1. Controller and Data Protection Officer
This privacy notice explains how ADAC e.V. (club), ADAC SE (holding), ADAC Stiftung (foundation) and their respective subsidiaries, Hansastrasse 19, 80686 München/Germany, (collectively “ADAC”) as the controllers within the meaning of Art. 13 and 14 of the General Data Protection Regulation (hereinafter “GDPR”) will process the personal data of our contacts within the organisations of our customers, prospective customers, distribution partners, suppliers, service providers as well as cooperation and project partners (collectively “business partners”).
The contact data of ADAC’s data protection team are:
Datenschutz und Datensicherheit (DSS)
2. Categories of Data, Purposes, Legal Bases and Period of Storage
2.1. Categories of Data
The categories of personal data ADAC processes include, without limitation:
personal und contact information (e.g. last name, first name, business address, business phone number, mobile phone number, fax number, e-mail address, job title and position);
payment data such as information required to process payments or prevent fraud including credit card number and credit card verification number;
further information which is required to manage a project or business relationship with ADAC or which our counterparts volunteer concerning e.g. past orders or enquiries, proof of qualification or project details;
information obtained from publicly accessible sources, information databases or credit bureaus; and
where required in the framework of compliance screenings: information about relevant court proceedings or other litigation in which a business partner may be involved. Where required in the framework of compliance screenings: information about relevant court proceedings or other litigation in which a business partner may be involved.
In the framework of initiating, establishing and maintaining business or contractual relations, ADAC processes personal data for the purposes below:
communicating with business partners about products, services and projects e.g. in reply to queries;
planning, implementing and managing the (contractual) business relationship between ADAC and the business partner e.g. to handle product or service orders, collect payments, for bookkeeping, invoicing and recovery, and arranging for delivery;
conducting customer surveys, marketing campaigns, market analyses, sweepstakes, prize contests or similar activities and events;
preserving and protecting the security of our products and services and our web pages, preventing and exposing security risks, fraudulent activities, criminal or other acts aiming at causing damage;
complying with legal requirements (e.g. tax and commercial retention duties), the obligation of screening business partners for compliance (to fight white collar crime or money laundering) as well as ensuring compliance with ADAC policies; and
settling litigation, enforcing ongoing contracts and raising and defending legal claims.
2.3. Legal Bases
ADAC needs to process personal data to achieve the above purposes and to manage the (contractual) business relationships with our business partners. The legal basis for this processing of data is – unless expressly stated otherwise – Art. 6(1) b) and f), GDPR, or your express consent (Art. 6(1) a), GDPR).
If the mentioned personal data are not provided or if ADAC is unable to collect such data, we may be prevented from achieving one or all of the above purposes.
2.4. Duration of Storage
If no period of storage is mentioned when we collect your data, we will delete your personal data when they are no longer required to fulfil the purpose of recording, provided no legal record-keeping requirements apply (e.g. under commercial and/or tax law).
3. Transfer and Disclosure of Personal Data
ADAC may transfer personal data to other ADAC companies, provided this is required to achieve the above purposes.
Also, where this is legally admissible and required, ADAC may transfer personal data to courts, supervisory authorities or law firms to comply with applicable law or raise or defend legal claims.
Where ADAC cooperates with service partners (so-called processors) such as e.g. IT maintenance providers, the latter operate upon instruction of ADAC only and are required, on a contractual basis, to comply with the applicable data protection requirements as amended from time to time.
Where such service partners are located in countries outside the European Economic Area (“third countries”) the applicable law in such countries may not afford the same level of data protection than is the case in their country. In this case ADAC shall take measures to otherwise ensure appropriate and adequate safeguards for the protection of your personal data. No personal data shall be transferred to countries outside the EU/EEA unless the EU Commission granted an adequacy decision in respect of the relevant country or unless other adequate data protection guarantees pursuant to Art. 44 et seq., GDPR, are in place (e.g. execution of the EU standard contractual clauses).
If you have any questions, please contact the ADAC data protection team as specified in Clause 1 above.
4. Withdrawal of Consent
If you consented to the processing of your personal data, you can withdraw your consent with effect for the future at any time, i.e. the withdrawal will not affect the lawfulness of any processing done before the withdrawal. After such withdrawal, ADAC may continue to process personal data only if there is another legal basis for such processing. You may withdraw your consent by mail, fax or e-mail using any of the ADAC contact channels mentioned in Clause 1 above.
5. Rights of Data Subjects
You have the right to ask for information (Art. 15, GDPR), to have data corrected (Art. 16, GDPR), deleted (Art. 17, GDPR), to restrict the processing (Art. 18, GDPR), to data portability (Art. 20, GDPR), to withdraw any consent given und to object to the processing (Art. 21, GDPR).
If you would like to exercise any of your above rights, please contact the ADAC data protection team as specified in Clause 1 above. ADAC is committed to investigating and responding to any queries or complaints you may have.
In addition, you can contact the competent data protection supervisory authority at any time. The supervisory authority having jurisdiction over ADAC is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Since data processing by ADAC will be subject to changes, we reserve the right to amend our privacy notice accordingly from time to time.
Version: November 2020