1.1. Definitions and legal bases
Data subject means any identified or identifiable natural person whose personal data are processed by the controller (i.e. the party responsible for processing – in this case, Engelmann Limousinenservice GmbH).
Personal data means any information relating to a data subject; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The processing of personal data is lawful only if and to the extent that at least one of the following applies:
- Article 6(1)(a) of the GDPR serves as the legal basis for processing operations where we obtain consent for a specific purpose of processing.
- If the processing of personal data is necessary for the performance of a contract to which the data subject is party – as is, for example, the case with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration – processing is based on Article 6(1)(b) of the GDPR. The same goes for processing operations that are necessary to take steps prior to entering into a contract, e.g. in the case of enquiries about our products or services.
- Where our company is subject to a legal obligation requiring the processing of personal data, e.g. to comply with tax provisions, processing is based on Article 6(1)(c) of the GDPR.
- In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would, for example, be the case if a customer was injured and the name, age or other vital data had to be subsequently passed on to a doctor, hospital or other third parties. Processing would then be based on Article 6(1)(d) of the GDPR.
- Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This is the legal basis for processing operations that are not covered by any of the aforementioned legal bases if processing is necessary to pursue a legitimate interest of Engelmann Limousinenservice GmbH or a third party, except where such interest is overridden by the interests or fundamental rights and freedoms of the data subject.
If the legal basis ceases to exist over the course of time, e.g. where consent is withdrawn or a legitimate interest no longer applies, the personal data must be erased or excluded from processing, taking due account of statutory storage periods.
1.2. Data processing within Engelmann Limousinenservice GmbH
Our website may be used without entering personal information. Different rules may apply to certain services on our site, however, and are explained separately below. We process personal data (e.g. name, address, email address, telephone number, etc.) solely within the limits of the statutory provisions of the German Federal Data Protection Act (BDSG), the European General Data Protection Regulation and the country-specific data protection provisions applying to Engelmann Limousinenservice GmbH and, in particular, solely for our own purposes.
The following regulations inform you in this respect about the type, scope and purpose of the collection, use and processing of personal data by the provider Engelmann Limousinenservice GmbH.
We generally don’t store data relating to customers centrally.
When Engelmann Limousinenservice GmbH transfers personal data to third parties (usually service providers handling orders), we do so in accordance with the provisions of the German Federal Data Protection Act and the European General Data Protection Regulation. When we do so, we limit the amount of data we transfer to a strict minimum.
Engelmann Limousinenservice GmbH generally erases personal data or exclude it from processing as soon as the purpose of processing no longer applies. We only continue to store such data where this is stipulated by national or European lawmakers in Union regulations, laws or other provisions to which the controller is subject.
Engelmann Limousinenservice GmbH has implemented numerous technical and organizational measures in all processing operations to ensure that the personal data we process are protected as fully as possible. Nevertheless, web-based transfers of data in particular may display security gaps, so that absolute protection cannot be guaranteed.
1.4 Who is responsible and whom can I apply to?
The party responsible for the purposes of the GDPR, other data protection legislation in force in the member states of the European Union and other provisions of a data protection nature is:
Engelmann Limousinenservice GmbH
Represented by its managing director: Martin Sieber
Phone: +49 (0) 171 376 4983
Register court: Amtsgericht München
Register number: HRB 245594
VAT identification number: DE321467078
Our Data Protection Officer can be contacted by email at firstname.lastname@example.org or by post at the above address. Any data subject can address enquiries and concerns relating to data protection directly to our Data Protection Officer at any time.
Those responsible for our website are indicated in the respective site notice:
2. Publicly accessible web offerings
We generally process personal data of persons making use of our web offerings only if and to the extent that this is necessary to make available a functioning website as well as our web content and services. Where a data subject wishes to make use of services via our website, processing of personal data may thus be necessary.
If processing of personal data is necessary in our view and there is no legal basis for such processing other than consent, we generally obtain such consent from the data subject, except in cases where consent cannot be obtained beforehand for practical reasons and processing of data is permitted by law.
2.1. Provision of website und creation of log files
You may use our websites for information purposes only, i.e. if you don’t register or otherwise send us information, without disclosing any personal data. Nevertheless, whenever you view our web pages, our system automatically records data on every server access concerning our offerings (so-called ‘server log files’). The access data include the name of the web page you requested, file, request date/time, volume of data transferred, ‘successful request’ report, type of browser plus version, your operating system, referrer URL (the page previously visited), IP address and the requesting provider. We use the log file data, without matching it to your person or any other profile, solely for statistical analysis for the purpose of operating, securing and optimizing our websites. At the same time, we reserve the right to subsequently check the log file data if we have legitimate grounds for suspecting unlawful use.
Temporary system storage of your IP address is necessary to enable delivery of the website to your computer. For this purpose, your IP address has to remain stored for the duration of the session. The legal basis for temporary storage of data and log files is Article 6(1)(f) of the GDPR.
The data are erased as soon as they are no longer necessary for achieving the purpose of their collection. Where the data are recorded for the purpose of making available our web offerings, this is the case when the respective session ends. Where the data are stored in log files, this is the case after 14 days at the latest. The data may also be stored for longer. In this case, your IP address will be erased or scrambled so that it can no longer be attributed to you.
Recording data for the purpose of making available our web offerings and storing data in log files are essential for operating our websites. You consequently have no right of objection thereto.
2.2. Use of external services
The purpose of using technically necessary cookies is to make using our websites easier for you. We cannot provide some of our website functions without using cookies. These functions need to be able to recognize your browser after you move from one web page to another. We don’t use the data we collect from users via technically necessary cookies to create user profiles. We use analysis cookies to enhance the quality of our websites and their content. Through analysis cookies, we learn how our websites are used and can thus continuously optimize our offerings.
The legal basis for processing personal data using cookies is Article 6(1)(f) of the GDPR. The legal basis for processing personal data using cookies for analytical purposes is your consent to this in accordance with Article 6(1)(a) of the GDPR.
2.2.2. Google Analytics
You may object to collection of your data by Google Analytics and processing of these data by Google in the future by installing a deactivation add-on for your browser.
We use Google Analytics to analyze and continuously improve our websites. The statistics we obtain enable us to improve our web offerings and make them more attractive for you. In the exceptional cases in which personal data are transferred to the US, Google recognizes the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Article 6(1)(f) of the GDPR.
The data we transmit are automatically erased after 14 months. Data whose storage period has expired are automatically erased once a month.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
User terms and conditions: http://www.google.com/analytics/terms/de.html,
Übersicht zum Datenschutz: http://www.google.com/intl/de/analytics/learn/privacy.html,
sowie die Datenschutzerklärung: http://www.google.de/intl/de/policies/privacy.
2.2.3. Use of social media
We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
a) Use of facebook components
We use components of the provider facebook.comon our site. Facebook is a service of facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Every time you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the facebook component. Through this process facebook is informed about which specific page of our website you are currently visiting.
If you access our site while logged in to facebook, facebook uses the information collected by the component to identify which specific page you are visiting and assigns this information to your personal account on facebook. For example, if you click the "I like" button or make comments, this information is transferred to your personal user account on facebook and stored there. Furthermore, the information that you have visited our site will be forwarded to facebook. This happens regardless of whether you click on the component or not.
If you want to prevent this transmission and storage of data about you and your behavior on our website through facebook, you must log out of facebook before you visit our site. The data protection notices of facebook provide more detailed information, in particular on the collection and use of the data by facebook, on your rights in this regard and on the setting options for the protection of your privacy: https://de-de.facebook.com/about/privacy/
b) Use of Instagram
We use the Instagram service on our website. Instagram is a service of Instagram Inc. the integrated "Insta" button on our site informs Instagram that you have visited the corresponding page of our website. If you are logged in to Instagram, Instagram can associate this visit to our site with your Instagram account and link the data. Instagram saves the data transmitted by clicking the "Insta" button. For information about the purpose and scope of data collection, processing and use, and your rights and privacy choices, please refer to the Instagram Privacy Notices, which can be found at https://help.instagram.com/519522125107875
To prevent Instagram from associating your visit to our site with your Instagram account, you must log out of your Instagram account before visiting our site.
2.2.4. Embedding third-party payment providers' services
We use external payment service providers through whose platforms the users and we can carry out payment transactions
We use payment service providers for the fulfilment of contracts on the basis of Article 6 (1)(b) of the GDPR. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to Article 6 (1)(f) of the GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, totals and recipient information. This information is required to execute the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. The data may be transferred by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service provider. (https://www.braintreepayments.com/en-de/legal/braintree-privacy-policy)
For payment transactions, the terms and conditions and the data protection information of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply. We refer to these also for the purpose of further information and assertion of rights of revocation, information and other interested parties.
Credit card data
All bookings with Engelmann Limousinenservice GmbH can be paid by credit card.
For this purpose, a certified payment provider is used whose systems comply with the applicable security standards, such as the PCI-DSS standard (Payment Card Industry Data Security Standard). This is handled by Braintree, a service of PayPal. 2018 PayPal; PayPal (Europe) S.a.r.l. et Cie, S.C.A.. For recurring transactions, credit card data is stored by the PCI-DSS-certified payment provider. The legal basis for such processing is Article 6 (1)(b) of the GDPR.
Engelmann Limousinenservice GmbH itself does not store credit card data or only stores it in abbreviated form for analysis purposes or to avoid cases of fraud. The legal basis for this is Article 6 (1)(f) of the GDPR.
2.3. Email contact, including contact forms on the websites
You can contact us at the email addresses made available on our websites. Emails to us are also generated by the contact forms provided. The personal data of users transmitted with these emails are stored in our email archive. No data are passed on to third parties. The data are used only for the purpose of conducting our conversation.
The legal basis for processing data transmitted in an email is Article 6(1)(f) of the GDPR. When we are contacted by email, we have a legitimate interest in processing the personal data therein in order to deal with the reason for the contact. Article 6(1)(b) of the GDPR provides a further basis for processing the data. Processing is necessary for the purpose of handling an enquiry which constitutes a quasi-contractual relationship. The consent criterion in accordance with Article 6(1)(a) of the GDPR also provides justification for storing these data while the task is being handled.
Engelmann Limousinenservice GmbH generally treats emails as business correspondence and has determined that they will be retained in its email archive for a period of ten years. At the end of this period, they are automatically deleted.
2.4. Booking procedures
The Engelmann Limousinenservice GmbH processes the personal data provided by you when you register and use the booking portal or when booking rides.
The data is used for the services of the Engelmann Limousinenservice GmbH, i.e.for the personalized fulfillment of the framework agreement after registration, for the procurement of booked rides and for the fulfillment of the contract of carriage for the benefit of the customer. Engelmann Limousinenservice GmbH can provide data to third parties, if necessary, in particular to limousine service providers so that the customer can be transported in accordance with their booking and the transport can be processed. The payment data collected is stored via a payment service provider and transferred to the intermediary financial service provider or bank.
The legal basis for processing personal data during the registered use of the services of the Engelmann Limousinenservice GmbH and for booking rides is Article 6 (1)(b) of the GDPR. If the data subject provides additional information voluntarily (e.g. flight number or special requests), the legal basis is their consent according to Article 6 (1)(a) of the GDPR and our legitimate interest according to Article 6 (1)(f) of the GDPR.
In addition, Engelmann Limousinenservice GmbH processes personal data in order to analyze, personalize and improve the use of the services according to the demand, to identify, limit and eliminate technical or process-related malfunctions and problems and to prevent illegal use (e.g. fraudulent booking, cyber attacks). The legal basis for the processing of personal data is Article 6 (1)(f) of the GDPR.
3. What right to data protection do I have?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right ‘to be forgotten’ under Article 17 of the GDPR, the right to restrict processing under Article 18 of the GDPR, the right to object to the processing of personal data under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. The right to information and the right to be forgotten are subject to the restrictions set out in sections 34 and 35 of the German Data Protection Act. You can assert these rights against the Engelmann Limousinenservice GmbH. You also have the right to lodge a complaint with the responsible data protection authority (Article 77 of the GDPR in conjunction with section 19 of the German Data Protection Act). The authority with jurisdiction over us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
At any time, you can withdraw your consent permitting us to process your data. This also applies to the withdrawal of consent given to us before the GDPR took effect, i.e. before 25 May 2018. Please note that the withdrawal of consent covers only future processing of personal data. Processing which took place before the withdrawal will not be affected.
Information about your right to object under Article 21 of the GDPR:
Individual right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR (data processing on the basis of striking a balance between legitimate interests). This also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the purpose of establishing, exercising or defending legal claims.
How to object
There is no special form to fill in. Just send your objection to the following address, quoting ‘objection’ as the subject, and include your name, address and date of birth::
Engelmann Limousinenservice GmbH