We manage our web sites in accordance with the principles set out below:
We undertake to comply with statutory data protection regulations and endeavour always to take into account the principles of data avoidance and data minimisation.
1. Name and address of the controller and the Data Protection Officer
The controller, within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other statutory data protection regulations, is:
Auto Export Corporation Inc.
Managing Director: Andrew Pilsworth
24 Commerce Place, St. Catharines
Ontario, Canada, L2S OB3
Phone: +1 905.988.9905
Fax: +1 905.988.9905
The Date Protection Officer of the controller is
We have designed our Privacy Statement in accordance with the principles of clarity and transparency. However, should there be any ambiguity regarding the use of various terms, the corresponding definitions can be found here.
3. Legal basis for processing personal data
We process your personal data – such as your first and last names, your e-mail address, IP address, etc. – only if there is a legal basis for doing so. The following rules, in particular, come into consideration here, in accordance with the General Data Protection Regulation (GDPR):
Art. 6 (1) (a) GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Art. 6 (1) (b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Art. 6 (1) (c) GDPR: Processing is necessary for compliance with a legal obligation to which the Controller is subject
Art. 6 (1) (d) GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person
Art. 6 (1) (e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller
Art. 6 (1) (f) GDPR: Processing is necessary for the purpose of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
However, we also inform you in each case, at the appropriate points in this Privacy Statement, of the legal basis on which your personal data are processed.
4. Transfer of personal data
Where personal data are disclosed, processing is also carried out within the meaning of point 3, above. At this point, however, we would like to inform you separately about disclosure of data to third parties. The protection of your personal data is particularly important to us. For this reason, we are especially careful when disclosing your data to third parties.
Data is only disclosed to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies acting as Processors on our behalf, pursuant to Art. 28 GDPR. A Processor is anyone who processes personal data on our behalf, i.e. under our instruction and control.
In accordance with the requirements of the GDPR, we conclude a contract with each of our Processors in order to ensure that they comply with data protection regulations, thus providing comprehensive protection for your data.
5. Storage period and erasure
We store all personal data which you provide to us only for as long as they are required for the purposes for which they were transferred to us, or for as long as required by law. Once the purpose has been achieved, or upon expiry of the statutory storage periods, we will erase or restrict the data.
6. SSL encryption
This site uses SSL encryption for security reasons and to safeguard the transfer of confidential content, such as any requests you send to us as the operators of the site. An encrypted connection may be identified by the change in the address from “http://” to “https://” and by the padlock symbol in your browser’s address bar.
With SSL encryption activated, the data which you transfer to us cannot be read by third parties.
7. Collection and storage of personal data, their type and intended purpose
a) When visiting the website
When you access our website, information is automatically sent to our web server by the browser being used on your client device. This information is stored temporarily in what is known as a log file. The following information is recorded without any action on your part and stored until it is automatically erased:
• The IP address of the computer making the request
• The date and time of access
• The name and URL of the requested file
• The website from which the site is accessed (referrer URL)
• The browser used and, if applicable, your computer’s operating system and the name of your access provider
The above-referenced data are processed by us for the following purposes:
• To ensure a smooth connection to the website
• To ensure that our website is convenient to use
• Evaluation of system security and stability
Data which permit your identification as a person, such as the IP address, will be deleted after 7 days at the latest. Any data stored by us beyond this period will be pseudonymised, so that they can no longer be associated with you.
The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interest derives from the data collection purposes referenced above. Under no circumstances do we use the data collected for the purpose of identifying you as a person.
Content of the newsletter and registration data
We will only send you a newsletter if you have ordered this from us and provided your consent in accordance with Art. 6 (1) (a) GDPR. The contents of the newsletter are specifically described during registration. To register for a newsletter, it is sufficient to give your e-mail address. If you choose to provide additional data, such as your name and/or sex, these will be used solely to personalise the newsletter we send you.
Double-Opt-In and Logging
For security reasons, we use the so-called Double-Opt-In procedure for the registration to our newsletter, so that nobody can register with foreign email addresses. Therefore you will receive an email after your registration to our newsletter with the request to confirm your registration. Only after the confirmation of your registration will it become effective.
Furthermore, your registration for the newsletter is logged. The logging includes the storage of the time of registration and confirmation, your given data and your IP address. If you make changes to your data, these changes are also logged.
Withdrawal of consent
If you no longer wish to receive the newsletter, you may withdraw your consent at any time with future effect. To do this, you can click on the unsubscribe link at the end of each newsletter, or send us an e-mail at the following e-mail address: firstname.lastname@example.org
The withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.
Use of Campaign Monitor
We send out our newsletter using the “Campaign Monitor” newsletter service, operated by Campaign Monitor Pty Ltd (404/3-5 Stapleton Ave, Sutherland NSW 2232, Sydney, Australia).
Campaign Monitor provides extensive options for analysing how the newsletters are opened and used. These analyses are group-based and are not used by us to evaluate individual newsletter recipients.
According to their own information, Campaign Monitor may also use these data in pseudonymised form – i.e. without any association with a user – to optimise or improve its own services, e.g. for technical optimisation of dispatch and presentation of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the dispatch service provider does not use the data from our newsletter recipients to approach them directly, nor does it disclose the data to third parties.
Campaign Monitor’s Privacy Notice is available here: [http://www.campaignmonitor.com/privacy].
Statistical surveys and analyses
Newsletters sent out via Campaign Monitor contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved by the dispatch service provider’s server when the newsletter is opened. When it is retrieved, technical information is collected, such as details of your browser and operating system, as well as your IP address and the time of retrieval.
This information is used for technical improvement of the services with the aid of the technical data or the target groups and their reading habits, using their access locations (which can be identified from the IP addresses) or access times.
The statistical data collected also includes a confirmation of whether and when newsletters are opened and which links are clicked. For technical reasons, this information may be associated with individual newsletter recipients. However, it is not our aim, nor that of Campaign Monitor, to monitor individual users. Rather, the evaluations are used to identify patterns in our users’ reading habits and to adapt our content accordingly, or to send out different content according to the interests of our users.
Use of the Campaign Monitor newsletter service, performance of statistical surveys and analyses and logging of the registration process are based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our main focus is on using a user-friendly and secure newsletter system that both serves our business interests and meets the expectations of our users.
c) Google Fonts
We use Google Fonts on our website. This allows us to display fonts there. Google Fonts is a service of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland). Integration of these web fonts into our website is done by accessing a server, usually a Google server in the United States. This may result in the following being transferred to that server and stored by Google:
• Name and version of the browser used
• Website that triggered the request (referrer URL)
• Operating system of your computer
• Screen resolution of your computer
• IP address of the requesting computer
• Language settings of the browser or operating system used by the user
The use of Google Fonts is intended to make it easier to read and view our website and achieve more pleasing graphic design, and is thus based on our legitimate interests under Art. 6 (1) (f) GDPR.
Data processed via cookies are required for the aforementioned purposes for the protection of our legitimate interests and those of third parties, in accordance with Art. 6 (1) (f) GDPR.
Most browsers automatically accept cookies based on their settings. However, you can configure your browser either so that no cookies are stored on your client device, or at least so that a message is displayed before a new cookie is stored. If you completely deactivate the cookie feature in your browser, you may not be able to use all the features of our website.
Details of the various types of cookies that we use are as follows:
In order to make your use of our range of services more enjoyable, we use what are known as “session cookies”, to recognise that you have already visited individual pages on our website.
These session cookies are automatically deleted after you have left our site.
These temporary cookies are stored on your client device for a specified period of time.
These cookies are automatically deleted after a specified period of time.
9. Analysis and tracking tools
On our website, we use the analysis and tracking tools listed below. The purpose of these is to ensure ongoing optimisation of our website and to tailor it to the needs of customers.
These interests are lawful within the meaning of Art. 6 (1) (f) GDPR. The purposes of the data processing and the categories of data are stated in the corresponding tools.
On our website we use Google Analytics (https://www.google.de/ intl/de/about/), a web analytics service from Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland).
• the name and version of the browser used
• your computer’s operating system
• the website from which the page was accessed (Referrer URL)
• the IP address of the computer submitting the request
• the time of the server request
Is normally transferred to a Google server in the United States and stored there.
However, because we have activated anonymisation on our website, Google performs prior truncation of your IP address within European Union Member States or other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and truncated there.
Google will use this information on our behalf for the purpose of evaluating your use of the website, in order to reports on website activity and to provide other services relating to website and internet usage to us. The IP address transferred by your browser via Google Analytics will not be combined with other Google data.
You can prevent the storage of cookies by using the appropriate settings in your browser software. However, please note that if you do this, you may not be able to make full use of all the features of this website.
You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
10. Video integration
Our website uses the YouTube plugin, operated by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA).
If you activate the YouTube plugin during your visit to our site, a connection is established to the YouTube servers, and the YouTube server is informed about which of our pages you have visited. In this way, YouTube can associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account before visiting our site.
The legal basis derives from Art. 6 (1) (b) GDPR. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR.
11. Rights of the data subject
You shall have the following rights:
a) Right of access
Pursuant to Art. 15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:
• The purposes of the processing
• The categories of the personal data concerned
• The recipients or categories of recipient to whom your data have been or will be disclosed
• The envisaged data storage period, or at least the criteria used to determine that period
• The existence of the right to rectification, erasure, restriction of processing or objection
• The existence of the right to lodge a complaint with a supervisory authority
• The source of your personal data, where they were not collected by us
• The existence of automated decision-making, including profiling, and, where appropriate, meaningful information about the logic involved.
b) Right to rectification
In accordance with Art. 16 GDPR, you shall have the right to request the prompt rectification of inaccurate or incomplete personal data stored by us.
c) Right to erasure
In accordance with Art. 17 GDPR, you shall have the right to request prompt erasure of your personal data stored by us, unless further processing is required for one of the following reasons:
those data are no longer necessary for the purposes for which they were collected
To exercise the right of freedom of expression and information;
For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR.
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the right referenced in a) is likely to render impossible or seriously impair the achievement of the objectives of that data processing, or
For the establishment, exercise or defence of legal claims.
d) Right to restriction of processing
Pursuant to Art. 18 GDPR, you may request the restriction of processing of your personal data, for one of the following reasons:
You contest the accuracy of your personal data.
The processing is unlawful and you oppose the erasure of your personal data.
We no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
You object to processing pursuant to Art. 21 (1) GDPR.
e) Notification obligation
If you have requested rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18,
we will notify all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.
f) Right to data portability
You shall have the right to obtain the personal data which you have provided to us in a structured, commonly used and machine-readable format.
You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) or for the performance of a contract pursuant to Art. 6 (1) (b) GDPR.
g) Right to withdraw consent
Pursuant to Art. 7 (3) GDPR, you shall have the right at any time to withdraw consent previously granted to us by you. The withdrawal of consent shall not affect the lawfulness of processing carried out based on that consent before its withdrawal.
We may carry out no further processing based on the withdrawal of your consent.
h) Right to lodge a complaint
Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.
i) Right to object
Where your personal data are processed based on legitimate interests pursuant to Art. 6 (1) (f) GDPR, you shall have the right pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right of objection which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an e-mail to email@example.com
j) Automatic individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:
a) is necessary for entering into, or performance of, a contract between you and us,
b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
c) is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in a) and c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.
12. Amendment of the Privacy Statement
If we amend the Privacy Statement, this will be indicated on the homepage.
Version of 10/06/2020