Privacy Statement

 

LexCom Privacy Statement 

 

Protecting your personal data is of the utmost concern to us.

We generally refers to LexCom Informationssysteme GmbH (Rüdesheimer Str. 23, 80686 Munich, Germany, [email protected]). If you have a user agreement with us in the United Kingdom, your contractual partner may, depending on the content of your contract documents, be LexCom Information Systems Ltd (Unit C3 Arena Business Centre, 9 Nimrod Way, Wimborne, BH21 7UH, United Kingdom, [email protected]). This Privacy Statement applies both for LexCom Informationssysteme GmbH and for LexCom Information Systems Ltd (hereinafter referred to jointly as “LexCom”) as controllers within the meaning of data protection law.

This Privacy Statement is intended to inform you about LexCom’s policy regarding your personal data when you use

  • the websites available at www.lexcom.de and www.lexcom-industries.de as well as possibly other addresses (“LexCom websites”)
  • the following locally installed software products (“LexCom software”):
    • ETKA (incl. ETKAmobile)
    • ETOS
    • PET2
    • ASA
    • AGROPARTS (incl. all manufacturer-specific offline catalogues and agroparts mobile)
    • pl24connect
  • as well as the following online services (collectively referred to as “LexCom web services”):
    • partslink24 (available at the www.partslink24.com and www.partslink24.de domains)
    • etosinfo (available at the www.etosinfo.com and www.etosinfo.de domains)
    • agroparts (available at the www.agroparts.com and www.agroparts.de domains)
    • etkainfo (available at the www.etkainfo.com, www.etka.com and www.etkainfo.de domains)
    • myASAinfo (available at the www.myasainfo.com domain)
    • ASA WEB (available at the www.myasaweb.com domain)
    • ASA SQT (available at the www.myasasqt.com domain)
    • ETKAmobile (available at the www.etkamobile.com domain)
    • LexCom License Shop (at the URL shop.lexcom.de)

This Privacy Statement supplements LexCom’s General Terms and Conditions governing the use of the relevant LexCom software and LexCom web services.

 

1. LexCom’s Policy for Processing Your Personal Data


LexCom has adopted the following policies with a view to protecting your personal data during the use of the LexCom websites and LexCom services: 

  • LexCom collects, processes and uses your personal data in compliance with the relevant data protection legislation of the Federal Republic of Germany and of the European Union (in particular, the General Data Protection Regulation – GDPR).
  • LexCom uses your personal data primarily to enable you to use LexCom services. In these cases, the processing is carried out to fulfill the contract on the basis of Art. 6 (1) b) GDPR. In addition, LexCom may process the processed data for further purposes in the interests of the LexCom user. Any further processing is carried out exclusively on the basis of a legitimate interest pursuant to Art. 6 (1) f) GDPR, or consent by the LexCom user. In these cases, your data will be processed anonymously or pseudonymously if possible.
  • Cases where personal data is processed by a data processing company or passed on to a third party, the processing is always carried out only on the basis of an order processing agreement in accordance with Art. 28 GDPR, on the basis of standard data protection clauses in the case of transmission to third countries in accordance with Art. 46 GDPR or on the basis of a legitimate interest pursuant to Art. 6 (1) f) GDPR.

 

2. Terms and Definitions in the Privacy Statement


LexCom uses certain fixed terms in this Privacy Statement, which are defined as follows:

  • “Personal data” includes all information referring to a natural person who is or could be identified.
  • The users registered for a specific LexCom software and/or a specific LexCom web service are referred to as “LexCom users”.
  • “LexCom services” includes all products and services listed under “LexCom software” and “LexCom web services”.

 

3. What does LexCom know about you, what do you allow LexCom to do, and how is your personal data handled?


3.1 Registration data

When you register to use the LexCom services, LexCom has to process certain personal data from you as your registration information (hereinafter referred to as “registration data”). First and foremost, this information is your:

  • Company ID/ID
  • User name/e-mail address
  • Password

LexCom must process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)), as the LexCom services can only work properly with this information. In some cases, access to one LexCom web service also entitles you to access another web service. In this case, your registration details will be processed for login to the other LexCom web service using the "single sign-on" procedure.

Furthermore, you need to fill in certain mandatory fields during registration, for example, your first name, surname, the name and address of your company, and your e-mail address (the mandatory fields of the LexCom web services may vary). LexCom must also process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)). LexCom needs this information in order to identify and contact you about any issues related to payment and the performance of contracts as well as to fulfil its customer service, and to mail you the LexCom software (if you order a DVD version) and hardware.

Furthermore, LexCom may use the registration information for the following additional purposes:

  • LexCom may use the registration information collected, in particular your e-mail address, to provide you with important information regarding the current contractual relationship (such as changes in support structures, announcements regarding new program versions and important features). This processing is necessary for the fulfilment of the contract pursuant to Art. 6 (1) b) GDPR.
  • From time to time, LexCom may contact you in this regard by e-mail to ask you to verify the registration information (in particular the e-mail address) you have provided in order to ensure that your contact details are correct. This processing constitutes a legitimate interest pursuant to Art. 6 (1) f) GDPR.
  • In addition, LexCom may use this information to provide you with news and help topics regarding the use of the LexCom services that you have licensed. This processing constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR.
  • In addition, LexCom may use your e-mail address to send you offers and promotions. This processing applies exclusively to offers for LexCom’s own or similar goods and/or services. This processing also constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR.
  • In addition, LexCom may contact you to inquire about your use of and satisfaction with existing products and/or functions. This processing also constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR.
  • With the exception of the password, the registration data may also be evaluated internally by LexCom and forwarded to dealers/order recipients, manufacturers and/or importers. This processing may be used as the basis for charging the manufacturer and/or importer for licenses, or for checking the status of the company (for example, as an authorized dealer) and subsequently activating the manufacturer and/or importer’s access to the respective LexCom service. In these cases, the processing is necessary for fulfilment of the contract with LexCom (Art. 6 (1) b) GDPR). Alternatively, the processing – in conjunction with evaluated usage and/or order data – serves the purpose of providing an overview of the orders received as well as measuring the success and amount of usage, and thus optimising the product and sales for the benefit of the user. This constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f).

In addition, you may enter optional information, which you may edit or delete at any time.

LexCom will delete your registration information as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data.

3.2 Payment data

Where necessary, LexCom processes your payment data, such as credit card or bank details, for the purpose of payment handling and accounting as necessary for the selected mode of payment. Depending on the LexCom service used and to the extent necessary to process your transaction, your payment data will be provided to the service providers Adyen, GetNet and Allpago as well as financial institutions or may be collected directly and processed by these organisations. Your payment data is stored in order to enable payment handling and accounting for the automatic extension of your subscription. We process your credit card data in accordance with the PCI DSS security standard. That means, for example, that LexCom never stores your credit card data as plain text.

LexCom must process your payment data in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)). LexCom needs this information to invoice the LexCom services as well as to contact you about any issues related to payment or performance of contracts.

LexCom will delete your saved payment data as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)).  This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data.

3.3 Usage data

As described below, LexCom processes data about the scope and nature of your use of the LexCom services “usage data”).This includes the following data:

  • Searches and navigation in brand catalogues
  • Use of functions, buttons, tabs etc.
  • Type and scope of the vehicles researched based on the chassis numbers (VIN) entered

The processing of the data can serve the following purposes:

Where individual LexCom services are subject to a charge depending on the scope of use, LexCom must monitor the scope of use in order to determine the need for a paid subscription in accordance with the General Terms and Conditions. This processing is then required for fulfilment of the contract pursuant to Art. 6 (1) b) GDPR. Furthermore, the usage of the LexCom services can be analysed in a targeted manner, e.g. to measure the relevance or the success of the function or also – if the functions are not being used – to determine possible problems and then contact the users about these in a targeted manner. These evaluations are only ever used exclusively for the purposes of measuring the success and usage and optimising the product and sales in the interests of the customer, and constitute a legitimate interest for LexCom pursuant to Art. 6 (1) f) GDPR. Personal data is only evaluated if this is essential to achieve the purpose (e.g. to establish contact), and is otherwise pseudonymised or anonymised.

Furthermore, LexCom may also analyse usage data on an ongoing basis in order to detect any illegal and/or improper use of the LexCom services. Personal data is only evaluated if there is reasonable suspicion of misuse of the LexCom services by a particular user account. The purpose of this evaluation is to protect the LexCom services and the data they contain as well as to protect the LexCom users and their data against misuse and attacks, and thus represents a legitimate interest on the part of LexCom in accordance with GDPR Art. 6 (1) f).

LexCom will delete the usage data once the purpose of the processing has been achieved, provided that it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data.

3.4 Order data

The LexCom services may provide the option to order spare parts from other LexCom users. The personal data processed for this purpose is referred to here as “order data”. LexCom transfers the data collected from you on a case by case basis within the LexCom services used to the respective order recipients. This processing the serves the purpose of contract fulfilment in accordance with. Art. 6 (1) b) GDPR.

The order data collected during the course of the initiated orders may be evaluated internally by LexCom and forwarded to dealers/order recipients, manufacturers and/or importers. This process serves the purpose of providing an overview of the orders received as well as measuring the success and amount of usage and thus the product and sales optimization for the benefit of the user. This constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)).

LexCom will delete your order information as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data.

3.5 Contact by e-mail or using contact forms

LexCom processes the data entered via the contact forms available on the LexCom websites, in the LexCom services as well as the data received via the contact e-mail addresses provided to handle your request or concern. Under no circumstances will this data be processed for any other purpose. Your personal data is processed on the basis of Art. 6 (1) b) GDPR.

LexCom will delete the personal data transferred within the requests as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data.

 

4. Cookies and Pixel Tags


“Cookies” are small files that enable us to store some specific information related to you as a user on your PC or other terminal device when you use the LexCom web services. For example, cookies help us to determine the frequency of use and the number of actual users of our web services, analyse the user behaviour on our website, increase security, and design our web services so that they are as convenient, efficient and interesting for you as possible. LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)). Only you and LexCom have access to these cookies, which are used for the purposes described below.

When you log in (with your company ID/ID and/or user name and password), the LexCom web services utilise session cookies with which you can be identified for the duration of your visit. The session cookies expire automatically after the end of your session, meaning that they are deleted.

In addition, the LexCom web services use permanent cookies. These cookies store information about visitors accessing the LexCom web services repeatedly (for example, company ID, user name, language, time stamp of previous access). The purpose of these permanent cookies is, firstly, to present you with the relevant web service in the correct language even before you have logged in. Secondly, they enable you to return directly to your previous session if you did not log out after the last time you used the LexCom web service. The cookies we set do not generate an individual profile of your user behaviour. The cookies are automatically deleted within four weeks of your last session.

Under certain circumstances, you may disable the storage of cookies or restrict it to specific websites in your browser, or set your browser to notify you as soon as a cookie is sent. You may also delete cookies from your terminal device at any time. However, please note that the use of LexCom web services is not possible if user cookies are rejected.

We utilise pixel tags, web beacons, clear GIFs or similar mechanisms (“pixel tags”). A pixel tag is an image file or a link to an image file that is inserted into the code of the web page but not stored on your terminal device (e.g. computer, smartphone etc.). Pixel tags enable us, for example, to determine the browser used or the screen resolution. In this way, pixel tags help us optimise the efficiency of our web pages, and revise and optimise our offers and publicity activities. Our use of pixel tags does not involve any reference to any person; nor does any personalised tracking occur. Pixel tags usually work in conjunction with cookies. If you turn off cookies, the pixel tag will simply detect an anonymous website visit.

 

5. Log Files


Each time you open the LexCom website and whenever you log in to the LexCom services, access data is saved in a log file. The data stored includes the IP address, LexCom company ID, user name, session ID, login time and cookies and, if applicable, vehicle data (chassis number, vehicle registration number).

LexCom requires this log data, firstly, to detect and correct any technical problems such as defective links or program bugs, i.e. to improve and develop the LexCom services.

Secondly, LexCom can use log data to analyse the use of the LexCom services (e.g. certain functions) in more detail. This processing is also exclusively for the purpose of developing the services in the interests of the customer. At no time will the usage behaviour of specific accounts or users be analysed. Personal data is pseudonymised and/or anonymised as far as possible.

Furthermore, LexCom may analyse the log data on an ongoing basis to detect any illegal and/or improper use of the LexCom services. Personal data is only evaluated if there is reasonable suspicion of misuse of the LexCom services by a particular user account. The purpose of this evaluation is to protect the LexCom services and the data they contain as well as to protect the LexCom users and their data against misuse and attacks.

LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)).

Unless a longer storage period is permitted, e.g. to enforce legal claims – the log files are stored in our data centre for six months and then automatically deleted.

 

6. Other recipients of your personal data and transmission to Third Countries


Support by LexCom foreign companies

We process the aforementioned personal data in the European Union and, in some cases,on other's behalf (in particular to provide support) in Brazil, China, Japan as well as in the USA, Mexico and the United Kingdom. Data is only processed in these third countries in accordance with the EU’s standard data protection clauses as defined in GDPR Art. 46. You can view these at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de

Hosting with Amazon Web Services (AWS).

The LexCom services will be partially hosted by Amazon Web Services, EMEA SARL, Axel-Springer-Platz 3, 20355 Hamburg, Germany (hereinafter: AWS).

In this case, your personal data will be processed on the servers of AWS. Depending on your place of business/residence, these are located in the EU or another state outside the USA.

However, a transfer of personal data to the parent company of AWS in the USA or access by US authorities under the "FISA 702" law cannot be excluded.

The transfer of your personal data to AWS is based on EU standard contractual clauses and appropriate security measures. Details can be found here: https://aws.amazon.com/de/blogs/security/new-standard-contractual-clauses-now-part-of-the-aws-gdpr-data-processing-addendum-for-customers

For further information, please refer to the AWS privacy policy: https://aws.amazon.com/privacy/?nc1=h_ls

The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the best possible performance and permissible operation of our services.

Analysis of web traffic by Akamai

In addition, your personal data detailed in the previous sections is processed by Akamai Technologies Inc. (“Akamai”) by integrating delivery, security and analysis services from Akamai.

Firstly, the traffic for the LexCom web services is routed via Akamai servers to enable the LexCom web services to be delivered quickly, reliably and securely, analysed for malicious software and to prevent unauthorised access to them. This processing is carried out on behalf LexCom and constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR.

Secondly, Akamai also processes your data on its own authority in the form of generated log files. These may contain personal data in the form of IP addresses and evaluations of your usage patterns of the LexCom web services, and are used in particular for the purpose of performing security analyses and to detect malicious patterns for the further development of the Akamai services. Akamai does not use this data to identify or profile natural persons. Akamai processes and stores this data predominantly on servers in the US and ensures that the data is transferred exclusively on the basis of EU standard contractual clauses in accordance with GDPR Art. 46. You can view these clauses at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).

You can find more detailed information about the terms of use for the processing of personal data by Akamai and about the Akamai privacy policies at https://www.akamai.com/de/de/privacy-policies/.

Facebook Pixel

The LexCom Web Services may use the "Facebook Pixel" service of Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook").

This tracking pixel establishes a direct connection between your browser and the Facebook server. The so called tracking is done with the help of a cookie, which is placed on your computer and collects the following information, such as HTTP header information (including IP address, information about the web browser, page location, document, URL of the website and user agent of the web browser, as well as day and time of use), as well as pixel-specific data (this includes the pixel ID and Facebook cookie data, including your Facebook ID (these are used to link events to a specific Facebook advertising account and assign them to a Facebook user).

Through the Facebook pixel, we can, on the one hand, analyze the use of our web services and track the effectiveness of Facebook advertising ("conversion tracking") and check whether users were redirected to our web services after clicking on a Facebook ad. We cannot draw any conclusions about the identity of the users in this regard. However, the data may be stored by Facebook outside our sphere of influence and used for Facebook’s own purposes in accordance with Facebook's privacy policy.

In addition, we use the Facebook pixel to show you individualized ads based on your interest in our products. On the one hand, we can determine the users of our web services into target groups for the display of ads by Facebook (so-called Facebook Ads). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our web services or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the web pages visited) that we transmit to Facebook (so-called "Custom Audiences"). In this way, we want to ensure that our Facebook ads correspond to the potential interest of users.

If you are a Facebook member and have allowed Facebook to do so via your account's privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it to target Facebook Ads. You can view and change the privacy settings of your Facebook profile at any time.

The Facebook Pixel is used exclusively on the basis of your consent pursuant to Art. 6 (1) a) GDPR, which you give us via the cookie consent tool on our website. You can revoke this consent at any time by accessing the cookie consent tool on our website again.

If you have not consented to the use of Facebook Pixel, Facebook will only display generic Facebook Ads that are not selected based on the information collected about you on this website.

For more information, please see Facebook's privacy policy at: https://www.facebook.com/about/privacy/

 

7. Availability of the Privacy Statement


You can retrieve and print out this Privacy Statement from any page of the LexCom websites and the websites of each LexCom web service or within the LexCom software by clicking the “Privacy” link.

 

8. Assertion of Claims and Rights


In accordance with the applicable data protection legislation, you have the right to information about your data (GDPR Art. 15), to rectification of it (GDPR Art. 16) and to deletion of it (GDPR Art. 17) or to restriction of its processing (GDPR Art. 18), as well as to data portability (GDPR Art. 20).

If you have any further questions regarding data security when using the LexCom website and/or LexCom services, or if you would like to assert the aforementioned claims, please contact our data protection officer directly:

LexCom Informationssysteme GmbH
– Data Protection Officer –
Rüdesheimer Str. 23
80686 Munich
[email protected]

You also have the right to file a complaint with the supervisory authority responsible for data protection if you believe that LexCom has failed to comply with the applicable data protection legislation.

 

9. Right to Object


You have the right to object to the processing of personal data that refers to you under the terms of items 4 and 5 of this Privacy Statement (i.e. processing in accordance with GDPR Art. 6 (1) f) for reasons resulting from your specific situation at any time. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate that it has compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.