Data Protection Statement

Information by the Contipark Group of Companies, Germany on the processing of personal data (Privacy Statement)

The following information is to provide you with an overview regarding the processing of your personal data by the organizations of the Contipark group of companies in Germany listed below, and your respective rights in this regard:

Contipark Parkgaragengesellschaft mit beschränkter Haftung
Rankestrasse 13
10789 Berlin
Phone: +49 30 250097 0
E-mail: info@contipark.de

You can reach our data protection officer at the above postal address or by e-mail sent to: datenschutz@contipark.de.

Contipark International Parking GmbH
Rankestrasse 13
10789 Berlin
Phone: +49 30 250097 0
E-mail: info@contipark.de

You can reach our data protection officer at the above postal address or by e-mail sent to: datenschutz@contipark.de.

Servipark Deutschland GmbH
Möllendorffstrasse 47
10367 Berlin
Phone: +49 30 319871 549
E-mail: servipark@contipark.de

You can reach our data protection officer at the above postal address or by e-mail sent to: datenschutz@contipark.de.

A. General information applicable to processing

We process your personal data in accordance with the provisions laid down in the European General Data Protection Regulation (GDPR) and all other relevant laws, such as the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). Where required, we will seek to obtain your prior consent.

1. Definitions

‘Personal data’ refers to any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data with or without the assistance of automated means. The term is broadly defined and practically encompasses any form of handling data.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

For more information on these and other related definitions, please refer to the Definitions under Article 4 of the General Data Protection Regulation (GDPR).

2. Collaboration with processors and third parties

Within the whole group of companies those bodies will have access to your data which require such data to fulfil our contractual performance and legal obligations. Insofar as your data are forwarded within the group or to enlist third-party services (for example, billing services, IT services, consultation, sales and marketing, data destruction, logistics, telecommunications), they will be forwarded on the basis of a legal permission only, for example if the data must be transmitted to third parties such as payment services providers, in accordance with Art. 6 (1) lit. b GDPR for the purpose of complying with the contract, if you consented to this pursuant Art. 6 (1) lit. a) GDPR, if a legal obligation provides for this according to Art. 6 (1) lit. c) GDPR or on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR.

If we contract third parties to process data on the basis of a so-called data processing contract, this is governed by Art. 28 GDPR.

3. Transfer to third countries

In principle, we do not transfer personal data to bodies in third countries (outside of the EU or EEA) or international organizations.

Provided that, in the exceptional case, we process personal data in a third country (meaning outside of the European Union (EU) or the European Economic Area (EEA)) or this occurs in the framework of contracting third-party services or the disclosure or transfer of data to third parties, this is performed for the purpose of meeting the above intentions only. Subject to statutory or contractual permissions, we would process or have a third party process the data in a third country only if special requirements apply in accordance with Art. 44 et seq. GDPR. This means that in those cases data will be processed, for example, subject to special safeguards, such as the officially-recognized EU-compliant level of protection of personal data (e.g. the Privacy Shield as applied in USA) or the consideration of officially-recognized, special contractual obligations (so-called ‘standard contractual clauses’). You may request information about the safeguards which we have implemented to comply with an appropriate level of protection of personal data from the contact addresses stated.

4. Rights of the data subject

You have the right to request a confirmation stating whether the data concerning the data subject are being processed; to access these data; and to receive further information and a copy of the data in accordance with Art. 15 GDPR.

According to Art. 16 GDPR, you have the right to request that the data concerning you as the data subject be completed, or that any incorrect data on you be rectified.

In accordance with Art. 17 GDPR, you have the right to request that the data concerning you as the data subject be immediately erased or in the alternative and in accordance with Art. 18 GDPR, the processing of the data be restricted.

You have the right to request that you receive the data that concern you as the data subject which you provided to us in accordance with Art. 20 GDPR and that they be transferred to other controllers.

Moreover, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, such as:

Berlin Commissioner for Data Protection and Freedom of Information
(Berliner Beauftragte für Datenschutz und Informationsfreiheit)
Friedrichstrasse 219
10969 Berlin

5. Right of withdrawal

According to Art. 7 (3) GDPR, you have the right to withdraw any consent you may have issued anytime without stating reasons and effective for the future. You may do so by simple notification sent to the above contact addresses.

6. Right to object

You may object to the future processing of data that concern you in accordance with Art. 21 GDPR anytime. The objection may be issued especially against processing for the purposes of direct marketing.

7. Erasure of data

The data which we process will be erased in accordance with Art. 17 and 18 GDPR, or their processing will be restricted. Unless expressly specified otherwise within the framework of this privacy statement, data which we store will be erased as soon as they are no longer required for their intended purpose and if there are no statutory retention obligations that oppose their erasure. Provided that the data will not be erased because they are required for other purposes which are legally permissible, their processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data which need to be saved for commercial law-related or tax law-related reasons.

According to legal stipulations in Germany, the retention period is six years especially for commercial letters and similar correspondence; and ten years for trading books and similar documentation, accounting documents and documents that are relevant for taxation purposes. Moreover, data are retained insofar as is necessary to preserve evidence within the framework of statutory periods of limitation. According to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these periods of limitation may be up to 30 years whereby the routine period of limitation is three years.

B. Processing in detail

1. Processing personal data on websites

The data controller (company) depending on the websites that you visited is:
Contipark Parkgaragengesellschaft mit beschränkter Haftung, Servipark Deutschland GmbH

1.1. Hosting

The hosting that we refer to serves the purpose of providing the following services: infrastructure and platform services; computing capacity; storage space and database services; security services and technical maintenance services which we employ to operate this online offer.

For this we save, or our hosting provider saves the following data connected to the website: user data that arise; contact data; content-related data; contractual data; usage data; meta and communication data of customers, prospective customers and visitors of this online offer on the basis of our legitimate interest in the efficient and safe delivery of this online offer in accordance with Art. 6 (1) lit. f GDPR in connection with Article 28 GDPR (data processing contract).

1.2 Collecting access data and log files

We, or our hosting provider, will collect on the basis of our legitimate interests in the meaning of Art. 6 (1) lit. f GDPR, and here in particular our interest in the safe and efficient delivery of our website, data relating to any access to the server which hosts this service (so-called server log files). Access data include the names of prompted websites, the file, date and time of the prompt, the volume of the data transfer, a message regarding the successful download, the type of browser plus its version, the user’s operating system, referral URL (previously visited page), IP address and enquiring provider.

Server log file information will be saved for reasons of security (e.g. to clarify misuse or fraud) for a maximum seven days before being erased. Data that must be retained for the purpose of evidence are excluded from being erased until the individual incident has been clarified.

1.3 Comments and posts

If users submit comments or other posts, then in addition to your comment, information regarding the time of creation, their IP addresses, the e-mail address and the user name that you chose will be saved on the basis of our legitimate interests in the meaning of Art. 6 (1) lit. f GDPR for a period of seven days. This applies for our own security should anyone leave illegal content in the comments or posts (insults, prohibited political propaganda, etc.). In such a case we might ourselves be prosecuted for the comment or the post and for this reason are interested in the identity of the author.

1.4. Google Analytics

On the basis of our legitimate interests (i.e. the interest in the analysis, optimization, and economic operation of our online offer in the meaning of Art. 6 (1) lit. f GDPR) we use Google Analytics, a web analytics service provided by Google LLC (‘Google’). Google uses cookies. Information on the use of the online offer generated through cookies is generally transmitted to and saved on a Google server in the US.

Google is Privacy Shield-accredited and therefore guarantees to comply with the appropriate data protection standards (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf for the purpose of evaluating the use of our online offer, compiling reports on activity within the framework of this online offer and providing other services relating to the use of this online offer and internet usage for us. The processed data may be used to create a user profile under a pseudonym.

We use Google Analytics with enabled IP anonymization only. This means that the IP address of Google users in member states of the European Union or other member states of the European Economic Area is truncated before sending. Only in exceptional cases will the IP address be sent in full form to a Google server in the US and truncated there.

The IP address sent by your browser will not be consolidated with other Google data. Users may refuse the saving of cookies with the respective settings in their browser software. Also, to opt out of data collected by cookies and the use of data related to the online offer for Google as well as the processing of these data by Google, users may download and install the add-on for their current web browser available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively to the browser add-on or while the browser on a mobile terminal device is open, please click the following link to opt out of Google Analytics collecting data in the future while on this website: Analytics Opt-out. This places an opt-out cookie on your device. If you delete your cookies, you will have to click on this link again.

For more information on data usage by Google, on setting options and your possibilities to object, please go to the following Google webpages: https://www.google.com/intl/de/policies/privacy/partners (‘How Google uses information from sites or apps that use our services’), http://www.google.com/policies/technologies/ads (‘How Google uses data for advertising’), http://www.google.de/settings/ads (‘Control the information Google uses to show you ads’).

1.5. Embedding third-party services and content

On the basis of our legitimate interests (i.e. the interest in the analysis, optimization, and economic operation of our online offer in the meaning of Art. 6 (1) lit. f GDPR) we use within the framework of our online offer third-party content or service offers to embed their content and services such as videos or fonts (the ‘Content’).

The requirement for this is always that third-party providers of such Content see the user’s IP address because, without the IP address, they are unable to send the Content to their browser. The IP address is therefore required to show this Content. We endeavor to use only such Content whose individual provider merely uses the IP address to deliver the Content. Third-party providers can use so-called pixel tags (invisible graphics also called web beacons) for statistical or marketing purposes. These pixel tags enable the analysis of information such as visitor traffic on the sites. The pseudonymous information may also be saved in cookies on the users’ respective device and, amongst others, may contain technical information on the browser and operating system, referral URLs, the duration of the visit and additional information regarding the use of the online offer as well as information from alternative sources.

We cannot control the collection of your data by third-party providers. The processing of your data by the individual third-party processor is exclusively subject to the data protection provisions of the third-party processors.

In detail:

Vimeo
We embed videos posted on the ‘Vimeo’ platform by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy statement: https://vimeo.com/privacy.

YouTube
We embed videos posted on the ‘YouTube’ platform by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Maps
We embed the maps provided by Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts
We embed Google Fonts by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google ReCaptcha
We embed the functionality to recognize bots, e.g. while completing online forms (‘ReCaptcha’), by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

1.6. Google re/marketing services

On the basis of our legitimate interests (i.e. the interest in the analysis, optimization, and economic operation of our online offer in the meaning of Art. 6 (1) lit. f. GDPR) we use the marketing and remarketing services (‘Google Marketing Services’) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (‘Google’).

Google is Privacy Shield-accredited and therefore guarantees to comply with the appropriate data protection standards (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services enable us to place more specific ads for us and on our website so that users only see ads that are potentially aligned with their interests. If, for example, ads promoting products which a user is interested in are shown to a user on other websites, this is termed ‘remarketing’. For these purposes and when prompting our and other websites where Google Marketing Services are enabled, Google directly activates a Google code and so-called (re)marketing tags (invisible graphics or code, also termed web beacons) are embedded in the website. With the help of these web beacons a personalized cookie, i.e. a small text file (instead of cookies, comparable technology may also be used) is saved on the user’s device. The cookies may be placed by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. These files record which websites the user visited; which content the user showed interest in; and which offers the user clicked on; also, technical information on the browser and the operating system, referral URLs, the duration of the visit and additional information on the use of the online offer. The user’s IP address is also recorded, whereby in the framework of Google Analytics this means that the IP address in member states of the European Union or other member states of the European Economic Area is truncated before sending and only transmitted to a Google server in USA as a whole in the exceptional case, where it is then truncated. The user’s IP address is not consolidated with other Google data from other offers. Google may also consolidate the above information with such information from other sources. If the user goes on to visit other websites, he will be shown personalized ads that have been aligned with his specific interests.

User data are processed in the framework of Google Marketing Services, meaning Google saves and processes e.g. not the name or the e-mail address of the user, but processes the relevant cookie-related data within user profiles under a pseudonym. This means that from Google’s perspective, the ads are not managed and shown for a specific person whose identity is known, but for the cookie owner regardless of who the cookie owner is. This does not apply if a user expressly consents to Google processing the data without pseudonymization. The information gathered by Google Marketing Services on the users is transmitted to Google and saved on Google servers in the US.

The Google Marketing Services which we refer to include, for example, Google AdWords. As for Google AdWords, each AdWords client receives a different conversion cookie. Cookies therefore cannot be traced across websites of AdWords clients. The information collected using AdWords serves to create conversion rate statistics for AdWords clients which have opted-in for conversion tracking. AdWords clients learn about the total number of users that clicked on their ad and were referred to a site using a conversion tracking tag. However, they do not receive information which will enable the identification of the user.

On the basis of Google Marketing Services we can embed AdSense ads by third parties. AdSense uses cookies which enable Google and its partner websites to place ads based on the visits of users to this website or to other websites on the Internet.

We may also use the Google Tag Manager to embed and manage Google Analytics and Google Marketing Services in our website.

For more information on the use of data for marketing purposes by Google, please go to the following overview site: https://www.google.com/policies/technologies/ads, Google’s privacy statement can be retrieved here: https://www.google.com/policies/privacy/.

If you prefer to opt-out of interest-based advertising from Google Marketing Services, please use the settings and opt-out preferences provided by Google: http://www.google.com/ads/preferences.

1.7. Share button

The Share buttons used by our online presence protects your data. These Share buttons enable greater privacy on the Internet. This makes it possible to protect our users against the exaggerated inquisitiveness of social media networks like Facebook, Google+ and Twitter. When using our online offer, no data are collected for and transmitted to social media networks. However, users are free to share posts or pages with their preferred social media networks. Only after clicking on the Share button is the user redirected to their chosen social media network. Only then are data sent to the respective services. Provided that users do not use a Share button to visit a social media network, there will be no data connection between the user and the social network.

When prompting the individual networks and platforms, the terms and conditions as well as data processing rules of their respective providers apply.

1.8. Cookies and the right to object to direct marketing

Cookies are small text files which are saved on the users’ computers. Cookies may save a variety of different information. A cookie primarily saves the details regarding a user (or the device on which the cookie is saved) while or even after their visit of the online offer. Temporary cookies, so-called session cookies or transient cookies, are cookies which are deleted after the user leaves an online offer and closes his browser. Such a cookie can save, for example, the content of a shopping basket of an online shop or the log-in status. Permanent or persistent cookies are cookies which remain saved even after the user closed the browser. For example, the log-in status may be saved for when the user returns after a few days. Likewise, such a cookie may save the interests of users which are used to measure the reach, or for marketing purposes. Third-party cookies are cookies which are managed by providers other than the controller of the online offer (otherwise, if they are their cookies only, they are termed first-party cookies).

If users prefer not to have cookies saved on their computer, they are asked to opt-out of the respective system setting in their browser. Saved cookies can be deleted in the browser’s system settings. Opting-out of the use of cookies may limit the use of the online offer’s functionalities.

The general objection to the use of cookies employed for online marketing purposes for a number of services, especially for tracking, can be declared via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Also, the saving of cookies by opting out can be prevented in the browser settings. Please be mindful that it is possible that the full functionality of the online offer may not be available.

2. Video surveillance

The controllers (companies) depending on the parking facility that you visited are:
Contipark Parkgaragengesellschaft mbH
Contipark International Parking GmbH

Because of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR as well as Section 4 GDPR which authorizes us to exercise house rules, to collect evidence and to pursue cases of fraud and other criminal offenses, our parking facilities are partially under video surveillance. Video surveillance is also conducted for us to fulfil our contractual obligations toward you (Art. 6 (1) lit. b GDPR) as it is necessary to contact our central technical customer service and to remedy malfunctions.

The recorded data will be erased within 14 days after recording the latest, unless a specific reason applies to document them for a longer period, especially if the documentation is required to solve specific criminal offences. In these cases, we collect by virtue of our legitimate interest additional contact details from the Federal Motor Transport Authority (Kraftfahrbundesamt) or the central office of vehicle insurers (Zentralruf der Autoversicherer).

3. License plate recognition

The controllers (companies) depending on the parking facility that you visited are:
Contipark Parkgaragengesellschaft mbH
Contipark International Parking GmbH

We process the vehicle license plate by virtue of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR as well as Section 4 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) which authorizes us to exercise the house rules, to prevent cases of fraud and to assert our contractual terms and conditions of parking.

Data collected by automated system will be erased immediately on driving out of the parking facility, unless a specific reason applies to retain their documentation for a longer period, especially if documentation is required to solve specific criminal offences or to assert our contractual rights and obligations. In these cases, we collect by virtue of our legitimate interest additional contact details from the Federal Motor Transport Authority (Kraftfahrbundesamt) or the central office of vehicle insurers (Zentralruf der Autoversicherer).

4. Processing personal data to perform contractual services

The controllers (companies) depending on your contract are:
Contipark Parkgaragengesellschaft mbH
Contipark International Parking GmbH
Servipark Deutschland GmbH

We process user data (e.g. family name and addresses as well as contact data of users) and contractual data (e.g. services referred to, name of contact persons, payment information) for the purpose of fulfilling our contractual obligations and service delivery pursuant to Art. 6 (1) lit. b. GDPR. We only collect the data required for the conclusion of the contract or the performance of the contract and use them exclusively for these purposes. To assert contractual claims or the required data in relation to the processing of damage in the framework of a contractual relationship we also collect data from third parties such as the Federal Motor Transport Authority (Kraftfahrbundesamt) or the central office of vehicle insurers (Zentralruf der Autoversicherer).

The data will be erased upon expiration of statutory warranty periods, the necessity to retain the data will be reviewed every three years; if archiving is mandatory by law, the data will be erased once they said obligations have expired provided there are no specific grounds to further retain the data. Customer account information remains there until deleted.

5. Processing personal data during contact

The controllers (companies) depending on your request are:
Contipark Parkgaragengesellschaft mbH
Contipark International Parking GmbH
Servipark Deutschland GmbH

When contacting us (e.g. via the contact form, by e-mail, telephone or via social media) the user’s information is processed to deal with the contact request and settle it pursuant to Art. 6 (1) lit. b GDPR or to exercise our legitimate interests pursuant to Art. 6 (1) lit. b) GDPR in the execution of the communication as requested by the user. The user information may be saved in a Customer Relationship Management System (CRM System) or any comparable arrangement of enquiries.

We will erase enquiries and the related communication with the user provided that they are no longer required to process the enquiries. We review the necessity every other year; also, archiving is required by law.

6. Processing the personal data of job applicants

The controllers (companies) depending on the company offering the vacancy are:
Contipark Parkgaragengesellschaft mbH
Contipark International Parking GmbH

If you forward your personal data to us in connection with an application to a vacancy at one of our companies or as an unsolicited application, this is done voluntarily. Application data may contain the following information: particulars (first name and family name, date of birth, address, possibly information about dependents), communication data (e-mail address, mobile phone number and landline number, Skype handle), data on the professional career to-date (school education, vocational training and vocational certificates), details regarding other qualifications, areas of interest, personal preferences, wishes for the future, information about salary expectations and the earliest possible date of entry/notice period, applicant’s photo.

We will use the information which you transmitted to us to process your application for the available vacancy only or, in the event of an unsolicited application, for comparison with all available vacancies at one of our companies to review the possibilities of forming an employment contract with you pursuant to Art. 6 (1) lit. b) GDPR. Only those individuals will learn about your personal data who are involved in the application process. Within a period of three months after forming the specific application/review process, all data on you will be erased immediately. This is not the case if statutory provisions oppose the erasure and the further storing of data is required for the purpose of providing evidence or you expressly consented to the extended storing of the data, for example in order to be considered for any future vacancies to be filled. You may object to the use of your data for the above purposes anytime, or request that the data be erased.

7. Processing personal data for newsletter subscription

The controller (responsible company) is:
Servipark Deutschland GmbH

7.1. Consent / withdrawal of consent

We send newsletters, e-mails and additional electronic notifications containing promotional information (‘Newsletter’) only with your consent or if permitted by law. To send the newsletter, we process your e-mail address and for registered customers, the name to personalize the salutation.

Forwarding of the newsletter and the related performance measurement are carried out on the basis of a consent given by the recipients in accordance with Art. 6 (1) lit. a, Art. 7 GDPR in connection with Section 7 (2) no. 3 of the German Fair Trade Practices Act (Gesetz gegen unlauteren Wettbewerb, UWG) or if permitted by law pursuant to Section 7 (3) UWG.

The registration process is recorded on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR. Our interest targets a user-friendly and safe newsletter system which both serves our business interests and meets the users’ expectations and also permits us to prove that a consent was issued.

Provided that in the context of subscribing to a newsletter its content must be specified, such content is crucial to the subscriber’s consent. Also, our newsletters contain information on our services and about us as well as on companies associated with us and our services.

Double opt-in and logging: Subscribing to our newsletter is subject to what is termed a double opt-in process. This means that after subscribing, you receive an e-mail in which you confirm your subscription. This confirmation is necessary to ensure that nobody registers with a third-party e-mail address. Newsletter subscriptions are recorded in order to prove that the subscription process complies with legal requirements. This also includes saving the time of the subscription and the time of confirmation as well as the IP address. Also, the changes to your data saved with the e-mail-handling service provider are recorded.

Unsubscribe/withdrawal – you may unsubscribe from our newsletter anytime, meaning you may withdraw your consent. A link to unsubscribe from the newsletter is at the end of each newsletter. We may save any delisted e-mail addresses up to three years on the basis of our legitimate interests before we erase them for the purpose of sending out newsletters, so that we may provide evidence of any previously issued consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual request to erase is possible anytime provided that at the same time, the former existence of a consent is confirmed.

7.2. Mailing

The newsletter is sent via an e-mail-handling service provider, SC-Networks GmbH, Enzianstrasse 2, 82319 Starnberg, Germany. To review the data privacy statement of the e-mail-handling service provider, please go to: https://www.sc-networks.de/unternehmen/datenschutz/. We use the e-mail-handling service provider on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR and a data processing contract in accordance with Art. 28 (3) sentence 1 GDPR.

The e-mail-handling service provider may use the recipients’ data under a pseudonym meaning without allocation to a specific user, in order to optimize or to improve their own service, e.g. to technically optimize the sending and the presentation of the newsletter or for statistical purposes. However, the e-mail-handling service provider does not use the data from our newsletter recipients to address these independently or to forward the data to third parties.

7.3. Measuring success

Newsletters contain a so-called web beacon. A web beacon is a pixel file which is retrieved by our server when opening the newsletter or, if we use an e-mail-handling service provider, by their server. In the framework of this retrieval technical information is initially raised such as information on the browser and your system as well as your IP address and the time when the information was retrieved.

This information is used to technically improve the service using the technical data or the target groups and your reading behavior using the locations of retrieval (which can be determined with the help of your IP address) or the times of access. The statistical collection also includes determining if the newsletters were opened, when they were opened, and which links were clicked on. This information may be allocated to the individual newsletter recipients for technical reasons. However, we neither strive to, nor, if contracted, does the e-mail-handling service provider scrutinize individual users. The evaluation instead serves to recognize the reading habits of our users and to adapt our content to them or send out different content according to the interests of our users.

8. Processing of personal data while using the DB Bahn Park App

The controller (responsible company) is:
Servipark Deutschland GmbH

In the framework of using the DB Bahn Park App we process your P-Card number, e-mail address, telephone number, the vehicle license plate and the password issued to you for use of the app for the purpose of fulfilling our contractual obligations and service delivery in accordance with Art. 6 (1) lit b. GDPR. We only collect the data required for use of the DB Bahn Park App and the associated performance of the contract.

9. Processing of personal data while using the Contipark App

The controller (responsible company) is:
Contipark Parkgaragengesellschaft mit beschränkter Haftung

We, or our hosting provider, will collect data on the basis of our legitimate interests in the meaning of Art. 6 (1) lit. f GDPR relating to any access to the server which hosts this service (so-called server log files). Access data include the names of prompted websites, the file, date and time of the prompt, the volume of the data transfer, a message regarding the successful download, the type of browser plus its version, the user’s operating system, referral URL (previously visited page), IP address and enquiring provider.

Server log file information will be saved for reasons of security (e.g. to clarify misuse or fraud) for a maximum seven days before being erased. Data that must be retained for the purpose of evidence are excluded from being erased until the individual incident has been clarified.

Version: May 2018