AXA Mobility Services Ltd., Hölzliwisenstrasse 11 8604 Volketswil
Head office: General Guisan-Strasse 40, 8400 Winterthur (upto@axa.ch).

This includes, for example, first and last name, gender, date of birth, age, marital status, language, address or language preferences, nationality, telephone number, e-mail address, customer history, powers of attorney, signature authorisations, declarations of consent

1.2.2.1 In general

This is data that arises in connection with the conclusion or processing of a contract, including, for example, the data required to create an online account, the contract number, type, scope and location of AMS services, prices/costs/rental fees, contract duration, vehicles, licence plates, telematics data (see b below), subscriptions/unsubscriptions to newsletters, complaints, differences regarding services or the respective contracts concluded.

1.2.2.2 In particolare i dati telematici

a) AMS has installed a telematics system in all vehicles or receives this data from an external service provider via the vehicle manufacturer, without a system being installed in the vehicle .

b) The provider of the telematics systems (hereinafter “telematics system provider”) only collects, stores and processes data for the following purposes:

• Fornitura e ulteriore sviluppo del servizio garantendo un’elevata qualità,
• Sicurezza delle operazioni e delle infrastrutture
• Elaborazione del contratto, mantenimento del rapporto con il cliente e fatturazione.

c) The customer acknowledges and expressly agrees that the collection, storage and processing of personal data and the vehicle associated with the service (hereinafter referred to as “data”) by contracted third parties is necessary for the provision of the services by AMS. Such collection, storage and processing includes the following categories:

1. Data in connection with the data connections and data volumes made via SIM card.
2. Data collected during registration (title, first name/last name, e-mail address, telephone number, address, vehicle identification number (VIN number).
3. Vehicle data (GPS position of the vehicle, Driving behaviour of the person driving the vehicle such as deviations in speed, sharp bends, abrupt acceleration and braking, etc.).
4. Journey data (information on journeys made, such as start and end point, journey length, time travelled, etc.).
5. Vehicle error messages (engine faults, DTC codes, etc.).
6. Other vehicle data (tank level, mileage, battery status, vehicle model, mass and weight, etc.).
7. Information about the adapter (IMEI, serial number, hardware version, signal strength, etc.).
8. Information about the mobile device used (device ID, manufacturer, type and version of the operating system, language, version of the app, etc.).
9. Other data (including contract data, customer activity data such as information on the purchase of data packages and use of the customer account, analyses, etc.).

d) The customer expressly agrees that the telematics system provider:

1. stores and processes the data in Switzerland and other EU countries or has it stored and processed by third parties;uses the data for the provision of AMS services and passes it on to its service partners.

e) The collection, storage and processing of the data transmitted via the SIM card integrated in the adapter begins as soon as the service is activated. It ends when it is removed. For telematics system providers who do not use an adapter, the collection, storage and processing of data begins at the start of the contract and ends accordingly when the contract ends.

f) The telematics system provider reserves the right to assert the restrictions provided for by law, for example if it is obliged to store or process certain personal data, has an overriding interest in doing so or needs it to assert claims. The exercise of the aforementioned rights may conflict with contractual agreements between AMS and the client (e.g. regarding the provision of services) and may have consequences (e.g. premature cancellation of the contract or costs). In such cases, AMS shall inform the customer in advance.

This includes information about personal behaviour, e.g. how the AMS website, www.upto.ch, and related services (hereinafter “Website”) are used, as well as data about personal preferences and interests (namely which services the customer purchases from AMS, where and to what extent).

This includes, for example, creditworthiness, payment details, tax identification number, incoming and outstanding payments, reminders, credit balances.

This includes, for example, reports on vehicle accidents (with and without personal injury or property damage, third-party damage), clarification reports, invoice documents, data on legal disputes, etc.

This is data that relates to the physical or mental health of a natural person and from which information about the state of health is derived. This includes, for example, diagnoses, medical reports, notifications of illnesses and other physical or mental impairments.

This includes, for example, data on religious, ideological, political or trade union views or activities, data on health, privacy or racial or ethnic origin, genetic data, biometric data that uniquely identifies a natural person, data on administrative and criminal prosecutions or sanctions, and data on social assistance measures.

This includes, for example, IP addresses, cookies (see section 2.2. Cookies and similar technologies), metadata, logs in which the use of our systems is recorded, IP packets and other technical identification data, data in connection with online/telephone communication.

We process personal data that you provide to us or that we lawfully receive from AXA Group companies, partners or other third parties for the purposes and underlying objectives listed below or agreed with them. If a legal relationship subject to the GDPR exists, the stated legal basis applies (see also section 1.3.9 Legal basis under the GDPR). Further information can be found in Part 2 (Use of the website).

We process your data in the course of your requested services and products, pre-contractual clarifications, as well as the conclusion, processing, administration and possible termination of the contract for the respective services or products. The contract cannot be concluded without your data.

Your consent may be required under certain circumstances if, as an exception, data requiring special protection, such as health data in connection with traffic accidents, etc., must be processed as part of contract fulfilment. In this case, we process this data exclusively on the basis of your consent for the purpose of contract fulfilment.

If necessary for the fulfilment of the contract, we disclose the data – limited to what is absolutely necessary – to cooperation partners, insurance companies, partner companies, brokers, service providers, pledgees, debt collection companies, authorities and/or external experts.

Data processing is permitted on the basis of the services and products you have requested, even in the event that no contract is subsequently concluded. If, in exceptional cases, we collect particularly sensitive personal data, such as health data, we can base the processing of such data on your express consent. The statutory retention periods pursuant to 1.7 apply.

Insofar as insurance benefits are part of the relevant service or product purchased by you, these are not provided by AMS, but by the respective insurance company. The insurance benefits can be found in the data protection provisions of the respective insurance company. The data protection provisions of the AXA Group, which can be viewed at https://www.axa.ch/en/information/data-protection.html, apply to AXA insurance companies.

We process your data in order to fulfil regulatory and legal obligations and to ensure that laws, guidelines, specifications and internal directives are complied with.

For example, we process your data for legally required reports to authorities that serve to prevent, detect or clarify criminal offences or other violations. This includes, among other things, the duty to disclose, inform or report in connection with supervisory and tax obligations.

Your data is also regularly checked with regard to negative reporting and compared with data from the sanctions lists of the United Nations, the European Union, the Swiss State Secretariat for Economic Affairs, the UK Department of Finance and Economic Affairs and the US Office of Foreign Assets Control (OFAC).

For individual reviews that require specialised technical know-how or extended expertise, we may call in cooperation partners or other third parties to assess and/or process the case. In addition, as part of the AXA Group, we are obliged to report certain serious compliance or security incidents to the AXA Group or to share them with the responsible Group teams.

Processing is permitted on the basis of legal requirements. The legal obligations may relate to Swiss law on the one hand, but also to foreign regulations to which AXA is subject on the other. We also include industry standards, self-regulatory provisions, provisions relating to our own corporate governance and official instructions and requests.

The data must be stored for at least 10 years. Your data will be deleted after the corresponding retention periods have expired.

We process your data for customer surveys and for marketing purposes in order to inform you about our products and services. Marketing purposes are understood to mean all activities of AMS with which customers can be acquired or existing customer relationships expanded.

For example, we use your behavioural, preference and contract data for analyses in order to further develop existing products, offer them to you and develop new AMS products and services.

In order to address existing and potential customers with marketing measures that may be of particular interest to them, we process personal information and contact details as well as other data that helps us to determine or personalise the target group and the content of marketing communications. This also includes data from interactions with us, e.g. regarding user behaviour on our website (see Part 2. Use of the website), as well as data from other public sources.

We can also create personality profiles about you and divide you into so-called advertising groups for individualised and targeted advertising, to make offers and to better meet your needs.

We do not use any particularly sensitive personal data for your personal profile. Certain marketing measures may be carried out by processors and co-operation partners commissioned by us, joint controllers or other third parties or in co-operation with them.

You can object to direct marketing and personalised advertising at any time in accordance with section 1.8.7. The objection can be made using technical tools (cookie banners, settings) and by notifying us using the contact details given under 1.1.1.

Data processing is based on consent or our overriding legitimate interest in providing you with targeted information about our products and services that may be of interest to you.

We process your data for general and product or service-specific statistical surveys, for risk management and for market research purposes.

For example, we use your customer and usage data for the development of our conditions and prices or generally for the further development of our products and services, in particular in the area of artificial intelligence.

We use market and opinion research to further develop our existing products and services (including our website) and to identify needs and wishes in order to create an optimised offering. To do this, we use your contact, contract and customer data and analyse, for example, how you navigate through our website or which products are used by which groups of people and in what way.

This gives us an indication of the market acceptance of existing products and services and the market potential of new products and services. We also use information from customer surveys, polls and studies as well as other data, e.g. from the media, social media, the internet and other public sources. In this context, we may also obtain data from third parties or cooperation partners.

Where possible, we use anonymised data for our surveys or anonymise or pseudonymise the data in the course of the statistical process.

In certain cases of statistical or scientific surveys or research work, we receive data from third parties and merge it with our data. In addition, data may be disclosed to contract processors, co-operation partners, joint controllers or other third parties for the stated purpose. The data disclosed will be processed by the respective company for a specific purpose.

Data processing is permitted on the basis of our overriding legitimate interest, which consists of improving our products, services and internal processes.

When you apply for an open position with us, we process your data in order to carry out the application process. Without this data, we will not be able to assess your application and decide whether you are suitable for the position in question.

For example, we use your contact details to arrange appointments with you. We collect personal information, such as that contained in your CV, and process data from job references or training certificates. In addition to this absolutely necessary data, you have the option of providing us with additional information for the application process. We use the data provided to us to assess the application and make a decision.

Your application data will only be shared with persons involved in the application process, such as recruiting managers or supervisors. In addition, your data may be disclosed to authorities if there is a corresponding legal obligation to disclose it.

Processing is permitted in the context of recruitment. The data will generally be deleted 6 months after the end of the application process.

If your application is followed by the conclusion of an employment contract, the data will continue to be stored and used for the usual organisational and administrative process and for the implementation of the employment relationship. Further details are set out in your employment contract documents.

We also process your data for other purposes, e.g. as part of our internal processes, for administrative purposes, for training and for quality assurance, to protect customers, employees and other persons, and to protect the data, secrets and assets of AMS or those entrusted to AMS.

Data processing is permitted on the basis of our overriding legitimate interest, which consists in the sensible management and development of the company.

Insofar as the GDPR applies, we rely on the following legal bases:

1. Initiation or performance of a contract
2. Existence of a legal basis
3. Consent by you or a person authorised by you
4. Overriding or legitimate interests of AXA, which are, for example 
   • Efficient and effective protection of clients, employees and other persons as well as protection of AMS data, secrets and assets or those data, secrets and assets that have been entrusted to AMS
   • Maintaining and securely organising business operations, including the safe, efficient and effective operation and successful development of the website and other IT systems
   • Efficient and effective customer service, contact management and other communication with customers, also outside of contract processing
   • Sensible corporate management and development
   • Understanding customer behaviour, activities, preferences and needs, market studies
   • Efficient and effective improvement of existing products and services and development of new products and services
   • Realisation of advertising and marketing measures
   • Successful sale or purchase of business divisions, companies or parts of companies and other transactions under company law
   • Prevention of fraud, misdemeanours and crimes as well as investigations in connection with such offences and other inappropriate conduct, handling of legal complaints and action against the AMS
   • Participation in legal proceedings and cooperation with authorities as well as other assertion, exercise or defence of legal claims.

Personal data is primarily collected directly from you (e.g. counselling interview, online or application forms).

If you wish to purchase products or services on behalf of another person (family members, etc.) or provide us with personal data of others, please ensure that these persons are aware of our data protection information. Only provide us with correct data and ensure that you are authorised to disclose the data to us.

In certain cases, we collect your data from third parties or receive your data from third parties or public authorities and process it to the extent permitted by law. For example, we process data that we receive from public authorities or financing companies in order to have the necessary data for the conclusion or fulfilment of a contract. We also process data from data suppliers and address traders or from other website operators and online networks in order to offer you the best possible service, to provide you with the best possible advice and to ensure that your data is correct.

Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection register, land register, commercial register, media, Internet) or receive such data from other companies within the AXA Group, from authorities, cooperation partners or other third parties.

For the purposes stated in section 1.3 Purpose of data processing, we may process and analyse your data automatically, i.e. computer-assisted, and create profiles.

Profiling is the automated processing of data in order to analyse or predict certain personal aspects or the behaviour of a person and thus evaluate it. This is done by combining, linking and analysing personal data available to us. The result, i.e. the profile created, provides us with information about personal aspects such as personal preferences, interests, location or change of location. This allows us to provide you with more personalised support and advice or to better tailor offers to individual customer needs. You can read more about personality profiles for marketing purposes in section 1.3.5 Customer surveys and marketing. There you will also find information on how you can prohibit personalised advertising and thus assert your right to object.

We also use profiling to identify misuse and security risks, to carry out statistical analyses and for operational planning purposes. In addition, these processing operations can be used to combat money laundering and abuse and to check creditworthiness.

Profiling is carried out within AMS for contract processing or in connection with the associated overriding legitimate interests. In all cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling.

To ensure the efficiency and consistency of our decision-making processes, we can also make certain decisions fully automatically (computerised according to certain rules and without human influence or review by employees). These decisions can also be made on the basis of profiling.

In the event of such an automated individual case decision, you will be informed separately about its implementation if the decision has legal consequences for you or leads to a comparable significant impairment. In such a case, you have the option of having these decisions reviewed by an AXA employee (see 1.8.9 Automated individual case decision).

We protect your data and do not sell it to third parties.

Your data may be disclosed to contract data processors and third parties under certain circumstances (e.g. if necessary for the conclusion or fulfilment of a contract or for other purposes specified in this data protection notice). These recipients are contractually obliged to comply with the currently applicable data protection legislation and to maintain confidentiality and, if necessary, secrecy. Your data may also be disclosed to other controllers or co-operation partners.

We also reserve the right to disclose data if confidential data is involved. In many cases, the disclosure of secret data is necessary in order to fulfil contracts or provide other services. As a rule, non-disclosure agreements do not exclude the disclosure of such data, including to service providers. However, taking into account the nature of the data and the circumstances, we ensure that these third parties are appropriately obliged to maintain confidentiality.

We are part of the AXA Group and therefore carry out certain business processes partly in central service units and data processing systems of the AXA Group. This data processing, which also includes the processing of data outside the European Economic Area (EEA) or Switzerland, is permitted on the basis of our Binding Corporate Rules (BCR). Our corporate guidelines also cover the transfer of data to contract processors belonging to the AXA Group. Details on the individual companies of the AXA Group can be found here: List of AXA companies worldwide.

In order to fulfil contractual or legal obligations, we sometimes work together with processors such as suppliers, IT and other service providers. These are contractually obliged to process the data only for the purposes specified by AMS. A list of processors is available from us. If the processors use third parties, we may authorise this in individual cases.

We work together with third parties who process your data on their own responsibility or under joint responsibility with us. These third parties include any natural or legal person, public authority, organisation or other body that is not part of the AXA Group or a processor. In particular, we include our co-operation partners and the following categories:

• Insurance intermediaries, sales and other contractual partners
• Garages/mechanics/breakdown service providers/transporters/taxi and hire car companies
• Authorities and official bodies in Switzerland and abroad
• Agencies
• Other parties involved in an incident (e.g. in the event of damage)

Other parties in potential or actual legal proceedings

We process data worldwide, in particular in countries where other AXA Group companies operate (list of AXA Group countries). Before we transfer data to a country outside Switzerland or the EEA states, we ensure that the country has an adequate level of data protection. If the country does not have an adequate level of data protection, we ensure an adequate level of protection by means of appropriate contractual provisions (e.g. on the basis of standard contractual clauses of the European Commission or our company guidelines, the so-called Binding Corporate Rules [BCR]) and effective technical security measures. Exceptionally, data may be transferred to a third country with an inadequate level of data protection if you have given your consent, if the underlying contract with you makes it necessary, in the case of legal proceedings abroad or in cases of overriding public interest. Please contact us if you would like a copy of the standard contractual clauses.

We process the data collected for as long as is necessary in compliance with the statutory retention periods (accounting, statute of limitations, company law, tax and social security law) and to fulfil our stated processing purposes and on the basis of our overriding legitimate interests (in particular to prove or defend against claims and to demonstrate good data governance).

In terms of a purpose-orientated retention period, we attach great importance to ensuring that your data is only stored for as long as is absolutely necessary. Due to the respective circumstances and changing legal requirements, which also entail different retention periods, the retention period can range from a few days to several years or longer. If the data is no longer required for the purpose of processing, we delete or anonymise it.

Further information can be found under the respective processing purposes in Section 1.3 Purpose of data processing or in Part 2 ff (Part 2. Use of website).

If your data is processed by AMS, you can assert the rights listed in sections 1.8.2 to 1.8.9 as follows at any time and free of charge within the framework of the applicable data protection law and the purpose of processing, unless otherwise stated:

e-mail or letter (postal address) to the office named in Section 1.9 Data Protection Advisor.

In order to avoid abuse, the exercise of your rights generally requires that you clearly prove your identity (e.g. with a copy of your identity card or passport), unless we can clearly identify you in another way.

Your request addressed to the above-mentioned office may be processed by other offices, such as the complaints management of the AMS.

In the event of a violation of your rights, you have the option of lodging a complaint with the competent data protection authority (see section 1.9 Data Protection Advisor).

You have the right to request information from us as to whether and which of your data we process. You can submit your request for information in writing or by e-mail to the address listed under Contact in section 1.9 Data protection advisor.

You have the right to request that we provide you with certain personal data in a commonly used electronic format or transfer it to another controller.

You have the right to have us correct data if it is incorrect. If we have stored incorrect personal data about you, we will be happy to correct it based on your notification.

You have the right to request the erasure of data that is not absolutely necessary for the fulfilment of the contract or that is not processed on the basis of statutory provisions (e.g. retention obligations) or an overriding legitimate interest of AMS. If erasure proves to be technically impossible or involves disproportionate effort, we may reject your request for erasure.

In certain cases, you have the right to restrict processing (e.g. if the accuracy of the data is disputed or unlawful processing is asserted).

You have the right to object to the processing of your data with immediate effect for the future, in particular if the processing is carried out to protect our legitimate interest, e.g. in the case of direct marketing.

You have the right – insofar as the processing of your data is based on your consent – to withdraw your consent with immediate effect for future processing.

If we have made an automated individual decision within the meaning of the applicable law, we will inform you of this. You then have the right to express your point of view, to contest the decision and to request that the decision be reviewed by a natural person. We will inform you of the point of contact in the context of the decision taken. Please then contact the specified contact point.

Please send requests and enquiries relating to the processing of your data by the AMS to the data protection advisor in writing, enclosing a copy of your identity card or passport:

• AMS data protection consultant for business activities in Switzerland and Liechtenstein:

AXA Mobility Services AG, for the attention of Dr Dominic Staiger, Hölzliwisenstrasse 11 8604 Volketswil, e-mail: datenschutzanliegen.upto@axa.ch

If you are of the opinion that AMS is not complying with the data protection regulations applicable to you, we recommend that you first contact the responsible AMS data protection advisor named above.

However, you can also lodge a complaint directly with the competent data protection supervisory authority:

• Switzerland
  Federal Data Protection and Information Commissioner
  Feldeggweg 1
  CH-3003 Bern
• Principality of Liechtenstein
  Data Protection Office (DSS)
  Städtle 38
  P.O. Box 684
  FL-9490 Vaduz

We work together with various third-party providers in connection with the use of our website. Most of these third-party providers are based in Switzerland or the EEA. They are sometimes part of globally active groups, which is why data transfer to countries outside these regions, in particular to the USA, cannot be ruled out.

Various external links are included on the website, including links from social media providers.

Details on the handling of your personal data by third-party providers can be found in the respective data protection notices, e.g. from Google, Facebook and Adobe. The AMS data protection notices do not apply to data processing by these external providers.

If you use a link to one of these external providers on our website, data will be transmitted. We would like to point out that we have no knowledge of the content of this transmitted data or its use by these external providers. By using the relevant products and services, such as Google or Facebook, you agree to their privacy policies. We are not responsible for the content, tools and other data on websites to which there is a link on our website.

When you access and use our website, our web servers collect certain technical data about your visit, which is recorded in logs, for example:

• Date and time of access to our website and other process-related data
• Website from which the access is made (referrer URL)
• Any search term
• Country from which access is made
• Internet protocol address (IP address) of the requesting computer or the device you are using
• Name of your internet provider
• Device attributes (e.g. computer, tablet, mobile phone) and data on interaction with the website

Technical data alone does not normally allow any conclusions to be drawn about your identity. Although we know your provider and therefore the region from which you are accessing our website based on your IP address, we cannot draw any conclusions about your identity – provided you have never logged in with a user account. However, if you identify yourself on our website with your name or an e-mail address, we collect the technical data relating to your person.

We use this data for technical troubleshooting, to prevent and investigate attacks on our systems and for marketing purposes. AMS reserves the right to check the log data retrospectively if there are concrete indications of suspected illegal or non-contractual use.

The legal basis is our legitimate interest in providing you with a secure user experience or your consent.

The online usage information of users of the AMS website or AMS applications or of users who have identified themselves in another area can be linked to other information. This includes the use of AMS products and services as well as demographic data such as age group, region of residence and gender. Using this information, we can automatically analyse, link and evaluate the resulting data in order to identify individual customer needs for AMS products and services and those of other AXA Group companies.

For active AMS customers who visit the website via the AMS newsletter or log in to the AMS website, target group information can be loaded and made available to technology partners in anonymised form. We use this method to optimise the customer experience on our own platforms and increase the relevance of advertising messages outside the AMS. This does not apply to particularly sensitive personal data.

The findings from the analysis and interpretation of this data can be used to make targeted offers for services and products of AMS and other companies of the AXA Group, its affiliated companies and cooperation partners (e.g. individualised product or service offers, personalisation of advertising content).

Where the GDPR applies, the legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing you with the best possible service and offering specific products and, if you decide in favour of our offer, the legal basis is the contractual (initiation or execution) of the contract.

In connection with our website, we use various services from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) and Facebook/Meta (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin D02X525, Ireland). Here you will find general information about these service providers. Specific information can be found in the relevant sections.

As part of Google marketing services, Google collects and analyses data about website visitors. The same applies to Facebook.

We have no influence on the scope and further use of the data by Google/Facebook and assume no responsibility or liability for this. Therefore, please inform yourself about Google’s privacy policy at https://policies.google.com/privacy and Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

If you have a Google or Facebook account or have registered for a service from these companies, they will, for example, match your clicks on paid adverts from the AMS in Google search with other data. The data may also be linked by Google/Facebook to your account and your web and app browser history across devices.

You can set your cookies on our website accordingly, block cookies from third parties via your web browser settings or prevent cross-site tracking and/or use ad-blocking software.

The data collected by Google/Facebook may be transferred by the former to countries outside Switzerland and the EEA, in particular to the USA. If you have a Google/Facebook account, you can adjust the corresponding data protection settings in your account.

Google Analytics uses cookies that enable us to analyse your use of our website and our online services. The information generated by the cookie is usually transferred to a Google server in the USA and stored there.

IP anonymisation is activated on our website so that the IP address of users within Switzerland or the EEA is truncated by Google beforehand.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to analyse the use of the website by users, to compile reports on website activity and to provide other services related to website and internet usage to the website operator. We only receive anonymous analyses from Google. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Please also note section 2.1.4 General information on the services of Google and Facebook.

You can determine whether you wish to participate in the tracking process via the cookie settings.

The legal basis for the applicability of the GDPR is your consent (Art. 6 para. 1 lit. a GDPR).

In addition to Google Analytics, we also use Permaleads (CH). Permaleads identifies companies that visit our website based on their IP address. This enables us to target potential business customers and support our sales and marketing team in acquiring new customers.

Individual users of the companies visiting our website are only registered by Permaleads in anonymised form. Private individuals who visit our website are not recorded by Permaleads. Permaleads, on the other hand, records the usage behaviour of users on our website and thus gives us important information about how potential customers or customers use our website and where we can optimise our website.

The legal basis for the applicability of the GDPR is your consent (Art. 6 para. 1 lit. a GDPR) and our legitimate interest (Art. 6 para. 1 lit. f GDPR) in ensuring the best possible functionality of the website.

In connection with Adobe Target (Adobe Systems Software Ireland Limited, 6 Riverwalk, Naas Road, Dublin 24, Ireland), pseudonymised user profiles are created and cookies are used to optimise our website and to offer you the right content when you visit it again. We use the Adobe Target service for A/B testing and personalisation, among other things.

The information about your use of our website is transmitted to an Adobe server in London, England, and stored there. The IP address of the user is used for this purpose, e.g. to enable personalised content control by means of geo-location.

Further information on data protection at Adobe can be found at: https://www.adobe.com/ch_de/privacy/policy.html.

You can determine whether you wish to participate in the tracking process via the cookie settings.

The legal basis for the applicability of the GDPR is your consent (Art. 6 para. 1 lit. a GDPR).

We use Google Tag Manager to manage tags (tracking codes and associated code fragments) and to load web analytics services such as Google Analytics. No personal or pseudonymised user profiles are created. Tags are merely managed and activated. However, other analytics services can collect data by triggering tags.

You can prevent the Google Tag Manager from loading with ad blocker software. Please also note section 2.1.4 General information on the services of Google and Facebook.

The legal basis for the applicability of the GDPR is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in ensuring the best possible functionality of the website.

In addition to Google Analytics, we also use Google Ads, Google my Business, Google Search Console, Google Tag Manager, Google Data Studio / Looker, Google Cloud Platform for advertising purposes. We reserve the right to use other services such as DV 360 and Campaign Manager for advertising purposes in the future.

With Google tracking, Google places a cookie on your computer if you have come to our website via a Google advert, for example. If you visit our website, we and Google can recognise that someone has clicked on the ad and accessed this page.

The information collected using conversion tracking is used to analyse our advertising (e.g. total number of users who clicked on our ad and accessed a page with a conversion tracking tag).

Via remarketing, your surfing behaviour is collected for marketing purposes and used to adapt advertising offers to your interests. For example, after you have visited our website, you may be contacted again about our products on pages of members of the Google Partner Network. In this context, no personal data is passed on to members of the Google Partner Network that would allow these members to draw conclusions about your identity.

Please also note section 2.1.4 General information on the services of Google and Facebook.

For cookie consent management on our website, we use the tool of the provider OneTrust (headquarters UK: Cannon Green, 27 Bush Lane, London EC4R 0AA, UK, and headquarters USA: 1350 Spring Street NW, Suite 500, Atlanta, Georgia 30309, USA). OneTrust stores information about the categories of cookies and whether users have given or withdrawn their consent to the use of the individual categories. This enables us to prevent cookies from being set in each category in the user’s browser if consent is not given.

The legal basis for the applicability of the GDPR is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in ensuring the best possible functionality of the website.

We use conversion tracking components from LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to display adverts that are relevant to you and based on your interests. From LinkedIn, we receive aggregated and anonymous reports of ad activity and information about how you interact with our website.

We also use Linkedin Sales Navigator (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland). This provides us with limited information from LinkedIn profiles, such as the name, profile slogan, current company, current job title and general location, in order to manage our sales contacts or candidates and optimise our marketing. The individual LinkedIn user can deactivate or reject this function in the respective user account. Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

The Facebook pixel is integrated on our website. This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The data collected is anonymous to us as the operator of our website. We cannot draw any conclusions about the identity of the user.

However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place adverts on its own pages and on pages that do not belong to Facebook. This use of the data cannot be influenced by us.

Please also note 2.1.4 General information on the services of Google and Facebook.

We integrate third-party content such as videos from YouTube (operated by Google), maps from Google Maps, embedded content or graphics from other websites into our online offering.

When you use this content, these third-party providers may collect information from you (e.g. IP address, geo-location). We have no influence on the extent to which the third-party providers use this information, e.g. for statistical purposes.

When using YouTube or Google Maps, for example, Google collects and analyses data on the use of the services by visitors to the website.

Please note the respective data protection provisions of the third-party providers as well as section 2.1.4 General information on the services of Google and Facebook.

Where the GDPR applies, the legal basis is our legitimate interest (Art. 6 (1) (f) GDPR) in being able to offer you this content as a service. If services are only activated when you actively select them, the legal basis if the GDPR applies is your consent (Art. 6 para. 1 lit. a GDPR).

You have various options for contacting AMS via our website.

The personal data you transmit is protected by encryption mechanisms that comply with current security standards. Despite extensive technical and organisational security precautions, data may be lost or intercepted and/or manipulated by unauthorised persons.

We are concerned about your data security and take appropriate technical and organisational security measures to prevent this within our systems.

Your computer is located outside the security area controlled by AMS. It is your responsibility as the user to inform yourself about the necessary security precautions and to take appropriate measures in this regard. AMS is in no way liable for any damage you may suffer as a result of data loss or manipulation. The Internet is a worldwide open network. If you transmit personal data via the Internet, you always do so at your own risk. In the case of unencrypted electronic communication, data can be intercepted and manipulated by third parties or lost.

If you wish to send an e-mail with confidential content to AMS, it should be encrypted to prevent unauthorised access or falsification during transmission.

It is not possible to guarantee data security for unencrypted e-mails sent to AMS, which is why AMS excludes any warranty and liability. As an alternative to encrypted e-mail communication, we therefore recommend that you contact us directly using the contact forms provided.

In addition to other channels, we will also communicate with you via text message to keep you informed about the status of your enquiry.

We reserve the right to operate a live chat. In the live chat, you communicate with AMS employees. When you contact us in this way, the data you provide will be collected and processed by the service provider we use, Zendesk, Neue Schönhauser Str. 3-5, 10178 Berlin, Germany. The data is collected to process the enquiry and in the event that follow-up questions arise. In addition, chat conversations are recorded internally by us for training and optimisation purposes and automatically deleted after 90 days for this purpose. Further information on data protection at Zendesk can be found at: https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/.

You have the option of contacting us via private message using Facebook Messenger, Twitter, Instagram or LinkedIn. If you contact us via one of these providers, you agree that we may reply to you via the same provider. Please note that we will not or cannot provide you with certain information via the same communication provider and that other communication channels remain for this purpose.

When you contact us via external communication providers, data from the respective conversation may be collected and used by these providers. We have no influence on the data processing by these providers.

Please also note section 2.1.4 General information on the services of Google and Facebook.

You can find more information about data protection on Facebook Messenger at: https://www.messenger.com/privacy?locale=en_GB

You can find further information on data protection on Twitter at: https://twitter.com/en/privacy

When using our online forms (e.g. WordPress, e-mobility calculator), your access and movements may be recorded, stored and analysed. This primarily serves to improve our online offering and for marketing purposes. Your details may be combined with data about your use of our website (e.g. login data, accesses, transactions, changes and movements). We also use cookies for our online forms and utilise Google Analytics.

If you are in telephone contact with AMS, the calls can be recorded, written down or analysed for quality purposes and for documentation.

Depending on your request, we use traditional customer telephony, i.e. person-to-person calls, and/or new technologies such as voice dialogue systems, voice recording or so-called voicebots. With the voice dialogue system, your call is answered automatically and you are forwarded to the relevant department. You can recognise the voice dialogue system by a machine-controlled dialogue. When using voicebots, your request can be processed automatically.

You can subscribe to our newsletter on our website by providing us with your contact details (first and last name, e-mail address). For verification purposes, we will send you an e-mail immediately after completing the registration process with a link with which you must confirm your subscription to the newsletter again in order to be definitively registered as a newsletter subscriber. Following such confirmation, you will receive another confirmation e-mail from us. The data collected as part of your registration will be used to send you our newsletter and may be combined and used with other data about you that we process. This personal data may be passed on to our marketing department, which only processes the data on our behalf. To the extent permitted by applicable data protection law, we may include coding in our newsletters that allows us to recognise whether the recipient opens the email and downloads the images it contains.

You can unsubscribe from our newsletter by clicking on the link at the end of the newsletter.

The legal basis for the applicability of the GDPR is your consent (Art. 6 para. 1 lit. a GDPR).

Feedback from our customers is very important to us. This is the only way we can improve and further develop our products, services and websites. Please do not hesitate to give us your honest feedback. We have a general feedback form.

We also use the providers Medallia and eKomi for our customer surveys. We use cookies and web analysis services on the survey platforms. We use your data as part of the survey and evaluation to improve our services.

If the GDPR applies, the legal basis is your consent (Art. 6 para. 1 lit. a GDPR) and our legitimate interest (Art. 6 para. 1 lit. f GDPR) in finding out how satisfied you are and receiving suggestions for improving our services.

By creating an account and submitting or uploading your data, you give us your consent to use this data. We use the data to ensure and improve the applications and for the purposes listed in Part 1 Information on data protection. The following purposes are in the foreground: securing and further developing the applications, purposes that are expressly listed when the data is collected or are obviously related to the delivery of the data, marketing, maintaining existing and future customer relationships.

Your rights and objection options can be found in Part 1 Information on data protection.

Where the GDPR applies, the legal basis is contractual (initiation or performance of a contract; Art. 6 para. 1 lit. b GDPR), your consent (e.g. in the case of explicitly granted powers of attorney; Art. 6 para. 1 lit. a GDPR) and our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the analysis and optimisation of services and marketing.

The exchange of data with third parties – e.g. cooperation partners – takes place within the framework of the data protection declaration (see Part 1. Information on data protection and Part 2. Use of the website).

Cookies or similar technologies for mobile devices are used to create pseudonymised user profiles. The use of cookies in the portal can be viewed in Part 4 Cookie Policy and the use of cookies can be agreed to or objected to.

The access history of the pages is saved automatically. We evaluate these anonymously using analysis tools in order to optimise the pages. For marketing purposes (e.g. to offer customised products) and to improve our services and functions, we link the data about your use of our website (e.g. login data, accesses, transactions, mutations and movements) with other customer data that we process in connection with your use of our products and services or with data from third parties when you use the online portal or the app. This is also possible after you have logged out of the online portal/app. Please also refer to section 2.1.2 Server and application log files and section 2.1.3 Data processing if you are a registered/identified user.

We reserve the right to restrict access to the online portal, the app and the services without prior notice and to delete them if misuse is suspected. Users can also delete their account themselves at any time or request that we delete an account. Deletion of an account is irrevocable.

The data collected from users will continue to be stored in our core systems in accordance with the applicable legal requirements. After deleting their account, customers have the option of continuing to do business with us via other established channels, such as by post.