I. NAME AND ADDRESS OF THE CONTROLLER
The Controller as defined in the General Data Protection Regulation and other national data protection laws of the member states, and other data protection regulations, is:
Hyundai L&C Europe GmbH Düsseldorfer Str. 13, 65760 Eschborn, Germany
Tel.: +49 (0) 6196 5869 012 | Fax.: +49 (0) 6196 5869 019 | E-Mail: firstname.lastname@example.org
District court: Frankfurt/Main | VAT ID no.: DE301 899 359 | Managing Director: Won Hee Lee
I. Name und Anschrift des Verantwortlichen
Der Verantwortliche im Sinne der Datenschutz-Grundverordnung und anderer nationaler Datenschutzgesetze der Mitgliedsstaaten sowie sonstiger datenschutzrechtlicher Bestimmungen ist die:
Hyundai L&C Europe GmbH
Düsseldolfer Str. 13
65760 Eschborn, Deutschland
Tel.: +49 (0) 6196 5869 020
Fax.: +49 (0) 6196 5869 019
Amtsgericht: Frankfurt am Main
USt-IdNr.: DE301 899 359
Geschäftsführer: Nam Chu Woo
II. GENERAL INFORMATION ON DATA PROCESSING
1. SCOPE OF PROCESSING OF PERSONAL DATA
We generally only collect and use the personal data of our users if this is necessary for the provision of a functional website and of our content and services. The personal data of our users is generally only collected and used following consent by the user. An exception applies in cases in which a previous acquisition of consent is not possible for objective reasons and the processing of the data is permitted by statutory regulations.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Insofar as we obtain consent by the Data Subject for processing personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) applies as the legal basis for the processing of personal data.
When processing personal data is required for the fulfilment of a contract, the contractual party of which is the Data Subject, Art. 6 para. 1 lit. b of the GDPR applies as the legal basis. This also applies to processing activities that are required for the implementation of pre-contractual measures.
Insofar as the processing of personal data is required for the fulfilment of a statutory obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR applies as the legal basis.
In cases in which vital interests of the Data Subject or another natural entity require a processing of personal data, Art. 6 para. 1 lit. d of the GDPR applies as the legal basis.
If processing is required to preserve a justified interest of our company or of a third party, and if the interests, basic rights and basic freedoms of the Data Subject do not override this former interest, Art. 6 para. 1 lit. f of the GDPR applies as the legal basis for the processing.
3. DATA ERASURE AND DURATION OF STORAGE
The personal data of the Data Subject is erased or blocked as soon as the purpose of storage no longer exists. Storage beyond this point in time may occur when this is specified by the European or national legislature in European Union ordinances, laws or other regulations to which the Controller is subject. A blockage or erasure of data is only made when a storage period expires that has specified by the aforementioned norms, unless there is a necessity for further storage of the data for a conclusion of contract or a fulfilment of contract.
III. PROVISION OF THE WEBSITE AND CREATION OF LOGFILES
1. DESCRIPTION AND SCOPE OF THE DATA PROCESSING
Each time our website is retrieved, our system automatically records data and information from the computer system of the retrieving computer.
Here, the following data is collected:
- Information about the browser type and the version used
- The operating system of the user
- The IP address of the user
- Date and time of access
The data is also stored in the log files of our system. This data is not stored with other personal data of the user.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f of the GDPR.
3. PURPOSE OF DATA PROCESSING
The temporary storage of the IP address by the system is necessary in order to enable a delivery of the website to the computer of the user. For this purpose, the IP address of the user must remain stored for the duration of the session.
The log files are stored in order to secure the functionality of the website. In addition, we use the data to optimise the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our justified interest in processing the data as defined in Art. 6 para. 1 lit. f of the GDPR also lies in these purposes.
4. DURATION OF STORAGE
The data is erased as soon as it is no longer required for the achievement of the purpose for which it was collected. If data is recorded for the provision of the website, this occurs when the respective session is terminated.
If the data is stored in log files, it is erased at a maximum of 180 days later. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or distorted so that assignment to the retrieving client is no longer possible.
5. OBJECTION AND REMOVAL OPTION
The recording of data for the provision of the website and the storage of data in log files is of essential importance for the operation of the website. As a result, the user does not have the option of submitting an objection.
IV. Google Analytics
Our websites use Google Analytics, a web analysis service offered by Google Inc. (“Google”). The operator is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Here, Google uses so-called “cookies”, i.e. text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie regarding your use of the website
- Browser type/version
- Operating system used
- Referrer URL (the page previously visited)
- Host name of the accessing computer (IP address)
- Time of the server query
is usually transferred to a Google server in the USA and stored there. The website also uses Google Analytics with the extension “_anonymize()” so that data is only processed anonymously. Here, the IP address is truncated by removing the final three characters, so that a clear assignment of the IP address is no longer possible. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide further services that are related to the use of the website and to Internet use. Google will also, if necessary, transfer this information to third parties, insofar as this is required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with other Google data. Our justified interest in processing personal data as defined in Art. 6 para. 1 lit. f of the GDPR also lies in these purposes.
Data is also processed on the basis of Art. 6 para. 1 s. 1 lit. f of the GDPR. Data is automatically erased within 160 days at the latest after its statistical evaluation.
You can prevent the installation and storage of cookies by making the appropriate setting in your browser software. However, please note that in such a case, you may not be able to use all functions of this website.
You can also prevent the transfer of the data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:
As an alternative to the browser add-on, in particular for browsers on mobile end devices, you can also prevent recording by Google Analytics by setting an opt-out cookie in your browser, which prevents the future recording of your data when you visit this website. The opt-out cookie applies only in this browser and only for our website, and is stored on your device. If you delete the cookies in this browser, you must re-set the opt-out cookie.
INFO: Setting a Google Analytics opt-out cookie
By using the website, you declare that you agree to the processing of the data collected that relates to you by Google in the manner described above and for the aforementioned purpose. You can find further information about Google Analytics on the Internet under the following Google link:
V. CONTACT FORM AND E-MAIL CONTACT
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
On our website, we provide a contact form which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask is transferred to us and stored. At the point in time at which the message is sent, the following data is also stored:
- The IP address of the user
- The date and time of sending
Alternatively, contact can be made via the e-mail address provided. In this case, only the personal data transferred by the user with the e-mail is stored.
No data is forwarded to third parties in this connection. The data is used solely for processing the conversation.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for processing data that is transferred to us when a message is sent is Art. 6 para. 1 lit. f of the GDPR and Art. 6 para. 1 lit. b of the GPDR.
3. PURPOSE OF DATA PROCESSING
We use the processing of personal data from the input mask or via e-mail solely for processing the assumption of contact.
The personal data otherwise processed during the dispatch process is used to prevent an abuse of the contact form and to ensure the security of our information technology systems. Herein lies the necessary justified interest in the processing of the data.
4. DURATION OF STORAGE
The data is deleted as soon as it is no longer required for the achievement of the purpose for which it was collected. For personal data from the input mask of the contact form and the data transferred via e-mail, this is the case when the respective conversation with the user is terminated. The conversation is terminated when it emerges from the circumstances that the matter in question has been sufficiently clarified.
The personal data that is also collected during the dispatch procedure is erased at the latest after a period of seven days.
5. THE OPTION OF OBJECTION AND REMOVAL
The user has the option to revoke their consent to the processing of their personal data at any time. If the user makes contact with us via e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
On this, and on other issues relating to personal data, you can contact us at any time at the addresses given in item I of this statement, or sent a message directly to email@example.com.
All personal data that is stored during the assumption of contact will be deleted in this case.
VI. SOCIAL MEDIA
Through our pages on social media (Facebook, Instagram, Twitter, Google+) we also offer you comprehensive personal support and the option to stay in contact with us. These social media services themselves collect personal data, e.g. via the profile you have created there or via so-called “social plug-ins” that are implemented on the websites of third parties.
If you send an enquiry to us via one of these social media outlets, this will be treated in confidence. The data will be used solely to answer your enquiry.
In order to be able to contact us via social media, you must register with these services. For this purpose, the companies behind the respective service collect, store and use personal data if necessary. We have no influence on the nature, scope and manner of processing of this data. This also applies to images/videos uploaded onto social media. Please note that the rights may if necessary be transferred to the social media services. You will find the data in the data protection and usage conditions of the respective providers.
VII. RIGHTS OF THE DATA SUBJECT
If your personal data is processed, you are the Data Subject as defined in the GDPR and you have the following rights vis-à-vis the Controller:
1. THE RIGHT TO INFORMATION
You can request from the Controller that they provide confirmation as to whether personal data that relates to you is processed by us.
If such processing is taking place, you may request from the Controller that they provide you with the following information:
(1) The purposes for which the personal data is processed
(2) The categories of personal data that are processed
(3) The recipients or categories of recipients to whom your personal data has been disclosed or is yet to be disclosed
(4) The planned duration of storage of the personal data relating to you or, if no specific information in this regard is possible, criteria for specifying the duration of storage
(5) The existence of a right to correct or erase personal data relating to you, the right to limit processing by the Controller or the right to object to this processing
(6) The existence of a right to submit a complaint to a supervisory authority
(7) All available information on the origin of the data, if the personal data is not collected from the Data Subject
(8) The existence of an automated decision-making process, including profiling, as defined in Art. 22 paras. 1 and 4 of the GDPR and – at least in these cases – relevant information on the logic involved and the implications and intended impact of such processing for the Data Subject.
You have the right to request information as to whether the data relating to you is transferred to a third country or an international organisation. In this context, you may request that you are informed of the appropriate guarantees in accordance with Art. 46 of the GDPR relating to the transfer.
2. RIGHT TO CORRECTION
You have the right to correct and/or complete data vis-à-vis the Controller insofar as the personal data processed that relates to you is incorrect or incomplete. The Controller must make the correction immediately.
3. RIGHT TO LIMIT THE PROCESSING
Under the following conditions, you may request a limitation of the processing of the personal data relating to you:
(1) If you dispute the accuracy of the personal data relating to you for a duration that enables the Controller to check the accuracy of the personal data
(2) The processing is illegal and you reject the erasure of personal data and instead request a limitation on the use of the personal data
(3) The Controller no longer requires the personal data for the processing purposes, but you require this data for the assertion, execution or defence of legal claims, or
(4) If you have submitted an objection to the processing in accordance with Art. 21. Para. 1 of the GDPR and it is not yet clear whether the justified reasons of the Controller override your reasons.
If the processing of the personal data relating to you has been limited, this data – regardless of its storage – may only be processed with your consent or for the assertion, execution or defence of legal claims, or for the protection of the rights of another natural or legal entity, or for reasons of public interest of the Union or a member state.
If the limitation of processing is lifted on the basis of the above conditions, you will be informed by the Controller before the limitation is lifted.
4. RIGHT TO ERASURE
A) ERASURE OBLIGATION
You can request from the Controller that the personal data relating to you be immediately erased, and the Controller is obliged to erase this data if one of the following applies:
(1) The personal data relating to you is no longer required for the purposes for which it was collected or processed in any other way.
(2) You revoke your consent on which the processing is based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the GDPR, and there is no other legal basis for processing.
(3) You submit an objection to processing in accordance with Art. 21 para. 1 of the GDPR and there are no overriding justified reasons for processing, or you submit an objection to processing in accordance with Art. 21 para. 2 of the GDPR.
(4) The personal data relating to you has been illegally processed.
(5) The erasure of the personal data relating to you is necessary for the fulfilment of a legal obligation according to Union law or the law of the member states to which the Controller is subject.
(6) The personal data relating to you has been collected in relation to services offered by the information society as defined in Art. 8 para. 1 of the GDPR.
B) INFORMATION TO THIRD PARTIES
If the Controller has publicised personal data relating to you and if they are obliged to erase it in accordance with Art. 17 para. 1 of the GDPR, they shall take appropriate measures, including of a technical nature, taking into account the available technology and implementation costs, to inform the entity responsible for processing the personal data that you as the Data Subject have requested that they erase all links to this personal data or copies or replicas of this personal data.
Das Recht auf Löschung besteht nicht, soweit die Verarbeitung erforderlich ist
The right to erasure does not apply if processing is necessary:
(1) For the exertion of the right to freedom of expression and information
(2) For the fulfilment of a legal obligation and which demands processing according to Union law or the law of the member states to which the Controller is subject, or which has been transferred for the purpose of completing a task that lies in the public interest or in the implementation of an official authority
(3) For reasons of public interest in the area of public health as defined in Art. 9, para. 2 lit. h and i and Art. 9 para. 3 of the GDPR
(4) For archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 of the GDPR, insofar as the law named in section a) is likely to make the realisation of the goals of processing impossible or seriously impair them, or
(5) For the assertion, exertion or defence of legal claims
5. THE RIGHT TO INFORMATION
If you have asserted the right to correction, erasure or limitation of processing vis-à-vis the Controller, the Controller is obliged to inform all recipients to whom the personal data relating to you has been disclosed of this correction or erasure of the data or limitation of processing, unless this emerges as being impossible or entails a disproportionate amount of effort.
You have the right vis-à-vis the Controller to be informed of these recipients.
6. THE RIGHT TO DATA PORTABILITY
You have the right to obtain the personal data relating to you that you have provided to the Controller in a structure, standard, machine-readable format. Additionally, you have the right to transfer this data to another Controller without intervention by the Controller to whom the personal data has been provided, if
(1) The processing is based on consent in accordance with Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR or on a contract as defined in Art. 6 para. 1 lit. b of the GDPR, and
(2) The processing is conducted using automated methods
In your exertion of this right, you right have the right to have the personal data relating to you transferred directly from one Controller to another Controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be impaired as a result.
The right to data portability does not apply to the processing of personal data required for the completion of a task that lies in the public interest, or the implementation of public authority that has been transferred to the Controller.
7. THE RIGHT TO OBJECT
You have the right, for reasons that arise from your particular situation, to submit an objection at any time against the processing of the personal data relating to you, which is conducted on the basis of Art. 6 para. 1 lit. e or f of the GDPR; this also applies to profiling supported by these regulations.
The Controller no longer processes the personal data relating to you, unless they can provide evidence of urgent grounds worthy of protection for the processing, which override your interests, rights and freedoms, or the processing is used to assert, exert or defend legal claims.
If the personal data relating to you is processed in order to offer direct advertising, you have the right to submit an objection at any time against the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling if it is directly linked to such direct advertising.
If you submit an objection to processing for the purpose of direct advertising, the personal data relating to you is no longer processed for these purposes.
You have the option, in connection with the use of services of the information society – regardless of Guidelines 2002/58/EC – to exert your right to object using automated processes in which technical specifications are used.
8. THE RIGHT TO REVOKE YOUR DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke your declaration of consent under data protection law at any time. Through the revocation of consent, the legality of the processing conducted on the basis of consent prior to revocation remains unaffected.
9. AUTOMATED DECISION IN INDIVIDUAL CASES, INCLUDING PROFILING
You have the right to be subjected to a decision based not solely on automated processing – including profiling – that has a legal impact on you or which negatively affects you to a significant degree. This applies when the decision
(1) Is necessary to complete or fulfil a contract between yourself and the Controller
(2) Is permitted on the basis of statutory regulations of the Union or of member states to which the Controller is subject and these statutory regulations contain adequate measures for preserving your rights and freedoms and your justified interests, or
(3) Is made with your express consent
However, these decisions may not be based on special categories of personal data as per Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 lit. a or g applies and adequate measures have been taken to protect the rights and freedoms and your justified interests.
With regard to the cases named in (1) and (3), the Controller takes appropriate measures in order to preserve the rights and freedoms and your justified interests, which include at least the right to arrange for the intervention of an individual by the Controller, the representation of their own point of view and the contention of the decision.
10. THE RIGHT TO SUBMIT A COMPLAINT TO A SUPERVISORY AUTHORITY
Regardless of any other administrative or legal remedy, you have the right to submit a complaint to a supervisory authority, in particular in the member state of your place of residence, your workplace or the place of the alleged infringement, if you are of the view that the processing of the personal data relating to you is in infringement of the GDPR.
The supervisory authority to which the complaint is submitted informs the complainant regarding the status and the results of the complaint, including the option of legal remedy according to Art. 78 of the GDPR.