This policy sets out how Auticon Ltd uses and protects your personal information, including data from the use of our website.
Auticon Ltd (for the purposes of this document: Auticon) is the data controller for personal data of visitors, clients and employees. For the purpose of this document the terms will have the following definitions/group terms
- ‘employees’ for current, past and potential employees
- ‘clients’ for potential, historic and current clients
- ‘visitors’ for website visitors
Our ICO registration number is ZA191331.
We do not trade personal data for commercial purposes and will only disclose it if required by law, or if it is with your consent. Auticon uses providers based in the European Economic Area to process employee data.
This policy was updated in May 2018 to show that we are adhering to the new General Data Protection Regulation (GDPR), which has come into force on 25th May 2018.
Contact us on firstname.lastname@example.org for any data protection queries.
1. Name and address of the controller
The controller as defined in the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
5A Bear Lane
London SE1 0UH
1 Primrose Street
London EC2A 2EX
+44 (0) 2032 9090 28
2. Name and address of the data protection officer
The data protection officer of the controller is:
Contact details as above
You can always object to the placement of cookies by making appropriate changes in your browser settings. Stored cookies can be deleted. Please note that you may not be able to use the full functionality of our website if you deactivate cookies.
4. Creation of log files
Every time the website is accessed, Auticon collects data and information with an automated system and stores it in the server’s log files.
The automated system can collect the following data:
- Information about the type of browser and the browser version
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time accessed
- Referring websites
- Websites accessed by the user’s system from our website
The purpose of processing the data is to supply our website content, optimise our website and ensure our information technology systems are working properly. Log file data is always stored separately from the users’ other personal data.
5. Registration via our website
If the data subject contacts Auticon and provides personal data, the data will be stored exclusively for the purpose of being used internally by the controller.
We will not share this data with third parties unless we have your consent or are required to do so by law.
The data subject always has the right to access personal data which has been stored concerning them.
6. Ways to contact us
Please see section 1 for contact details. If the data subject contacts the controller through one of these channels, the personal data transferred by the data subject will be stored automatically. This data is stored exclusively for the purpose of processing or contacting the data subject. We will not share this data with third parties.
6.1 Employees and job applicants
If you apply to work at Auticon, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside Auticon – for example, if we need a reference, or need to get a ‘disclosure’ from the Criminal Records Bureau – we will make sure we tell you beforehand, unless we are required to disclose this information by law.
If you are unsuccessful in your job application, we will hold your personal information for 12 months after we have made our recruitment decision. After this date we will destroy or delete your information. We keep de-personalised statistic information about applicants to develop our recruitment processes, but this does not contain any information that could be used to identify individual job applicants.
If you begin employment with us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us, we will keep this file according to our record retention guidelines. You can contact us to find out more about this.
7. Routine erasure and blocking of personal data
The controller processes and stores the data subject’s personal data only as long as necessary to achieve the purpose of storing the data. The data may be stored beyond that period where it is prescribed by European or national lawmakers in Union regulations, laws or other rules governing the controller.
Once the purpose of storing the data no longer applies or one of the storage periods required by the above regulations expires, the personal data will be blocked or erased as a matter of routine.
8. Rights of the data subject
Wherever your personal data is processed, you are a data subject as defined in GDPR and you have the following rights vis-à-vis the controller:
8.1 Right of access
You can ask the controller to confirm whether or not we process personal data concerning you.
If we do, you have the right to request the following information from the controller:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom your personal data has been or will be disclosed;
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in GDPR Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to know whether your personal data is being or has been transferred to a third country or an international organization. In this context, you have the right to be informed of the appropriate safeguards described in GDPR Article 46 relating to the transfer.
8.2 Right to rectification
You have the right to obtain from the controller the rectification and/or completion of processed personal data concerning you if the data is incorrect or incomplete. The controller must rectify the data without undue delay.
8.3 Right to restriction of processing
You have the right to obtain from the controller restriction of processing in any of the following circumstances:
- you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- the controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims; or
- you have objected to processing pursuant to GDPR Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the above requirements, you will be informed by the controller before the restriction of processing is lifted.
8.4 Right to erasure
9.4.1. You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based according to GDPR Article 6(1) point (a) or Article 9(2) point (a), and where there is no other legal ground for the processing;
- you object to the processing pursuant to Article GDPR 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Article 21(2);
- your personal data has been unlawfully processed;
- your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- your personal data has been collected in relation to the offer of information society services referred to in GDPR Article 8(1).
9.4.2. Where the controller has made your personal data public and is obligated pursuant to GDPR Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, such personal data.
9.4.3. The right to erasure does not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with GDPR Article 9(2) points (h) and (i) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article GDPR 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
8.5 Right to notification
If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller must communicate any rectification or erasure of personal data or restriction of processing to every recipient to whom the personal data has been disclosed, unless this proves impossible or impracticable.
The controller must inform you of these recipients if you request it.
8.6 Right to data portability
You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
- the processing is based on consent pursuant to GDPR Article 6(1) point (a) or Article 9(2) point (a) or on a contract pursuant to GDPR Article 6(1) point (b); and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this right.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on GDPR Article 6(1) point (e) or (f), including profiling based on those provisions.
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8.8 Right to withdraw consent to processing
You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
8.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
Such decisions must not be based on special categories of personal data referred to in GDPR Article 9(1), unless GDPR Article 9(2) point (a) or point (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (a) and (c), the data controller must implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
8.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged must inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to GDPR Article 78.
9. Sharing of data with third parties
This website uses Google Maps. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of the data collected automatically and the data you have entered by Google, one of its representatives or third-party providers.
This website uses IP anonymisation. The users’ IP address is truncated within the EU Member States and the European Economic Area. Once an IP address is truncated, it cannot be linked to a person. As part of the data processing agreement that the website operators have concluded with Google Inc., Google uses the collected information to evaluate the use of the website and website activity and to provide services related to internet use.
You have the option of preventing the storage of cookies on your device by configuring your browser settings accordingly. There is no guarantee that you will be able to use this website’s full functionality if your browser does not allow cookies.
You can also use a browser plugin to prevent the information collected by the cookies (including your IP address) from being sent to and used by Google Inc. The following link takes you to this plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Click here for more information on how Google Inc. uses data: https://support.google.com/analytics/answer/6004245?hl=en
Alternatively, you can prevent Google Analytics from collecting data about you within this website with a single click that downloads an opt-out cookie. Your browser must allow cookies to be set for this purpose. If you regularly delete cookies, you will need to click the link again each time you visit this website.
If you do not agree to the storage and analysis of this data from your visit, then you can object to its storage and use at any time at the following link: https://piwik.Auticon.de/index.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=&fontColor=&fontSize=&fontFamily=. In this case, an opt-out cookie is stored in your browser, which means that Piwik does not collect any session data. Attention: If you delete your cookies, the opt-out cookie will also be deleted and you may have to activate it again.
We use components of the provider facebook.com on our site. Facebook is a company of facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. Every time you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the facebook component. Through this process, facebook is informed about which specific page of our website is currently being visited.
If you access our site while logged in to facebook, facebook uses the information collected by the component to identify which specific page you are visiting and assigns this information to your personal account on facebook. For example, if you click the “I like” button or make comments, this information is transferred to your personal user account on facebook and stored there. Furthermore, the information that you have visited our site will be forwarded to facebook. This happens regardless of whether you click on the component or not.
If you want to prevent this transmission and storage of data about you and your behaviour on our website through facebook, you must log out of facebook before you visit our site. The data protection notices of facebook provide more detailed information, in particular on the collection and use of the data by facebook, on your rights in this regard and on the setting options for the protection of your privacy: https://www.facebook.com/about/privacy/
We use the “+1”-button of the provider Google+ of the company Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”.
Every time you visit our website, which is equipped with such a “+1” component, this component causes the browser you are using to download a corresponding representation of the component from Google. This process informs Google which specific page of our website is currently being visited.
According to Google’s information, any further evaluation of your visit will not be made if you are not logged in to your Google Account.
If you visit our site while logged in to Google, Google may collect information about the site you refer, your IP address and other browser-related information when you confirm the “+1” button on your Google account.
In this way, your “+1” recommendation can be saved and made publicly accessible. Your Google “+1” recommendation can then appear in Google services, such as search results or your Google Account, or elsewhere, such as web pages and ads, along with your account name and, if applicable, your Google photo. Furthermore, Google may link your visit to our site with your data stored on Google.
If you want to prevent the above-mentioned collection by Google in the best possible way, you must sign out of your Google Account before visiting our website.
Our website contains functions of Twitter Inc. 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. If you use Twitter and especially the “Re-Tweet” function, Twitter links your Twitter account to the websites you visit. This will be announced to other users on Twitter, especially to your followers. This is also the way to transfer data to Twitter.
We, as the provider of our website, are not informed by Twitter about the content of the transmitted data or the use of the data. You can find further information under the following link: http://twitter.com/privacy
Please note, however, that you can change your privacy settings on Twitter in your account settings there at http://twitter.com/account/settings
For the integration of videos we use the provider Vimeo. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.
On some of our websites we use plugins from the provider Vimeo. When you access the websites on our website that are provided with such a plugin – for example our media library – a connection to the Vimeo servers is established and the plugin is displayed. This will transmit to the Vimeo server which of our web pages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g. clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo account and deleting the corresponding Vimeo cookies before using our website.
The purpose and scope of data collection and the further processing and use of the data by Vimeo as well as your rights in this regard and the setting options for the protection of your privacy can be found in Vimeo’s data protection information: https://vimeo.com/privacy
We use YouTube on our website. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.
YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification according to the EU-US privacy shield (“EU-US Privacy Shield”)
Google and its subsidiary YouTube guarantee that the data protection regulations of the EU will also be observed when processing data in the USA.
We use YouTube in conjunction with the “Advanced Privacy Mode” feature to show you videos. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in improving the quality of our Internet presence. According to YouTube, the “Extended data protection mode” function means that the data specified below will only be transmitted to the YouTube server if you actually start a video.
This connection is required in order to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time as well as the website you visited. In addition, a connection to the Google advertising network “DoubleClick” is established.
If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies via your Internet browser on your terminal. If you do not agree to this processing, you have the option of preventing the storage of cookies by setting it in your Internet browser. You will find more detailed information on this under “Cookies” above.
Further information about the collection and use of data as well as your rights and protection options in this regard is held by Google in the databases listed under
https://policies.google.com/privacy retrievable data protection information.
10. Legal basis for processing
Where we obtain the data subject’s consent to the processing of personal data, the legal basis for such processing is the EU General Data Protection Regulation (GDPR) Article 6(1) point (a).
Where the processing of personal data is required for the performance of a contract to which the data subject is party, the legal basis for such processing is GDPR Article 6(1) point (b). This also includes processing activities required to perform steps prior to entering into a contract.
Where the processing of personal data is required for compliance with a legal obligation to which our company is subject, the legal basis for such processing is GDPR Article 6(1) point (c).
Where the processing of personal data is necessary to protect an interest which is essential for the life of the data subject or that of another natural person, the legal basis for such processing is GDPR Article 6(1) point (d).
Where the processing of personal data is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for such processing is GDPR Article 6(1) point (f). The legitimate interest of our company is the conduct of our business activities.
11. Period for which the personal data is stored
Personal data is stored for the duration of the applicable legal retention period. Once the retention period expires, the data is deleted as a matter of routine unless it is necessary for contract initiation or contract performance.