Data Protection

data protection

    The party responsible within the meaning of the General Data Protection Regulation (GDPR) is:

    smart Europe GmbH Esslinger Str. 7, 70771 Leinfelden-Echterdingen, Germany E-Mail: eu.corporateoffice@smart.com Data protection officer: smart Europe GmbH

    Data Protection Officer

    Esslinger Str. 7, 70771 Leinfelden-Echterdingen, Germany E-Mail: eu.dataprotection@smart.com

    1. Hosting and Content Delivery Networks (CDN)

    This web application is hosted by smart Europe GmbH, Esslinger Str. 7, 70771 Leinfelden-Echterdingen, Germany and our service providers (hoster). The personal data, collected on this web applications, is stored on the servers of the hosters in the EU (currently Frankfurt, Germany and Amsterdam, Netherlands). This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The hosters are used for the purpose of contract fulfillment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill the respective service obligations and follow our instructions regarding this data. To ensure data protection-compliant processing, we have concluded an order processing contract according to Art. 28 GDPR with our hoster.

    2. Privacy Policy

    We appreciate your visit to our web applications and your interest in our offers. The protection of your personal data is an important concern for us. In this privacy policy, we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and what rights and claims are associated with it for you. The privacy policy for the use of our web applications does not apply to your activities on websites of social networks or other providers that are accessible via links on our web applications. Please check the websites of these providers for their privacy policies.

    3. Collection and processing of your personal data

    1. Whenever you visit our websites, we store certain information about the browser and operating system you are using; the date and time of your visit; the status of the interaction (e.g. whether you were able to access the website or received an error message); the usage of features on the website; any search phrases you entered; how often you visit individual websites; the names of the files you access; the amount of data transferred; the Web page from which you accessed our website; and the Web page you visited after visiting our website, whether by clicking links on our websites or entering a domain directly into the input field of the same tab (or window) of the browser in which you have our websites open. In addition, we store your IP address and the name of your Internet service provider for seven days. This is for security reasons; in particular, to prevent and detect attacks on our websites or attempts at fraud.
    2. We only store other personal data if you provide this data, e.g. as part of a registration, job application, contact form, chat, survey, price competition or for the execution of a contract, and even in these cases only insofar as this is permitted to us on the basis of a consent given by you or in accordance with the applicable legal provisions (see section 10).
    3. You are neither legally nor contractually obligated to share your personal information. However, certain features of our websites may depend on the sharing or personal information. If you do not provide your personal information in such cases, you may not be able to use those features, or they may be available with limited functionality.

    4. Purposes of use of personal data

    1. We use the collected personal data when you visit our web applications to operate them as conveniently as possible for you and to protect our IT systems from attacks and other illegal activities.
    2. We use professional or employment related information when you apply for a job in our job portal to receive and process job applications.
    3. If you provide us further personal data, e.g. in the context of a registration, a chat, a contact form, a survey, or a lottery we will use this data for the before mentioned purposes.
    4. For the execution of a contract as well as for customer administration reasons and -- if necessary -- for the execution and settlement of any business transactions, we use the data in each case only to the extent necessary for this purpose.
    5. For other purposes (e.g. display of personalized content or advertisements based on your usage behavior), we and, if applicable, selected third parties will use your data.
    6. In addition, we use personal data insofar as we are legally obligated to do so (e.g. storage for the fulfillment of commercial or tax law retention obligations, release in accordance with official or court orders, e.g. to a law enforcement agency).
    7. Below we list the legal basis and purposes for the processing of personal data:

    Provision of the website for the general public and for the purpose of contacting our customers and interested parties

    • Contract fulfillment or balancing of interests
    • We have a legitimate interest in providing an Internet presence, including for non-registered users, in order to provide general information about our company.

    Recruitment and selection

    • Balancing of interests and consent
    • We have legitimate interest to take steps at the applicant's request to enter a contract of employment.

    Collection of statistical information about the use of the website (so-called web analysis)

    • Balancing of interests
    • We have a legitimate interest in receiving information about the use of the website, in particular to improve our offer.

    Detection of malfunctions and ensuring system security, including detection and tracking of unauthorized access attempts and accesses to our web servers

    • Fulfillment of our legal obligations in the area of data security as well as balancing of interests
    • We have a legitimate interest in eliminating disruptions, ensuring system security and detecting and tracking unauthorized access or access attempts.

    Protecting and defending our rights

    • Balancing of interests
    • We have a legitimate interest in asserting and defending our rights.

    Processing of your inquiries, concerns and feedback

    • Contract fulfillment or balancing of interests
    • We have a legitimate interest in processing and considering your comments and feedback.

    Random evaluation of the processing of customer concerns for quality assurance

    • Balancing of interests
    • We have a legitimate interest in the random evaluation of the processing of customer concerns for quality assurance.

    Data consolidation as part of customer care by smart Europe GmbH

    • Balancing of interests
    • We have a legitimate interest in a current and consolidated data profile as part of customer service by smart Europe GmbH. Consolidation serves to minimize data and ensures that our customers' data is up-to-date and correct.

    Provision of the functionalities to our customers and interested parties as well as the public

    Sending of product information, newsletters, advertising and market research

    • Contract fulfillment or consent

    Determination of faults and guarantee of product safety including detection and tracking of unauthorized access attempts and access to our products by customers

    • Compliance with legal obligations in the area of product liability, balancing of interests
    • We have a legitimate interest in ensuring product safety and the detection and tracking of unauthorized access or access attempts.

    Customer care

    • Contract fulfillment

    Review of social media channels for customer care purposes

    • Balancing of interests
    • We have a legitimate interest in checking our social media channels with regard to complaints or queries from our customers and making them aware of our customer care channels.

    Random evaluation of the processing of customer concerns for quality assurance

    • Balancing of interests
    • We have a legitimate interest in the random evaluation of the processing of customer concerns for quality assurance.

    Handling of possible remuneration and / or bonus programs

    • Balancing of interests
    • We have a legitimate interest in fulfilling our legal obligations towards the partner.

    Handling of legal disputes

    • Balancing of interests
    • Assertion, exercise or defense of legal claims of smart Europe GmbH.

    General customer analysis, statistical evaluations for corporate management, cost recording and controlling using the VIN

    • Balancing of interests
    • Analysis of sales and order data by model sales channel, order status
    • Analysis of requested variants and equipment
    • Reporting on business parameters, if necessary using the VIN

    Fraud and money laundering prevention

    • Compliance with legal obligations, balancing of interests

    Preventi, combat and investigate the financing of terrorism and offences endangering assets, comparisons with European and international

    • Anti-terrorist lists
    • Compliance with legal obligations, balancing of interests

    Fulfillment of official requirements (e.g. recall campaigns by the Federal Motor Transport Authority)

    • Compliance with legal obligations, balancing of interests
    • Fulfillment of legal and regulatory requirements

    Fulfillment of tax control and reporting obligations, archiving of data

    • Compliance with legal obligations, balancing of interests
    • Fulfillment of legal and regulatory requirements

    Disclosure in the context of regulatory / judicial measures for the purpose of gathering evidence, prosecuting and enforcing claims under civil law

    • Compliance with legal obligations, balancing of interests
    • Fulfillment of legal and regulatory requirements

    Internal auditing and investigations

    • Legal obligation

    Field measures

    • Compliance with legal obligations
    • With a query based on the vehicle identification number you have entered, you can retrieve field measures and recalls for the vehicle. The data you have entered will not be saved.

    Compliance checks (e.g. compliance checks, documentation of compliance inquiries and compliance with compliance requirements)

    • Balancing of interests
    • Review of compliance with legal provisions, internal company guidelines, rules and standards of smart Europe GmbH, employees, business partners and other authorized third parties.

    Provision of the service (smart Europe GmbH online advice)

    • Contract fulfillment

    Collection of statistical information from the website

    • Balancing of interests
    • We have a legitimate interest in receiving information about usage, in particular to improve our offer.

    Provision of a contact option to process your concerns or inquiries

    • Contract fulfillment

    Customer and prospect support

    • Consent

    Customer survey (including satisfaction survey)

    • Consent

    Creation of customized information

    • Consent

    Creation of a customer profile as a basis for advertising and market research

    • Balancing of interests
    • We have a legitimate interest in a consolidated customer profile, provided that the subsequent use for advertising and market research is in accordance with data protection and competition law requirements

    5. Transfer of personal data to third parties; social plug-ins; use of service providers

    1. Our web applications may also contain third-party offers. If you click on such an offer, we will transfer data to the respective provider to the extent necessary (e.g., information, that you found this offer on our website and, if applicable, further information that you have already provided for this purpose on our websites).
    2. When we use social plug-ins on our websites from social networks such as Facebook and Twitter, we integrate them as follows:
    3. When you visit our websites, the social plug-ins are deactivated, i.e. no data is transmitted to the operators of these networks. If you want to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.
    4. If you have a user account on the network and are logged in when you activate the social plug-in, the network can associate your visit to our websites with your user account. If you want to avoid this, please log out of the network before activating the social plug-in. A social network cannot associate a visit to other smart websites until you have activated an existing social plug-in.
    5. When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that network.
    6. The social plug-in remains active until you deactivate it or delete your cookies (see section 5.d).
    7. If you click on the link to an offer or activate a social plug-in, personal data may reach providers in countries outside the European Economic Area that, from the point of view of the European Union ("EU"), may not guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. Please remember this fact before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.
    8. We also use qualified service providers (e.g. IT service providers, marketing agencies) to operate, optimize and secure our web applications. We only pass on personal data to them insofar as this is necessary for the provision and use of the web applications and their functionalities, for the pursuit of legitimate interests, for the fulfillment of legal obligations or insofar as you have consented to this (see section 10).
    9. For ongoing operation, to adapt and optimize our offers and to connect you to your local contact partners we only forward your data to one or, if necessary, to several of the following recipients of the smart Ecosystem Companies: smart Europe GmbH, smart Legal Entities within Europe: smart Italia S.r.l., smart España A.E., S.L., smart Automobile France SAS, smart UK Automotive Ltd., smart Portugal Unipessoal Lda., smart Belgium S.r.l., smart Nederland B.V., smart Austria Automotive GmbH, smart Schweiz GmbH, smart Europe GmbH’s and smart Legal Entities’ Network of Authorized Agents and Authorized Service Partners in the markets, smart Europe GmbH’s and smart Legal Entities’ Cooperation Partners

    You can find more details about the recipients in our Consent Management System.

    6. Cookies

    1. Cookies may be used when visiting our web applications. Technically, these are so-called HTML cookies and similar software tools such as web/DOM storage or local shared objects (so-called "flash cookies"), which we refer to collectively as cookies.
    2. Cookies are small files that are stored on your desktop, notebook or mobile device while you visit a website. Cookies make it possible, for example, to determine whether there has already been a connection between the device and the websites; take into account your preferred language or other settings, offer you certain functions (e.g. online shop, vehicle configurator) or recognize your usage-based interests. Cookies may also contain personal data.
    3. Whether and which cookies are used when you visit our websites depends on which areas and functions of our websites you use and whether you agree to the use of cookies that are not technically required in our Consent Management System.
    4. The use of cookies also depends on the settings of the web browser you are using (e.g., Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies; however, you can usually change this setting. You can delete stored cookies at any time. Web/DOM storage and local shared objects can be deleted separately. You can find out how this works in the browser or device you are using in the manual of the learner.
    5. The consent to, and rejection or deletion of, cookies are tied to the device and also to the respective web browser you use. If you use multiple devices or web browsers, you can make decisions or settings differently.
    6. If you decide against the use of cookies or delete them, you may not have access to all functions of our websites or individual functions may be limited The following data trackers and cookies are used by https://uk.smart.com/en/ in our customer newsrooms:

    We have concluded a contract on the commissioned data processing with the provider of the cookie consent technology according to Art. 28. GDPR.

    7. Server-Log-Files

    The providers of the pages automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

    • IP address (Internet protocol address) of the terminal device from which the online offer is accessed;
    • Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);
    • Name of the service provider through whom the online offer is accessed;
    • Name of the files or information accessed;
    • Date and time as well as duration of the retrieval;
    • Amount of data transferred;
    • Device (PC, mobile, other), operating system and information on the Internet browser used, including installed add-ons (e.g. for the Flash Player);
    • http status code (eg "request successful" or "requested file not found").

    The above data is stored in the log files without your full IP address, so that no conclusions can be drawn about your IP address.

    This data is not merged with other data sources.

    The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website for this purpose, the server log files must be collected.

    8. Security

    We use technical and organizational measures to protect the data we manage against manipulation, loss, destruction and against access by unauthorized persons. We are continuously improving our security measures in line with technological advancements.

    1. If you have given us your consent for the processing of your personal data, this will be the legal basis for the processing (Art. 6 para. 1 letter a GDPR)
    2. For the processing of personal data for the purpose of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.
    3. Insofar as the processing of your personal data is necessary for the fulfillment of our legal obligations (e.g. for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 lit. c GDPR.
    4. In addition, we process personal data for the purposes of safeguarding our legitimate interests as well as the legitimate interests of third parties pursuant to Art. 6 (1) (f) GDPR.

    Maintaining the functionality of our IT systems, the (direct) marketing of our own and third-party products and services (unless this is done with your consent) and the legally required documentation of business contacts are such legitimate interests. We take into account in particular the type of personal data, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal data as part of the respective necessary balancing of interests.

    10. Deletion of your personal data

    We delete your IP address and the name of your Internet service provider, which we store for security reasons, after seven days.

    Otherwise, we delete your personal data as soon as the purpose for which we collected and processed the data no longer applies. Beyond this point in time, storage only takes place insofar as this is required in accordance with the laws, regulations or other legal provisions to which we are subject, in the EU or in accordance with legal provisions in third countries, if an appropriate level of data protection is provided there in each case.

    Insofar as deletion is not possible in individual cases, the relevant personal data will be marked with the aim of restricting its future processing.

    11. Rights of the data subject

    As a data subject, you have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), data erasure/deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

    1. Right to information, correction, restriction, transfer, blocking, deletion: You have the right to free information about your stored personal data, the origin of the data, their recipients and the purpose of the data processing and a right to correction, restriction, transfer, blocking and deletion of this data at any time within the framework of the applicable legal provisions.
    2. Revocation of consent to data processing: If you have consented to the processing of your personal data by us, then you have the right to cancel your consent at any time. The legality of the processing of your personal data until a revocation is not affected by the revocation. Likewise, further processing of this data on the basis of another legal basis, such as for the fulfillment of legal obligations (see section "Legal bases of processing"), remains unaffected.
    3. Right of protest (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) or Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will only continue to process your personal data insofar as we can demonstrate compelling legitimate grounds for doing so that override your interests, rights and freedoms, or insofar as the processing serves the assertion, exercise or defense of legal claims.If we process your personal data for the purpose of direct marketing to protect legitimate interests on the basis of a balance of interests, you also have the right to object to this at any time without stating reasons.
    4. We ask you to send your claims or explanations to the following contact address, if possible: eu.dataprotection@smart.com.
    5. Right to lodge a complaint with the competent supervisory authority: If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

    The responsible data protection supervisory authority is:

    State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg Dr. Stefan Brink Address: Lautenschlagerstraße 20, D- 70173 Stuttgart Postal address: Postfach 10 29 32, 70025 Stuttgart Telephone: +49 711/61 55 41-0

    Email: mailto:poststelle@lfdi.bwl.de

    https://www.baden-wuerttemberg.datenschutz.de/beschwerde/

    12. Newsletter

    1. If you subscribe to a newsletter, offered on our website, the data provided during the newsletter registration will only be used for shipping of the newsletter, as far as you do not agree to a further use. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.
    2. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe proactive from the mailing list. Your data will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your e-mail address and ZIP code if applicable will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings.

    The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both – your and our interest – in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR).

    13. Data transmission to recipients outside the European Economic Area

    1. When using service providers (see section 4. d.) and passing on data to third parties based on you consent (see section 3.c.), personal data may be provided to recipients in countries outside the European Union ("EU"), Iceland, Liechtenstein and Norway (= European Economic Area) are transferred and processed there, in particular USA, India.
    2. In the following countries, from the EU's point of view, there is an adequate level of personal data protection (so-called "adequacy"), in compliance with EU standards: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. We agree with recipients in other countries on the use of EU standard contractual clauses, binding corporate rules or other applicable instruments (if any) to create an "adequate level of protection" according to legal requirements. For more information, please contact us: eu.dataprotection@smart.com.