Privacy Policy

Stand: 18 Mar 2021

We are delighted that you are interested in our website. We take the protection of personal information very seriously and pay close attention to this aspect in our online activities. The processing of your personal information by Brose takes place in compliance with statutory requirements and – if necessary – based on your consent. The most important statutory basis for this is the European General Data Protection Regulation (GDPR). We also comply with all other applicable data protection legislation, in particular Germany’s Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Telemedia Act (Telemediengesetz, TMG). In the following we would like to inform you in detail about the applicable legal requirements, particularly those of the GDPR, concerning the processing of your personal data when you visit our website.

1. Responsible party

You are on the website “brose.com”. Brose Fahrzeugteile GmbH & Co. Kommanditgesellschaft, Berlin (“Brose”), Sickingenstr. 29-38, 10553 Berlin, Germany is responsible (the “controller”) for data processing associated with your use of the website.

2. Surfing brose-ebike.com

For what purposes do we process your data?When you visit our website, your browser contacts our web server to retrieve the pages you wish to visit. You generally do not need to register or identify yourself to use this function. However, our server uses your IP address to allocate requests and responses, which could potentially be used to identify you. In particular, personal data such as your IP address is transmitted to our web server as part of an HTTP/S call. This connection data is processed by our web server to allow access to the website. In some cases form data may also be processed containing data you have entered. In addition, the respective HTTP/S calls are logged in a log file. We use this file for technical troubleshooting as well as to block and resolve attacks on our systems. We also utilize the already saved log files to create reports that we use to optimize our websites. The actual analysis is always anonymous, i.e. through a pooling of call data and thus it is no longer possible to use the data to identify a person.
On what legal basis do we process your data?The legal basis of any processing of your data that takes place depends on the specific purpose of your visit: - When you visit our website to initiate contracts or business relationships with us, the legal basis for the processing of your data is Art. 6 para. 1 (b) GDPR (initiation or performance of a contract). - Also, as a general rule, processing takes place based on our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. Our legitimate interest is to operate a website for general information and communication purposes as well as to present our company. Processing of log files takes place as a general rule based on our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. Our legitimate interest is to protect our plants and systems against attacks and, if necessary, to take legal action against attackers as well as to continue to develop our websites for commercial purposes.
Is there an obligation for you to provide your data and what happens if you choose not to?It is not possible to use this website or its forms without processing your connection or form data.
Is your data shared with anyone? Or, who participates in the processing of my data?As a general rule, processing is automatic. Our IT department has access to the log files. The competent internal departments use these files for the above mentioned purposes and, if necessary, the data is also transmitted to external recipients (in particular law enforcement agencies to prosecute attacks). Visitor logfiles are stored with our CDN service provider Akamai Technologies GmbH (Parkring 20 – 22, 85748 Garching, Germany).

The storage of the visitor log files for our subdomain www.finder.brose-ebike.com is done by the service provider Greenfinder UG (Industriestraße 78, 69245 Bammental).
How long is your data stored?The log files are stored for 14 days. All other data is deleted immediately after executing the HTTP/S call.

More information about privacy and the processing of your personal data by Akamai is available here .

3. Contact form, communication by email

For what purposes do we process your data?On our site we offer the possibility to contact us by email and/or via a contact form. In this case the information you provide is stored for the purpose of processing your contact request and for any follow-up questions. Whenever you contact us with a request or we contact you, we will naturally also process personal data such as your name, address, phone number and the contents of the communication for the purpose of exchanging information with you.
On what legal basis do we process your data?The processing of your data as part of communication via the contact form or by email takes place on the basis of Art. 6 para. 1 (b) GDPR, provided the exchange is in conjunction with the initiation or performance of a contract with you. For the remainder, the legal basis depends on the purpose of the exchange; Art. 6 para. 1 (f) GDPR (our legitimate interest, business correspondence or, for example, to answer requests related to data protection) will apply in most cases.
Is there an obligation for you to provide your data and what happens if you choose not to?You are not required to provide your data. However, communication by email or via the contact form is not possible without processing your personal data.
Is your data shared with anyone? Or, who participates in the processing of my data?We only share your data internally with the department that is responsible for your request. In some cases, it may also be forwarded to another Brose Group company.
How long is your data stored?Your personal data is deleted when it is no longer required for the exchange of information with you. In some cases the data may be held longer on the basis of Art. 6 para. 1 (c) GDPR in conjunction with the applicable statutory retention periods (in particular in accordance with trade, tax and revenue law). In the case of business correspondence, this is usually six (6) to ten (10) years after the end of the year in which it is received.

4. Cookies

Like virtually every other website, we use cookies and similar technologies. A cookie is a small text file consisting of letters and numbers that is stored on your device when you visit a website. A cookie contains information that is stored when you visit this website on your computer or mobile device for the duration of your visit (“session cookies”) or for a longer period of time (“permanent cookies”). When you visit pages on this website, our system – or another website that recognizes this cookie – can query the cookie. This makes it possible to distinguish your device from other devices when you visit our website. More specifically, these cookies or similar technologies make it possible to save your user preferences or credentials for the duration of your visit or until your next visit or, for example, to offer you shopping cart or application functions across multiple pages of our website. Moreover, we use specific cookies to collect information about how visitors use our website, e.g. which pages were visited and the duration of the visits. Pseudonymized user profiles may be created for this purpose.

We use the following cookies on our website, brose-ebike.com:

Plugins

We use cookies to determine whether you have agreed to the use of third-party plugins. In this case, data from these third-party providers is loaded directly when you visit the respective page and data (e.g. your IP address) and is transferred to these third parties. In the process, data may also be transferred to third countries that are considered to be “unsafe”. In these cases, we cannot guarantee that a level of data protection comparable to that of the EU will be upheld.

Statistics

We collect anonymized data for statistics and analysis to further improve our offer and our website. We use these cookies to determine the number of visitors to our site and optimize our content, for example.

If you have granted your consent

We will only use optional cookies with your prior consent (Art. 6 para. 1 (a) GDPR). When you visit our website for the first time, a banner will appear on our website asking you for your consent to the use of optional cookies. If you grant your consent, we will save a cookie to your computer and the banner will not be shown again until the cookie expires. Once the cookie expires, or if you actively delete the cookie beforehand, the banner will be displayed again the next time you visit our website to ask for your consent again. When you grant your consent, you also agree to the automatic transfer of data to third countries. These third countries could be countries that lack an adequate level of data protection, thereby making your data processing rights unenforceable, for instance.

How can you prevent the use of cookies?

Naturally, you may also use our website without cookies. You can configure the use of cookies or disable them completely at any time in your web browser’s settings. However, this may limit your ability to access certain features or make our offer less user-friendly to you. You may reject (as per Section 15 (3) TMG or Art. 21 para. 1 DSGVO) data processing and the use of cookies at any time with future effect or revoke your consent (as per Art. 7 Abs. 3 GDPR). You can adjust the individual settings for the use of cookies .

4.1. Technically required cookies

For what purposes do we process your data?We use Amazon Web Services (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA, 98109, USA) as a provider for the basic features of our website and we use the service provider salesforce.com Germany GmbH (Erika-Mann-Str. 31, 80636 Munich, Germany) to supply our dealer portal. These providers use technical cookies for delivery and acceleration. They contain anonymous/pseudonymous session data.
We use the cookie, “_2BCookieSettings” to save your cookie settings. This is required in order to retain your cookie settings for your next visit.
On what legal basis do we process your data?Data processing and the required storage of cookies takes place based on our legitimate interests as per Art. 6 para. 1 (f) GDPR. Our legitimate interests relate to the smooth and accelerated display of our web content on brose.com and thus serve our business interests to operate a website for general information and communication purposes as well as to present our company. Your cookie settings are stored in order to obtain the legally required consent to the use of cookies. The legal basis is Art. 6 para. 1 sentence 1 (c) GDPR.
Is your data shared with anyone? Or, who participates in the processing of my data?Your session data is shared with Amazon and Salesforce, where it is automatically processed on our behalf.
How long is your data stored?Your session data is stored by the cookies of Amazon and Salesforce only for the duration of your visit to the website and then automatically deleted (“session cookies”).
Is there an obligation for you to provide your data and what happens if you choose not to?It is not possible to use the website without processing this session data.

More information about privacy and the processing of your personal data by Amazon is available here .
More information about privacy and the processing of your personal data by Salesforce is available here .

4.2 Plugins/Cookies

For what purposes do we process your data?We use cookies to determine whether you have agreed to the use of third-party plugins. In this case, data from these third-party providers is loaded directly when you visit the respective page and data (e.g. your IP address) and is transferred to these third parties. In the process, data may also be transferred to third countries that are considered to be “unsafe”. In these cases, we cannot guarantee that a level of data protection comparable to that of the EU will be upheld.
On what legal basis do we process your data?Data processing and the required storage of cookies takes place based on your consent as per Art. 6 para. 1 (a) GDPR.
How long is your data stored?See table “Plugins/Cookies”

4.2.1 Google Maps plugin

Who is the controller for the Google Maps service?Our website uses a map service called “Google Maps”. We have marked Brose group locations on Google Maps and embedded this map on our website under “Company/Locations”. Controller under data privacy protection laws: Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). We have no access to the data that Google collects in the scope of this map service. Google is solely responsible for any data processing that takes place. Nevertheless, in order to be as transparent as possible, we would like to provide you with some information on how data is processed in connection with the Google Maps service. For more information, please see Google’s privacy statement at policies.google.com/privacy.
What is the purpose of the Google Maps service?We have marked the location of the Brose Group on Google Maps and embedded this map on our website under “Company/Locations” in order to enable visitors to find our locations quickly and to make our website as appealing as possible.
On what legal basis do we process your data?Before our website establishes contact with Google Maps, we obtain your consent pursuant to Art. 6 para.1 (a) GDPR. This consent is granted either by agreeing to our request to store the cookie “dsgvo_googlemaps_confirmed” or by clicking on the embedded map.
Is there an obligation for you to provide your personal data and what happens if you choose not to?You are not required to provide your personal data. However, if your personal data cannot be processed, you will not be able to use our website brose.com or the embedded Google Maps service.
Is your data shared with anyone? Or, who participates in the processing of my data?We do not have any access to your personal data in connection with the Google Maps service, and we do not share any information with third parties. For more information on how Google, the controller, may share your personal data, please see Google’s privacy statement at policies.google.com/privacy.
Is your data shared with a third country or an international organization?We will not transmit the personal data you share in connection with the Google Maps services with a third country or international organization. If the Google Maps service connects with the servers of Google, the controller, and your personal information is transmitted in the process, then further information on this is available in Google’s privacy statement at policies.google.com/privacy.
How long is your data stored?We do not store any personal data in connection with the Google Maps service. For more information on how Google, the controller, may store your personal data, please see Google’s privacy statement at policies.google.com/privacy.

4.2.2 Brightcove plugin

For what purposes is Brightcove used and which data is collected?We use videos to present our company and our products. They are stored on the servers of Brightcove, Inc. (290 Congress Street, 4th Floor, Boston, MA 02210, USA) to accelerate delivery. Usage data (server log files) is stored at Brightcove when the videos are delivered.
On what legal basis do we process your data?Before our website establishes contact with Brightcove, we obtain your consent pursuant to Art. 6 para.1 (a) GDPR. This consent is granted either by agreeing to our request to store the cookie "dsgvo_brightcove_confirmed” or by clicking on the embedded video.
Is there an obligation for you to provide your personal data and what happens if you choose not to?You are not required to provide your personal data. However, if your personal data cannot be processed, you will not be able to watch videos on brose.com.
Is your data shared with anyone? Or, who participates in the processing of my data?The usage data outlined above is shared with Brightcove in order to deliver video content.
Is your data shared with a third country or an international organization?Brightcove is a group of companies that operates internationally. By consenting to the use of Brightcove, you also consent to the transfer of your usage data to third countries.
How long is your data stored?Usage data on Brightcove’s servers is automatically deleted after 42 days.

More information about privacy and the processing of your personal data by Brightcove is available here .

4.3 Statistics/Cookies

For what purposes do we process your data?We use the “etracker” service, which enables data traffic analysis for our website (web analytics). This helps us continuously improve the information and the design of our website. We use etracker for various purposes such as to analyse which sections and subpages of our website were visited – and how often and for how long – and where our users come from (other websites). etracker GmbH (Erste Brunnenstraße 1, 20459 Hamburg, Germany) processes different usage data for this purpose and assigns an anonymous identifier to it. Additionally, certain information of the operator of website from which you came to us (in particular the URL of the previous page, any related search engine, any related search terms) may be processed. This usage data is used to create non-personalized reports on the use of our website.
On what legal basis do we process your data?Data processing and the required storage of cookies takes place based on your consent as per Art. 6 para. 1 (a) GDPR.
Is your data shared with anyone? Or, who participates in the processing of my data?Your usage data is shared with etracker GmbH, where it is automatically processed on our behalf. In principle, analysis options are used only internally by our IT and marketing department.
How long is your data stored?See table “Statistics/Cookies”

5. Data Security

We secure our website and other systems with up-to-date technical and organizational measures to prevent your data from being lost, destroyed, accessed, modified or disseminated by unauthorized persons. When sending personal data, we make use of encryption technology to ensure extremely high levels of confidentiality. Our servers use various security mechanisms and permission processes to make unauthorized access difficult. You should keep your access information secret at all times and close your browser window once you have finished communicating with Brose. This will ensure that no one apart from you can access your personal data if you share your computer with other people.

6. Your rights

If our company processes your personal data you have the following rights within the respective legal scope: - Right of access, especially to obtain information from the controller concerning the personal data its stores and how it is processed (Art. 15 GDPR),
- Right to rectification of inaccurate or incomplete data (Art. 16 GDPR),
- Right to erasure, e.g. of unlawfully processed or no longer necessary data (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to data portability, provided the processing takes place based on consent or to perform a contract or by means of an automated process (Art. 20 GDPR).
- Right to object the processing, in particular if this takes place to safeguard the legitimate interests of the controller (Art. 21 GDPR) and If the processing is based on consent that you have provided (Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR), you have the right to revoke your consent at any time. This shall not affect the lawfulness of processing carried out on the basis of consent prior to your revocation. In addition, you have the option of sending a complaint - to our data protection officer Thomas Grimm, Max-Brose-Straße 1, 96450 Coburg, Germany, email: datenschutz@brose.com
and
- the competent regulatory agencies. For Brose Fahrzeugteile GmbH & Co. Kommanditgesellschaft, Coburg this is the Berlin Commissioner for Data Protection and Freedom of Information, An der Urania 4-10, 10787 Berlin, phone: 030 13889 – 0.

7. Privacy policy for presence on social media

Data processing by social media networks

Brose operates publicly accessible profiles on social media networks. You will find detailed information on the social media networks we use below. Social media networks such as Facebook or Twitter can generally begin detailed analysis of your user behaviour as soon as you visit their website or a website with embedded social media content (e.g. “like” buttons or advertising banners). Visiting our social media sites also triggers a range of data privacy-related processing operations.

Specifically: If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. However, in certain circumstances your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In such cases, data is collected by obtaining your IP address or via cookies that are stored to your device. Data collected in this way enables social media portal operators to create user profiles where your preferences and interests are saved. This allows providers to show you advertising that is based on your interests both within and outside of the respective social media presence. If you have an account with the respective social media network, then interest-based advertisements can be displayed on all of the devices on which you are or were logged in. In addition, please note that we cannot track all processing operations performed on the various social media portals. This means that, depending on the provider, social media portal operators may also process your data in other ways. For more details, please refer to the terms of use and data privacy policies of the respective social media portals.

Legal basis

Our social media presence is designed to ensure the broadest possible presence on the Internet. This represents a legitimate interest in the sense of Art. 6 (1) lit (f) GDPR. The analysis processes initiated by social networks may have different legal bases, which must be stipulated by the social media network operators (e.g. consent in the sense of Art. 6 para. 1 (a) GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. In general, you may assert your rights (right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability) both vis-à-vis Brose and vis-à-vis the operator of the respective social media portal (e.g. Facebook). Please note that, despite the joint responsibility we share with the social media portal operators, we do not have full influence over the data processing operations of these social media portals. Our options are largely determined by the corporate policy of the respective provider. If you have any questions, please contact us at datenschutz@brose.com.

Storage period

We delete the data we collect directly via our social media presence as soon as the purpose for storing it no longer exists, you request that we erase it, you revoke your consent to store it or the purpose for storing data no longer exists. Stored cookies remain on your device until you delete them. Any statutory provisions, in particular those regarding data retention periods, remain unaffected by this provision. We have no influence on how long social media network operators store your data for their own purposes. For more details, please refer directly to the respective social media portals (e.g. their data privacy policies).

Social networks in detail

Facebook
We have a profile on Facebook, which is provided by Facebook, Inc., 1 Hacker Way, Menlo Park, California, 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded an agreement (Controller Addendum) with Facebook that governs joint responsibility for data processing. This agreement stipulates the data processing operations for which we or Facebook are responsible when you visit our Facebook Fan Page. You can view this agreement via the following link:
https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in:
https://www.facebook.com/settings?tab=ads
See Facebook’s privacy policy for details:
https://www.facebook.com/about/privacy/

Twitter
We use the microblogging and social networking service Twitter, which is provided by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified under the EU-US Privacy Shield.
You can adjust your Twitter privacy settings independently in your user account. To do this, click on the following link and log in:
https://twitter.com/personalization
See Twitter’s privacy policy for details:
https://twitter.com/privacy

Instagram
We have a profile on Instagram, which is provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please see Instagram’s privacy policy:
https://help.instagram.com/519522125107875

YouTube
We have a profile on YouTube, which is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. For details on how they handle your personal data, please see YouTube’s privacy policy:
https://policies.google.com/privacy