LexCom Privacy Statement

 

LexCom Privacy Statement 

 

Protecting your personal data is of the utmost concern to us. 

We generally refers to LexCom Informationssysteme GmbH (Rüdesheimer Str. 23, 80686 Munich, Germany, mail@lexcom.de). If you have a user agreement with us in the United Kingdom, your contractual partner may, depending on the content of your contract documents, be LexCom Information Systems Ltd (Unit C3 Arena Business Centre, 9 Nimrod Way, Wimborne, BH21 7UH, United Kingdom, mail@lex-com.net). This Privacy Statement applies both for LexCom Informationssysteme GmbH and for LexCom Information Systems Ltd (hereinafter referred to jointly as “LexCom”) as controllers within the meaning of data protection law. 

This Privacy Statement is intended to inform you about LexCom’s policy regarding your personal data when you use 

  • the websites available at www.lexcom.de and www.lexcom-industries.de as well as possibly other addresses (“LexCom websites”

  • the following locally installed software products (“LexCom software”): 

    • ETKA (incl. ETKAmobile) 

    • ETOS 

    • PET2 

    • ASA 

    • AGROPARTS (incl. all manufacturer-specific offline catalogues and agroparts mobile) 

    • PL24 Connect 

  • as well as the following online services (collectively referred to as “LexCom web services”): 

    • partslink24 (available at the www.partslink24.com and www.partslink24.de domains) 

    • etosinfo (available at the www.etosinfo.com and www.etosinfo.de domains) 

    • agroparts (available at the www.agroparts.com and www.agroparts.de domains) 

    • etkainfo (available at the www.etkainfo.com, www.etka.com and www.etkainfo.de domains) 

    • eZUKA (available at the webcat.lex-com.net domain) 

    • tyremaster (available at the www.tyremaster.net domain) 

    • myASAinfo (available at the www.myasainfo.com domain) 

    • ASA WEB (available at the www.myasaweb.com domain) 

    • ETKAmobile (available at the www.etkamobile.com domain) 

    • LexCom License Shop (at the URL shop.lexcom.de) 

This Privacy Statement supplements LexCom’s General Terms and Conditions governing the use of the relevant LexCom software and LexCom web services. 

 

1. LexCom’s Policy for Processing Your Personal Data 

 

LexCom has adopted the following policies with a view to protecting your personal data during the use of the LexCom websites and LexCom services: 

  • LexCom collects, processes and uses your personal data in compliance with the relevant data protection legislation of the Federal Republic of Germany and of the European Union (in particular, the General Data Protection Regulation – GDPR). 

  • LexCom uses your personal data primarily to enable you to use the LexCom services. In these cases, the processing is necessary for fulfilment of the contract on the basis of Art. 6 (1) b) GDPR. In addition, LexCom may process the processed data for other purposes in the interests of the LexCom user, for which LexCom has a legitimate interest pursuant to Art. 6 (1) f) GDPR. Any further processing is carried out exclusively on the basis of the LexCom user’s consent. 

  • In cases where personal data is processed by a data processing company or passed on to a third party, the processing is always carried out only on the basis of an order processing agreement in accordance with Art. 28 GDPR, on the basis of standard data protection clauses in the case of transmission to third countries in accordance with Art. 46 GDPR or on the basis of a legitimate interest pursuant to Art. 6 (1) f) GDPR. 

 

2. Terms and Definitions in the Privacy Statement 

 

LexCom uses certain fixed terms in this Privacy Statement, which are defined as follows: 

  • “Personal data” includes all information referring to a natural person who is or could be identified. 

  • The users registered for a specific LexCom software and/or a specific LexCom web service are referred to as “LexCom users”

  • “LexCom services” includes all products and services listed under “LexCom software” and “LexCom web services”. 

 

3. What does LexCom know about you, what do you allow LexCom to do, and how is your personal data handled? 

 

3.1 Registration data 

When you register to use the LexCom services, LexCom has to process certain personal data from you as your registration information (hereinafter referred to as “registration data”). First and foremost, this information is your: 

  • Company ID/ID 

  • User name/e-mail address 

  • Password 

LexCom must process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)), as the LexCom services can only work properly with this information. 

The following applies to the LexCom partslink24, etkainfo, etosinfo, myasainfo and agroparts web services: the administrator of a company ID may create further users and therefore view the company ID/ID of these users. LexCom will never pass on this data to any third party and/or disclose it to such third parties in any other way. 

Furthermore, you need to fill in certain mandatory fields during registration, for example, your first name, surname, the name and address of your company, and your e-mail address (the mandatory fields of the LexCom web services may vary). LexCom must also process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)). LexCom needs this information in order to identify and contact you about any issues related to payment and the performance of contracts as well as to fulfil its customer service, and to mail you the LexCom software (if you order a DVD version) and hardware. 

  • LexCom may use the registration information collected, in particular your e-mail address, to provide you with important information regarding the current contractual relationship (such as changes in support structures, announcements regarding new program versions and important features). This processing is necessary for the fulfilment of the contract pursuant to Art. 6 (1) b) GDPR. 

  • From time to time, LexCom may contact you in this regard by e-mail to ask you to verify the e-mail address you have provided in order to ensure that your contact details are correct. This processing constitutes a legitimate interest pursuant to Art. 6 (1) f) GDPR. 

  • In addition, LexCom may use this information to provide you with news and help topics regarding the use of the LexCom services that you have licensed. This processing constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR. 

  • In addition, LexCom may use your e-mail address to send you offers and promotions. This processing applies exclusively to offers for LexCom’s own or similar goods and/or services. This processing also constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR. 

  • In addition, LexCom may contact you to inquire about your use of and satisfaction with existing products and/or functions. This processing also constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR. 

With the exception of the password, the registration data may be evaluated internally by LexCom and forwarded to dealers/order recipients, manufacturers and/or importers. This processing may be used as the basis for charging the manufacturer and/or importer for licenses, or for checking the status of the company (for example, as an authorized dealer) and subsequently activating the manufacturer and/or importer’s access to the respective LexCom service. In these cases, the processing is necessary for fulfilment of the contract with LexCom (Art. 6 (1) b) GDPR) or, in conjunction with evaluated usage and/or order data, it serves the purpose of providing an overview of the orders received as well as measuring the success and amount of usage and thus the product and sales optimisation for the benefit of the user. This constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f). 

In addition, you may enter optional information, which you may edit or delete at any time. 

LexCom will delete your registration information as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data. 

 

3.2 Payment data 

Where necessary, LexCom processes your payment data, such as credit card or bank details, for the purpose of payment handling and accounting as necessary for the selected mode of payment. To the extent necessary to process your transaction, your payment data will be provided to the service providers Wirecard (please see the Wirecard privacy policy at https://www.wirecardbank.com/GDPR) and Allpago as well as financial institutions or may be collected directly and processed by these organisations. Your payment data is stored in order to enable payment handling and accounting for the automatic extension of your subscription. We process your credit card data in accordance with the PCI DSS security standard. That means, for example, that LexCom never stores your credit card data as plain text. 

LexCom must process this payment data in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)). LexCom needs this information in order to contact you about any issues related to payment or performance of contracts. 

LexCom will delete your saved payment data as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data. 

 

3.3 Usage data 

Where necessary and described below, LexCom processes data about the scope and nature of your use of the LexCom services (hereinafter referred to as “usage data”).This includes the following data: 

  • Number of clicks on functions, buttons and tabs in LexCom services 

  • Opening of brand catalogues in LexCom services 

  • Evaluation of the use of the “image-text page sending” 

  • Number of requested vehicle identification numbers (VIN) 

Where individual LexCom services are subject to a charge depending on the scope of use, LexCom must monitor the scope of use in order to determine the need for a paid subscription in accordance with the General Terms and Conditions. This processing is then required for fulfilment of the contract pursuant to Art. 6 (1) b) GDPR. 

Furthermore, individual functions of the LexCom services can be analysed in a targeted manner, e.g. to measure the relevance or the success of the function or also – if the functions are not being used – to determine possible problems and then contact the users about these in a targeted manner. These evaluations are only ever used exclusively for the purposes of measuring the success and usage and optimising the product and sales in the interests of the customer, and constitute a legitimate interest for LexCom pursuant to Art. 6 (1) f) GDPR. 

LexCom will delete the usage data once the purpose of the processing has been achieved, provided that it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data. 

 

3.4 Order data 

The LexCom services may provide the option to order spare parts from other LexCom users. The personal data processed for this purpose is referred to here as “order data”. LexCom transfers the data collected from you on a case by case basis within the LexCom services used to the respective order recipients. This processing the serves the purpose of contract fulfilment in accordance with. Art. 6 (1) b) GDPR. 

The order data collected during the course of the initiated orders may be evaluated internally by LexCom and forwarded to dealers/order recipients, manufacturers and/or importers. This process serves the purpose of providing an overview of the orders received as well as measuring the success and amount of usage and thus the product and sales optimization for the benefit of the user. This constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)). 

LexCom will delete your order information as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this 

constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data. 

 

3.5 Contact by e-mail or using contact forms 

LexCom processes the data entered via the contact forms available on the LexCom websites, in the LexCom services as well as the data received via the contact e-mail addresses provided to handle your request or concern. Under no circumstances will this data be processed for any other purpose. Your personal data is processed on the basis of Art. 6 (1) b) GDPR. 

LexCom will delete the personal data transferred within the requests as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data. 

 

4. Cookies and Pixel Tags 

 

“Cookies” are small files that enable us to store some specific information related to you as a user on your PC or other terminal device when you use the LexCom web services. For example, cookies help us to determine the frequency of use and the number of actual users of our web services, analyse the user behaviour on our website, increase security, and design our web services so that they are as convenient, efficient and interesting for you as possible. LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)). Only you and LexCom have access to these cookies, which are used for the purposes described below. 

When you log in (with your company ID/ID and/or user name and password), the LexCom web services utilise session cookies with which you can be identified for the duration of your visit. The session cookies expire automatically after the end of your session, meaning that they are deleted. 

In addition, the LexCom web services use permanent cookies. These cookies store information about visitors accessing the LexCom web services repeatedly (for example, company ID, user name, language, time stamp of previous access). The purpose of these permanent cookies is, firstly, to present you with the relevant web service in the correct language even before you have logged in. Secondly, they enable you to return directly to your previous session if you did not log out after the last time you used the LexCom web service. The cookies we set do not generate an individual profile of your user behaviour. The cookies are automatically deleted within four weeks of your last session. 

Under certain circumstances, you may disable the storage of cookies or restrict it to specific websites in your browser, or set your browser to notify you as soon as a cookie is sent. You may also delete cookies from your terminal device at any time. However, please note that the use of LexCom web services is not possible if user cookies are rejected. 

We utilise pixel tags, web beacons, clear GIFs or similar mechanisms (“pixel tags”). A pixel tag is an image file or a link to an image file that is inserted into the code of the web page but not stored on your terminal device (e.g. computer, smartphone etc.). Pixel tags enable us, for example, to determine the browser used or the screen resolution. In this way, pixel tags help us optimise the efficiency of our web pages, and revise and optimise our offers and publicity activities. Our use of pixel tags does not involve any reference to any person; nor does any personalised tracking occur. Pixel tags usually work in conjunction with cookies. If you turn off cookies, the pixel tag will simply detect an anonymous website visit. 

 

5. Log Files 

 

Each time you open the LexCom website and whenever you log in to the LexCom services, access data is saved in a log file. The data stored includes the IP address, LexCom company ID, user name, session ID, login time and cookies and, if applicable, vehicle data (chassis number, vehicle registration number). 

LexCom requires this log data, firstly, to detect and correct any technical problems such as defective links or program bugs, i.e. to improve and develop the LexCom services. 

Secondly, LexCom can use log data to analyse the use of the LexCom services (e.g. certain functions) in more detail. This processing is also exclusively for the purpose of developing the services in the interests of the customer. At no time will the usage behaviour of specific accounts or users be analysed. 

Furthermore, LexCom needs this log data to detect any illegal and/or improper use of the LexCom services. For this reason, LexCom reserves the right to use the log data if there is evidence that users have used the LexCom services in a way that is illegal or violates the contract. This serves to protect the LexCom users, the security of their user data and LexCom itself. 

LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)). 

The log files are stored in our data centre for six months and then automatically deleted. 

 

6. Transmission to Third Countries 

 

We process the aforementioned personal data in the European Union and, in some cases, in Brazil, China, Japan as well as in the USA, Mexico and the United Kingdom. Data is only processed in these third countries in accordance with the EU’s standard data protection clauses as defined in GDPR Art. 46. You can view these clauses at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de 

 

7. Availability of the Privacy Statement 

 

You can retrieve and print out this Privacy Statement from any page of the LexCom websites and the websites of each LexCom web service or within the LexCom software by clicking the “Privacy” link. 

 

8. Assertion of Claims and Rights 

 

In accordance with the applicable data protection legislation, you have the right to information about your data (GDPR Art. 15), to rectification of it (GDPR Art. 16) and to deletion of it (GDPR Art. 17) or to restriction of its processing (GDPR Art. 18), as well as to data portability (GDPR Art. 20). 

If you have any further questions regarding data security when using the LexCom website and/or LexCom services, or if you would like to assert the aforementioned claims, please contact our data protection officer directly: 

LexCom Informationssysteme GmbH 
– Data Protection Officer – 
Rüdesheimer Str. 23 
80686 Munich 
​​​​​​​privacy@lexcom.de

You also have the right to file a complaint with the supervisory authority responsible for data protection if you believe that LexCom has failed to comply with the applicable data protection legislation. 

 

9. Right to Object 

 

You have the right to object to the processing of personal data that refers to you under the terms of items 4 and 5 of this Privacy Statement (i.e. processing in accordance with GDPR Art. 6 (1) f) for reasons resulting from your specific situation at any time. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate that it has compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.