1. General information
The protection of your personal rights during the processing of personal data is of the utmost concern to companies in MAN Group (hereinafter referred to as "MAN"). We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and in accordance with the legal regulations of the country in which the controller of the data processing is located.
Furthermore, MAN companies have undertaken to provide comprehensive and uniform protection of personal data through the implementation of a binding Group policy. Within MAN, this ensures a level of protection worldwide, which is comparable to that in Germany and the European Union.
Moreover, our employees are obliged to maintain confidentiality with regard to the handling of personal data.
b) Controller, contact person and information
The controller as defined by data protection law is the MAN company that processes your data as part of an existing or incipient contractual relationship.
In the event of questions relating to data protection, please contact the data protection officer/data protection coordinator at the MAN company with which you have or are initiating a contractual relationship.
The data protection officers/data protection coordinators at MAN are listed here.
2. Collection and processing of personal data
a) Purpose limitation and legal basis
MAN processes your personal data in order to execute and manage an existing or incipient contractual relationship with you. In this context, your personal data is processed for various purposes as part of a range of processing activities.
b) Data sources
As a rule, your personal data is collected directly from you as part of an existing or incipient contract relationship.
c) Obligation to provide data
You must provide to the controller the personal data required to execute the contractual relationship. If you do not provide this data, MAN cannot fulfil the relevant legal obligations and enter the contractual relationship.
d) Intended purpose of processing activities
An overview of the intended purpose of our processing activities is provided below:
Market analysis and identification of new customers
For example market analysis, trade fair appearances, websites, customer events, prize games, and other promotional campaigns.
For example sending magazines, newsletters and product brochures, and making apps available.
The product configurator, and the creation of product- and vehicle-specific service offerings, financing offerings, and rental offerings.
Filling in order forms, payment processes, payment options, delivery conditions, and compliance with statutory obligations, such as invoicing, bookkeeping and auditing, internal cost accounting, controlling (e.g. reimbursements, chargebacks, and offsetting), reporting (e.g. for data quality, management and planning purposes), reporting and planning of sales KPIs, and performing the claims management/dining process.
Optimization of production processes and vehicle quality
Recording vehicle data (e.g. plausibility checking and determining KPIs for the reduction of consumption and wear), recording service and maintenance data as well as error codes for error diagnosis and the prevention of errors, evaluating vehicle data regarding compliance with guarantee obligations, product liability (product recalls), analyzing vehicle data in order to improve quality in vehicle functions, and for product and service optimisation.
Recording and analyzing customer feedback (determining customer satisfaction)
Customer satisfaction surveys, and customer complaints management
After Sales marketing
Product and service training, and the making available of applications and EDP programs and apps
Planning and processing workshop orders
Facilitating repair services (agreeing appointments online).
Agreement for buyback, used vehicle market place.
Compliance with legal obligations
Compliance with retention obligations, ensuring that compliance requirements are met through checks (e.g. sanctions list checks and money laundering), operating an internal control system (ICS) and other monitoring systems for ensuring that business processes are in accordance with regulations.
The processed data can be classified into the following data categories:
- Professional contact and (work) organizational data
- IT usage data
- Private contact and identification data
- Data on personal/professional circumstances & characteristics
- Creditworthiness and bank data
- Contractual data
- Vehicle usage data with VIN/number plate – guarantee, warranty, product liability, safe vehicle operation
- Vehicle usage data with VIN/number plate – comfort settings, multimedia, navigation – data arising from vehicle use and which is linked with the VIN/number plate and concerns comfort settings, e.g. seat adjustment, preferred radio channel, air conditioning settings, navigation data, e-mail/SMS contact data, etc.
- Vehicle usage data with VIN/number plate – assistance systems, handling, etc. – data arising from vehicle use and which is linked with the VIN/number plate and concerns handling and/or the use of assistance systems and the associated concrete deployment data, etc.
- Position data
- Special category: image and video material
The aforementioned processing activities are justified by the following legal bases:
- Consent to one or more specified purposes (Art. 6(1)(a) GDPR)
- Fulfilment of the contract or contract initiation (Art. 6(1)(b) GDPR)
- Fulfilment of legal obligations (Art. 6(1)(c) GDPR)
- Balancing of interests (Art. 6(1)(f) GDPR)
- The existence of a relevant and appropriate relationship between the controller and the data subject
- Prevention of fraud
- Direct advertising
- Transfer of data within a corporate group for internal management purposes (including customer and employee data)
3. Transfer of personal data
In certain cases, your personal data may also be disclosed to other bodies:
If the disclosure of your personal data is necessary in order to execute or initiate the contractual relationship, such as in the event of financing for the object of the contract or in the event of shared order processing with project-specific partners (e.g. body manufacturers).
We will also disclose your personal data to service providers commissioned by us in the framework of order processing (e.g. organising trade fair events, running customer satisfaction surveys, sending e-mail newsletters, and hosting and operating CRM systems).
Your core data and contact details are disclosed in a centralised database for the purpose of ensuring a uniform and current data stock and for credit checking (other companies in Volkswagen Group are also able to access this database).
If you have consented, we may also disclose your core data and contact details as well as the offer and order data to affected contract workshops, dealers and free importers for the purpose of customer service, such as creating vehicle-specific service offerings or regional on-site support; we may also disclose such data and details to corresponding companies in Volkswagen Group in order to create rental or financing offerings.
If we are required to comply with country-specific legal requirements regarding the disclosure of your personal data, e.g. for transfer to financial authorities, courts, and auditors.
In order to ensure a high level of data privacy, data privacy contracts have been concluded with all companies in MAN and Volkswagen Group that receive data.
If we transfer personal data to affiliated companies or service providers outside the European Economic Area (EEA), the data transfer will only take place if the EU Commission has confirmed there is an adequate level of data privacy in the third country, or other adequate and sufficient data protection guarantees are in place (e.g. EU Standard Contractual Clauses or certification in accordance with the EU/US Privacy Shield).
4. Data storage and erasure
We erase your personal data as soon as it is no longer required for the purposes stated above.
Your personal data is stored for as long as we are required to do so by law, or for as long as statutory limitation periods apply. This regular arises due to legal obligations to provide proof and preserve records, governed by legislation including the Bürgerliches Gesetzbuch (BGB – German Civil Code), Handelsgesetzbuch (HGB – German Commercial Code), and the Abgabenordnung (AO – German Tax Code).
Beyond this, data is only saved if there are further statutory or contractual storage obligations to do so, such as in the context of product liability.
5. Your rights
You have the right to be informed about the data that relates to you, and the right to rectify your data. Provided that there are no statutory regulations to the contrary, you also have the right to erase your data and to object to the processing of your data, and the right to restrict the processing of your data. Furthermore, you have the right to data portability.
If we collect and process your personal data on the basis of your consent, you also have the right to revoke the consent you granted with effect for the future. The legality of the data processing carried out with your consent until you revoke it, remains unaffected by your withdrawal of consent.
If necessary, we need to verify your identity before we can process your requests.
If, in spite of our efforts to maintain accurate and up-to-date data, incorrect information has been saved, we will correct such information upon corresponding request.
In the event of complaints, there is the possibility to contact a data protection supervisory authority.
6. Automated decision-making
We do not perform automated individual decision-makings within the meaning of Art. 22 (1) & (4) of the GDPR.
MAN uses technical and organisational security measures to protect your data against accidental or premeditated manipulation, loss and destruction, and access by unauthorised persons.
Our security measures, such as data encryption, are regularly improved in accordance with technological development.