Become a Member

Privacy Policy

Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The purpose of this privacy policy is to inform you, as a user of this website, about the nature, scope, and purpose of the processing of personal data and your rights in this regard, insofar as you are considered a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.

1. Responsible body

This website and the services offered are operated by:

Catena-X Automotive Network e.V.
c/o beyond Quartier Heidestrasse
Heidestraße 34
10557 Berlin

Tel: +49 175 5615 954
Email: datenschutz[at]catena-x[.]net

2. Data protection officer

We have appointed a data protection officer:

Herold Unternehmensberatung GmbH
Mr. Philipp Herold
Hafenstraße 1a
23568 Lübeck
www.hub24.de

3. General

We have designed the website to collect as little data from you as possible. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) in force since May 25, 2018, and the applicable national data protection regulations, such as the Federal Data Protection Act, the Telecommunications and Telemedia Data Protection Act, or other more specific laws on data protection.

4. Purpose and legal basis for the processing of personal data

We always process your personal data for specific purposes.

In summary, we process your personal data for the following purposes:

  1. To be able to process your request when you contact us (e.g., email address, first name, last name);
  2. For the technical implementation of our website and to provide you with information on this website (e.g., IP address, cookies, browser information)
  3. To receive and process your application for one of our job vacancies.

The following applies with regard to the legal basis for the processing of your personal data:

We process personal data that is necessary for the establishment, implementation, or processing of our range of services (contract processing) on the legal basis of Art. 6 (1) lit. b GDPR. If we obtain your consent to process your personal data, this consent forms the legal basis for data processing in accordance with Art. 6 (1) (a) GDPR. Data processing is also permissible if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not outweigh these interests. (Art. 6 (1) lit. f GDPR) If we use external service providers within the scope of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.

5. Collection of personal data when visiting our website

When you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 (1) (f) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. For more information, please refer to the “Cookies” section of this privacy policy.

6. Cookies

Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier. When you visit our website, only technically necessary cookies are set.

7. Contact

You can contact us by email. In this case, we will store the personal data you provide in order to process your request and to contact you to deal with your request. If we request information via our contact form, we have marked the mandatory fields required for contacting us accordingly (asterisks). The voluntary information helps us to specify your request and improve the processing of your request. The data requested is transmitted to us by you on a purely voluntary basis.

Depending on the type of request, the legal basis for this processing is Art. 6 (1) lit. b GDPR for requests that you make yourself in the context of a pre-contractual measure or Art. 6 (1) sentence 1 lit. f GDPR if your request is of a different nature. The legitimate interest follows from the purposes mentioned in section 4 a.). If personal data is requested at that we do not need for the performance of a contract or to safeguard legitimate interests, the transmission to us is based on your consent in accordance with Art. 6 (1) (a) GDPR.

8. Registration for events

You can register for various events organized in cooperation with Catena-X Automotive Network e.V. via our website. When you register, you will be redirected to the partner website via a link. There you can complete the registration process. The partner website helps us to manage the individual event registrations. When you register, various data is collected by the partner website over which we have no influence. You can find more detailed information in the privacy policy of the partner website:

 

Possible partner website Privacy policy
eveeno https://eveeno.com/de/privacy
eventim https://www.eventim.de/help/data-protection/?srsltid=AfmBOorhop4-i3QOgB0udFqjZfTf26VvEpnF-TwVY_PNhnTGvRTjZ_8E
Microsoft Teams https://www.microsoft.com/de-de/privacy/privacystatement#mainnoticetoendusersmodule 

 

The legal basis for data processing in the context of event registration is the execution of an event contract in accordance with Art. 6 (1) (b) GDPR.

When you open the link to the event registration, a connection to the servers of the partner website is established. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision has been made by the European Commission (e.g. in the USA), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021 ( ). You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. The data collected will be stored exclusively for the purpose of conducting the event.

9. Application process

We publish job vacancies on our website, which you can apply for by email. If you decide to apply for a vacant position, we will process the personal data you provide and submit to us exclusively for the purpose of carrying out the application process.

The legal basis for the processing of your personal data in the context of the application process is Section 26 (1) in conjunction with Section 26 (2) BDSG.

In the event of rejection, we will delete your data as soon as the retention period of 6 months required by labor law has expired. The period begins with the sending of the rejection. If you have expressly consented to the further use of your data for later contact regarding positions that may be of interest to you, we will continue to store your data in accordance with your consent.

If the application process results in an employment relationship, the data will initially continue to be stored as necessary and permissible and then transferred to the personnel file.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations, or if you have given your consent. Transfer to a third country is not intended.

The provision of personal data in the context of application processes is neither legally nor contractually required. You are therefore not obliged to provide personal data. However, the provision of personal data is necessary for the decision on an application or the conclusion of an employment contract with us. However, you should only provide personal data in your application that is necessary for the acceptance and processing of the application. If you do not provide us with personal data in an application, we cannot make a decision on the establishment of an employment relationship.

Please note that applications you send to us by email are transmitted unencrypted. In this respect, there is a risk that unauthorized persons may intercept and use this data.

10. Presence on social media

In order to present our company in the best possible light, communicate with you as a user, customer, or interested party, and inform you about the services we offer, we use social media platforms. When using social media, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection to that in the EU cannot be guaranteed in all countries outside the EU.
In this context, it may pose risks for you as a user if the transmitted data is processed in so-called third countries with an inadequate level of data protection.

This makes it difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country. 
The US does not have a level of data protection comparable to that provided by the GDPR. It is possible that government agencies may access personal data without us or you being aware of it. It is unlikely that you will be able to enforce your rights in the US.

In addition to the respective provider of a social network, we also collect and process personal user data on so-called “fan pages.” With this notice, we inform you about what data we collect from you on our social media sites, how we use it, and how you can object to the use of your data. Please refer to the respective offer listed in more detail below for the respective data processing purposes and data categories.

The social media activities we operate and describe in more detail below are carried out on the basis of a balancing of interests pursuant to Art. 6 (1) lit. f) GDPR.

To achieve this, cookies are used to record user behavior and enable user profiling.
A specific list of the purposes for which user data is processed can be found in the privacy policies of the respective providers. By making the appropriate settings in your user account, you can restrict the creation of your profile, at least to a certain extent. For the exact procedure, please read the relevant privacy policy of the respective provider.

The relevant platforms are:

Platform Responsible body Data protection information of the platform operators
YouTube Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland		 https://policies.google.com/privacy?hl=de
LinkedIn LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland		 https://de.linkedin.com/legal/privacy-policy

Catena-X Automotive Network e.V. operates profiles on the listed platforms in order to draw attention to products and services and to interact with customers, interested parties, and other users of the platform.

In this context, the platform operators also use certain data that they have collected from users of the platform (e.g., whether a photo on a profile has been marked with a “like” or commented on) to compile aggregated usage statistics and make them available to the respective profile operators (so-called “insights” or “analytics”). As profile operators, we also receive such usage statistics. The information we receive as profile operators does not allow any conclusions to be drawn about individual users. The profile operator itself has no access to personal data that the platform operators process for the creation of usage statistics. The respective platform operator alone determines which data is processed for these purposes and in what manner. As a profile operator, Catena-X Automotive Network e.V. has no legal or actual influence on the processing by the platform operators.

For processing in connection with the creation of usage statistics, Catena-X Automotive Network e.V. and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR.

Where possible, joint responsibility agreements are in place with the respective platform operators.

Beyond that, data processing by Catena-X Automotive Network e.V. as a profile operator only takes place to a very limited extent:

  • Processing of user names and comments that are deleted due to violations of netiquette. These are retained for the limitation period for any necessary evidence in legal disputes.
  • Processing of usernames and individual messages when you contact us via messenger services.
  • Recruiting potential applicants on career platforms

For these purposes, we generally only process your name, message content, comment content, and the profile information you have made “publicly” available.

11. Rights of the data subject

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if it was not collected by us, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
  • to request the immediate correction of inaccurate or incomplete personal data stored by us in accordance with Art. 16 GDPR;
  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller (data portability);
  • pursuant to Art. 7(3) GDPR, to withdraw your consent to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future; and
  • in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
  • Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to info[@]catena-x,net.

12. Disclosure of your personal data

Your personal data will be disclosed as described below.

Data will also be disclosed if we are entitled or obliged to do so on the basis of legal provisions and/or official or court orders. This may include, in particular, the provision of information for the purposes of criminal prosecution, averting danger, or enforcing intellectual property rights.

If your data is shared with service providers to the extent necessary, they will only have access to your personal data to the extent necessary to perform their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR. Insofar as your personal data is processed on our behalf on the basis of data processing agreements in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In such cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient’s end before your personal data is transferred. This can be achieved, for example, through EU standard contracts or binding corporate rules or special agreements to which the company can submit.

13. Data security

We use technical and organizational measures to protect our website against loss, destruction, access, modification, or distribution of your data by unauthorized persons.

In particular, your personal data is transmitted to us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption system for this purpose. Our security measures are continuously improved in line with technological developments.

14. Storage period for personal data

With regard to the storage period, we delete personal data as soon as its storage is no longer necessary for the fulfillment of the original purpose and there are no longer any legal retention periods. The statutory retention periods form the criterion for the final duration of the storage of personal data. After the expiry of the period, the corresponding data is routinely deleted. If retention periods exist, processing is restricted in the form of blocking the data.

15. References and links

When you visit websites that are linked to our website, you may be asked again for information such as your name, address, email address, browser properties, etc. This privacy policy does not regulate the collection, disclosure, or handling of personal data by third parties.

Third-party service providers may have different and separate provisions regarding the collection, processing, and use of personal data. It is therefore advisable to inform yourself about the practices of third parties regarding the handling of personal data before entering personal data on their websites.

As of: May 2023