Data privacy notice

The following information is intended to provide you with an overview of how we process your personal data, and of your rights under data privacy law. The specific data processed and how we use that data is generally determined based on the services you request or agree to receive. Therefore, not all of this information will apply to you.

Who is responsible for data processing and whom can I contact?

The data controller for your personal data in the sense of data privacy law is always the DEKRA group company that makes a decision on the purpose and means of processing your personal data, either alone or alongside others. Typically, this is / these are the DEKRA group company / companies that has / have performed services for you, or that will perform services in the future.

Therefore, the responsible group parent company is

DEKRA SE,
headquartered in Stuttgart,
entered into the commercial register
of the District court of Stuttgart under HRB 734316.
Handwerkstr. 15, 70565 Stuttgart

You can contact our Group Data Protection Officer at:

Tel.: +49711/7861-2543
Email: Konzerndatenschutz@dekra.com

What sources do we use?

For what purpose do we process your data (purpose of processing) and on what legal basis?

We process your personal data in accordance with the provisions of the EU GDPR (General Data Privacy Regulation), the Federal Data Protection Act (BDSG), and all other relevant laws.

a. to fulfill contractual obligations (Art. 6 para. 1 b GDPR)

Data is processed to provide our services and carry out our agreements with our customers or to carry out pre-contractual measures upon request. The purposes of data processing are generally determined by the specific product [e.g. primary inspection, preparing expert opinions, performing other inspection services]. Further details on the purposes of data processing are available in the relevant contractual documents.

If necessary, we process your data to safeguard either our own legitimate interests or those of third parties beyond the scope of fulfilling our own contract. Examples:

Consulting and exchanging data with agencies to determine credit standing and default risks,
Reviewing and optimizing requirements analysis processes for the purpose of directly addressing customers,
Advertising or market and opinion research if you have not objected to the use of your data,
Asserting legal claims and defending against legal disputes,
Ensuring IT security and IT operations,
Preventing and clarifying criminal deeds,
Video monitoring for ensuring domiciliary rights, collecting proof in case of robberies and fraud,
Measures for building and equipment security (e.g. access control), measures to ensure domiciliary rights,
Measures related to business management and further developing services and products,
Risk controlling in the DEKRA Group.

c. based on your consent (Art. 6 para. 1 a GDPR)

If you have consented for us to process your personal data for specific purposes (e.g. transmission of data within the DEKRA group, evaluation of data for the purpose of a meeting, photos during events, sending a newsletter), the legality of this data processing is based on your consent. You may revoke any consent you have granted at any time. This also applies to revocations of declarations of consent granted to us before the GDPR came into effect on May 25th, 2018. Any revocations of consent shall have future effect and shall not affect the legality of data processed before the revocation.

d. based on legal specifications (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

In addition, we are also subject to a variety of legal obligations or statutory requirements (such as the Money Laundering Act, tax laws). The purposes of processing include, for instance [a credit worthiness review, identity check, prevention of fraud and money laundering, fulfilling tax law controlling and reporting obligations and assessing and controlling risks in the DEKRA Group.

Who will receive my data?

Will data be transmitted to a third country or international organization?

How long will my data be saved?

What data privacy rights do I have?

Am I obligated to provide data?

To what extent are automated decision-making processes used?

Do you use profiling?

Information on your right to object under Article 21 GDPR Individual right to object

Right to object against data processing for the purpose of direct advertisement

Recipient of an objection