website easier for the user. Without using cookies, we would not be able to offer some functions of our website. For these functions to work, we must be able to recognize the user’s browser even after they go to a different page.
We need cookies for the following applications:

Session cookie (for the duration of the browser session) for temporary storage of filter selections or information on completed forms

User data collected by technically required cookies is not used to create user profiles.
We use analytic cookies for the purpose of improving the quality of our website and its content. Analytic cookies tell us how users are using our website, allowing us to consistently optimize our services.
We have a legitimate interest in processing personal data for these purposes in accordance with Art. 6 para. 1 lit. f GDPR.

7.4 Duration of storage, objection and removal of data 
Cookies are stored on the user’s computer and transmitted by it to our page. Therefore, as a user you have full control over how cookies are used. You can change the settings in your web browser to deactivate or restrict the transmission of cookies. Saved cookies can be deleted at any time. This can be completed automatically. If cookies are deactivated for our website, you may not be able to use all of the functions of our website in full.
Most browsers (such as Firefox, Chrome, Internet Explorer, Safari, etc.) accept cookies as a default setting. However, you can change your browser settings so that you are informed when cookies are saved so you can make individual decisions on whether to accept the cookies, or prevent cookies from being accepted in some cases or in all cases. Most browsers have a help page that explains how you can change your browser settings as described above. In addition, they also typically state what you need to do so that your browser can inform you when it receives a new cookie, and how you can turn off or delete all of the cookies you have received. You can switch off or delete similar functions (like flash cookies, for instance) that are used through browser add-ons by changing the settings of the browser add-on or via the browser add-on manufacturer’s website. However, please note that if you do so you will not be able to use certain features of our website, and that some websites may not be displayed correctly if you deactivate cookies.

8. E-mail contact and contact form
8.1 Description and scope of data processing

You may contact us at the provided e-mail address or using our contact form. In this case, we will save the user’s personal data provided in the e-mail. This also applies to data you enter into the contact form (name, telephone, e-mail address, IP address).

8.2 Purpose
We use the data provided to us to initiate contact with you and to answer your inquiries. Your inquiry and the data are processed and stored for this purpose.

8.3 Legal basis for data processing
Data is not transmitted to third parties, unless the transmission is the purpose of the communication. We only use the data to answer your inquiry, and to initiate and carry out the contractual relationship if the inquiry relates to a contractual relationship or results in the initiation of a contractual relationship (Sec. 28 para. 1 clause no. 1, 2 BDSG old version; Art. 6 para. 1 a, b, f GDPR).

8.4 SSL encryption
Our website uses SSL encryption in order to transmit the confidential or personal content of our users. Encryption is activated for inquiries you submit to us through our website. Please ensure that you have SSL encryption activated when you carry out such activities. It is easy to tell whether encryption is activated: The start of your browser line will switch from “http://” to “https://.” Data encrypted via SSL cannot be read by third parties. Only transmit your confidential data when SSL encryption is activated, and contact us in case of doubt.

8.5 Storage term
If you are already our customer or become our customer in the future, we may collect, store, change and transmit the data we need to initiate, carry out or end the contractual relationship, without requiring your consent to do so for as long as this is allowed by law.
In other cases, including if the contractual relationship has not yet come into being, we will not store your data for more than 2 years, or longer if we are required to do so by law. You have a right to object to storage of the data you provide to us via the contact form, with future effect. You can exercise your right to object by sending a message to us.

9. Portal internal area
9.1 Description and scope of data processing

Access to the internal area is restricted to portal members. Members can advertise vehicles on the portal.
When you visit the internal area, we collect the following data:

ID number
Input data

When you place an offer in the internal area, we collect data on the offer. This data includes:

9.2 Purpose
The internal area is used to manage your offers. We process data in the area in order to provide and control your user account.

9.3 Legal basis for data processing
We provide the internal area to you as a customer, and data processing in this area is therefore based on Art. 6 para. 1 lit. b GDPR.

9.4 Storage term
We store the data for as long as you maintain a user account with us, and for longer in accordance with statutory retention periods.

10. Newsletter
10.1 Description and scope of data processing

In addition, we offer a newsletter service to inform you about new activities, products, and services.

10.2 Purpose
We use your personal data to send you a personalized newsletter, by using your name to address you correctly and your e-mail address to receive the newsletter.

10.3 Legal basis for data processing
Your data is not transmitted to third parties. We only use the data to answer your inquiry, and to initiate and carry out the contractual relationship if the inquiry relates to a contractual relationship or results in the initiation of a contractual relationship (Sec. 28 para. 1 clause no. 1, 2 BDSG old version; Art. 6 para. 1 a, b, f GDPR).

10.4 Storage term
If you have subscribed to the newsletter, we store your data for the duration of the customer relationship. You can unsubscribe from the newsletter at any time. To do so, please use the unsubscribe link that is provided in every newsletter, or send an e-mail to help@webmobil24.com
In other cases, including if the contractual relationship has not yet come into being, we will not store your data for more than 2 years, or longer if we are required to do so by law. You have a right to object to storage of the data you provide to us via the contact form, with future effect. You can exercise your right to object by sending a message to us.

11. Further data protection information on the use of social media and plug-ins
When you access a page of our website that includes one of these plug-ins, your browser creates a direct link to the servers for that service. The provider transmits the content of the plug-in directly to your browser and integrates the content into the page. We are not able to control the scope of data the plug-in provider collects using their plug-in, or the information the provider gives to the user based on that data. Whenever plug-ins are integrated, the provider is informed that your browser has accessed the page on our website, even if you do not have a profile or are not logged into the your account. This information (including your IP address) is transmitted directly by your browser to one of the provider’s servers, which may be in the USA, and stored there. If you are logged into one of the services, the provider can directly associate your visit to our website to your profile o their service.
If you interact with the plug-ins, for instance by pressing the “Like” button, this information is also transmitted directly to one of the provider’s servers and stored there. The information is also published on the social network or on your user account and displayed to your contacts there. Please see the provider’s Data Privacy Notice for more information on the purpose and scope of data that is collected, how the provider processes and uses that data, as well as your relevant rights and the settings you can change to protect your privacy.

12.1. On the use of Google Analytics
We have integrated components of Google Analytics on this website. Google Analytics is a web analytics service. Web analytics is the collection, aggregation and analysis of data on website user behavior. A web analytics service collects data on the website from which a data subject accesses a website (called the referrer), the sub-pages of the website they access, and how often and for what length of time they view a sub-page. Web analytics is primarily used to optimize websites and to complete a cost-benefit analysis for internet advertising.
The company responsible for providing Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the suffix “_gat._anonymizeIp” for web analytics using Google Analytics. This suffix allows Google to abbreviate and anonymize the IP address for the data subject’s internet connection, if they access our website from a European Union member state or another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics components is to analyze visitor streams to our website. Google uses the data and information collected to analyze use of our website, to create online reports listing activities on our website, and to perform other services associated with use of our website.
Google Analytics saves a cookie on the data subject’s IT system. Please see above for a definition of cookies. Saving cookies allows Google to analyze the use of our website. Each time a data subject accesses an individual page on our website operated by the controller where a Google Analytics component has been integrated, the Google Analytics component automatically causes the web browser on the data subject’s IT system to transmit data to Google for the purpose of online analytics. During this technical process, Google receives personal data such as the data subject’s IP address, which Google uses to determine the user’s origin and track their clicks, for instance, then to calculate commissions.
Cookies are used to store personal data, such as the user’s access time, the place from which the access originated, and the frequency with which the data subject visited our website. Each time the user visits our website, this personal data, including the IP address for the data subject’s internet connection, is transmitted to the United States by Google. Google stores this personal data in the United States of America. Google may transmit the personal data collected via this technical process to third parties in some cases.
Data subjects can prevent cookies from being saved by our website as described above at any time by changing the settings in their web browser accordingly, thereby permanently objecting to the storage of any cookies. Changing your web browser settings in this way would also prevent Google from saving a cookie on the data subject’s IT system. In addition, any cookies already saved by Google Analytics can also be deleted via the data subject’s web browser or using other software programs.
Furthermore, data subjects can object to and prevent Google Analytics from collecting data which Google Analytics generates on their use of the website, as well as to Google’s processing of this data. To do so, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on website visits may be transmitted to Google Analytics. Google considers installing the browser add-on to be an objection. If the data subject’s IT system is deleted, re-formatted or re-installed at a later time, the data subject will have to re-install the browser add-on to deactivate Google Analytics. If the data subject or another person within their sphere of influence uninstalls or deactivates the browser add-on, they can re-install or reactivate the browser add-on.
Further information and Google’s applicable data protection provisions are available at https://www.google.de/intl/de/policies/privacy/  and at https://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail at the link https://www.google.com/intl/de_de/analytics/ .

12.2 On the use of Facebook 
This website uses social plug-ins (hereinafter referred to as “plug-ins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, (hereinafter referred to as “Facebook”). The plug-ins are designated by a Facebook logo (white “f” on a blue tile or a “thumb’s up” symbol), or by the wording “Facebook social plug-in.” A list of Facebook social plug-ins and what they look like is available here https://developers.facebook.com/docs/plugins/

If a user accesses a page of this website that includes one of these plug-ins, their browser creates a direct link to Facebook servers. Facebook transmits the content of the plug-in directly to the user’s browser and integrates it into the website. Therefore, the provider has no influence over what data Facebook collects using this plug-in. Based on the provider’s current knowledge, Facebook uses the following process:

When a plug-in is integrated, Facebook is informed that a user accessed the specific page of the provider’s website. If the user is logged into Facebook, then Facebook can associate the visit to their Facebook account. If the user interacts with the plug-in, for instance by pressing the Like button or adding a comment, then this information is transmitted directly by the user’s browser to Facebook and saved there. Even if a user is not a Facebook member, it is still possible for Facebook to learn and store their IP address. Facebook has stated that only anonymized IP addresses are saved in Germany.

Please see Facebook’s Data Privacy Notice for more information on the purpose and scope of data that is collected, how Facebook processes and uses that data, as well as your relevant rights and the settings you can change to protect your privacy https://www.facebook.com/about/privacy/

If a user is a Facebook member and does not want Facebook to collect data on them via the provider’s website or link it to their member data stored on Facebook, then they must log out of Facebook before vising the website. In addition, users can block Facebook social plug-ins with browser add-ons, such as the “Facebook blocker.”

12.3 On the use of Twitter
Functions provided by the service Twitter are integrated into our pages. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Using Twitter and the “re-tweet” function causes the websites you visit to be linked to your Twitter account and shared with other users. Data is also transmitted to Twitter during this process. Please note that we, as the page provider, have no knowledge of what data is transmitted, nor of how Twitter uses this data. Further information is available in the Twitter Data Privacy Declaration at https://twitter.com/privacy.
You can change your data protection settings on Twitter by changing your account settings at https://twitter.com/account/settings.

13. External links
For your information, our page provides links that refer you to third party websites. If such links are not clearly labeled, we will inform you that they are external links. We are not able to influence the content or design of these websites. Therefore, our Data Privacy Declaration does not apply to such websites.

14. Rights of data subjects
If your personal data is processed, then you are considered a “data subject” in the sense of the GDPR, and you are entitled to the following rights in relation to the controller. You can exercise your rights by contacting our Data Protection Officer or employees in our service center and stating your concern or request.

14.1 Right to information
Any data subject whose personal data is processed has the right to request information free of charge from the controller at any time regarding the personal data stored on them (the purpose of processing, categories of processed data, disclosure to third party recipients, duration of storage, the rights to which they are entitled to block, rectify, or delete data, submit complaints to a supervisory authority, information on automated decision-making called profiling, transmission to third countries or international organizations) and to receive a copy of said data.
You can request a confirmation from the controller of whether we process your personal data or not.

14.2 Right to rectification 
Any data subject whose personal data is processed has the right to request the prompt rectification of their incorrect personal data. Furthermore, data subjects have the right to request that incomplete personal data be supplemented in consideration of the purpose of processing –  including via a supplementary declaration.

14.3 Right to restrict processing
Any data subject whose personal data is processed has the right to request that the controller restrict that processing if one of the legal requirements in Art. 18 para. 1 GDPR is fulfilled.
If processing of your personal data has been restricted, this data may only be processed with your consent or in order to assert, exercise or defend against legal claims, or to protect the rights of another natural or legal person, or to safeguard the important public interests of the European Union or another member state,  apart from to store the data .
If processing has been restricted based on one of the requirements above, then the controller will inform you before the restriction is lifted.

14.4 Right to deletion
Any data subject whose personal data is processed has the right to request that the controller promptly delete their personal data if one of the justifications in Art. 17 para. 1 GDPR applies.
The right to delete data does not apply if the processing is required:     to exercise the right to free expression and information;     to fulfill a legal obligation that requires the processing under European Union law or the law of a member state to which the controller is subject, or to carry out any task that is in the public interest or exercise public authority assigned to the controller;     based on the public interest in public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR; for archival purposes, scientific or historical research purposes or statistical purposes that are in the public interest according to Art. 89 para. 1 GDPR, insofar as the rights listed under section a) would likely make it impossible to achieve the goals of this processing or would severely interfere with these, or if the data is required to assert, exercise or defend against legal claims.

14.5 Right to data portability
Any data subject whose personal data is processed has the right to receive the personal data the data subject provides to the controller in a structured, commonly used and machine-readable format. Data subjects also have the right to transmit this data to another controller without being prevented from doing so by the controller to whom the personal data was provided, if the processing is based on their consent in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, or based on a contract in accordance with Art. 6 para. 1 letter b GDPR, and if the processing is carried out using an automated procedure.

14.6 Right to object
Any data subject whose personal data is processed has the right to object to processing of their personal data based on Art. 6 para. 1 letters e or f GDPR at any time for reasons related to their particular situation. This also applies to profiling based on these provisions.
If the data subject objects to processing, the company will no longer process their personal data, unless we have protected reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or unless the processing is required to assert, exercise or defend against legal claims.
If the company processes data for the purpose of direct advertising, the data subject has the right to object to the processing of their personal data at any time for the purpose of such advertisements. This also applies to profiling, if it is associated with such direct advertisement. If the data subject objects to processing for the purpose of direct advertisement, then their personal data will no longer be processed for this purpose.

14.7 Right to revoke a declaration of consent under data protection law
Any data subject whose personal data is processed has the right to revoke their consent to collect and use data at any time without providing grounds, with future effect. If consent is revoked, this does not affect the legality of any processing carried out before they revoked consent.

14.8 Right to be informed 
If you have exercised your right to rectify or delete data or to restrict processing, then we will inform all     recipients to whom your personal data has been disclosed of the rectification, deletion or restriction, as long as this is possible and does not require an unreasonable amount of work or expense. You have the right to be informed of who these recipients are.

14.9 Questions / right to submit complaints to a supervisory authority
If you have further questions on protection for your personal data, this Data Privacy Declaration, any declarations of consent, or on how your personal data is processed, or if you have complaints related to data protection, you can contact our Data Protection Officer at the following e-mail address:

datenschutz@ico-international.de

Regardless of any other administrative law or legal remedies, you have the right to submit complaints to a supervisory authority.

15. Data security
We take internal corporate data protection very seriously. We contractually obligate our employees and our contracted processors (service providers) to confidentiality and to comply with IT/security regulations and asserted data protection law regulations.
We and our contractual partners protect your personal data from prohibited access, loss, use or publication, and ensure that your personal information is stored in a controlled and secure environment that fulfills legal requirements, and that prohibited access, loss and publication of the data are prevented.
Our company has taken technical and organizational measures to fulfill the statutory requirements of the BDSG and the GDPR, and to protect your data against damage, destruction, falsification, manipulation, and unauthorized access.
In order to avoid collecting unnecessary quantities of data, we collect, process and use your personal data only if necessary in order to provide our services. We and our processors collect said data.

16. Amendments to the Data Privacy Declaration
Please note that data protection provisions and procedures can change at any time, and that the content of this Data Privacy Declaration may need to be updated. Furthermore, it is a good idea to inform yourself about changes to the law and to the practices of our company.

Last updated: May 2018