The protection of your personal data is very important to us.
We are generally LexCom Informationssysteme GmbH. If you have concluded a user agreement with us in the United Kingdom, your contractual partner may also be LexCom Information Systems Ltd, depending on the content of the contractual documents.
This privacy policy applies to both LexCom Informationssysteme GmbH and LexCom Information Systems Ltd (hereinafter collectively referred to as "LexCom").
With this privacy policy, we would like to inform you about how LexCom processes your personal data when you use the various ASA modules (hereinafter collectively referred to as "ASA services").
ASA Local
ASA WEB (www.myasaweb.com)
ASA SQT (www.myasasqt.com)
myASAinfo (www.myasainfo.com)
This privacy policy supplements the general terms and conditions applicable to the use of ASA.
LexCom Munich
LexCom Informationssysteme GmbH
Rüdesheimer Str. 23
80686 Munich
LexCom UK
LexCom Information Systems Ltd
Unit C3 Arena Business Centre
9 Nimrod Way
Wimborne, BH217UH
United Kingdom
You can contact the data protection officer by email at privacy@lex-com.net.
This privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
LexCom adheres to the following principles when protecting your personal data in connection with your use of ASA services:
LexCom collects, processes and uses your personal data in accordance with the relevant data protection laws of the European Union (in particular the EU General Data Protection Regulation – GDPR) and the Federal Republic of Germany.
LexCom uses your personal data primarily to enable you to use the ASA services. In these cases, processing is carried out for the performance of the contract on the basis of Article 6(1)(b) GDPR. In addition, LexCom may process the processed data for other purposes, if necessary. Any further processing is carried out exclusively on the basis of a legitimate interest pursuant to Art. 6 (1) f) GDPR, or consent by the ASA user pursuant to Art. 6 (1) a) GDPR. In these cases, your data will be processed anonymously or pseudonymously wherever possible.
In cases where personal data is processed by a processor or forwarded to a third party, processing is always carried out on the basis of a data processing agreement in accordance with Art. 28 GDPR, on the basis of standard contractual clauses for transfers to third countries in accordance with Art. 46 GDPR, or on the basis of a legitimate interest in accordance with Art. 6 (1) f) GDPR.
LexCom will delete the following data as soon as a) there is no longer a legitimate interest in its processing, b) there is no longer a lawful basis for processing this data, or c) there are no legal retention obligations.
It is possible to purchase licences for the use of the various ASA services. For initial orders, this is done using an order form.
Depending on the user's location, the order can be placed either directly with LexCom or with the relevant/responsible importer. If the importer is authorised to do so based on its location and makes use of this option, the importer will have access to the user's account and may also make changes if necessary.
When registering or ordering ASA licences/products, LexCom must process certain personal data from you (hereinafter referred to as "order data"). In the course of this, personal data is processed by LexCom either directly or by forwarding it to LexCom via the importer.
This initially includes the following data:
(Company) master data
Dealer number
Contact details (telephone number/email address)
Licence order
Payment data
LexCom processes this personal data in particular in the following cases in order to fulfil your contract and to provide the ASA services in accordance with Art. 6 (1) b) GDPR:
To register you as a user in the ASA system, set up an account and grant you the appropriate access to user management. This is necessary in order to be able to use the ASA services to their full extent.
Required for delivery
To send you, as the customer, the login details for myASAinfo in a new customer letter.
To enable you to access an "ASA Local Installer" to download, install and register "ASA Local".
To enable you to access the "ASA WEB" and "ASA SQT" web applications via myASAinfo, if necessary. However, if you already have the appropriate licences, you can also log in to these web applications directly via your browser.
To provide you with important information about the existing contractual relationship (such as announcements of new programme versions and important features) and to assist you with questions regarding payment and contract processing.
To identify and contact you for customer service purposes.
In addition, LexCom may use this personal data for the following additional purposes based on legitimate interest pursuant to Art. 6 (1) f) GDPR:
To send you news and help topics regarding the use of the ASA services you use.
To send you offers and promotions exclusively for our own or similar goods and/or services.
To survey you about your use of and satisfaction with the ASA services.
For internal evaluation by LexCom for the purpose of product development or the creation/development of LexCom AI models in the interests of the customer and/or for forwarding to dealers/order recipients, manufacturers and/or importers for the purpose of sales optimisation and performance measurement. In these cases, personal data will only be processed on the basis of your consent and will otherwise be pseudonymised/anonymised.
If necessary, LexCom processes your payment data, such as bank and credit card details, for the purpose of payment processing and billing in accordance with your chosen payment method.
Depending on your country, various payment options are available to you for the purchase of licences to use the ASA services:
Invoice by bank transfer
Direct debit
Payment by credit card: To process credit card payments, LexCom transmits your payment data to the service provider Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands) to the extent necessary for further processing. LexCom ensures that your credit card details are processed in accordance with the PCI-DSS security standard. This means, among other things, that your credit card details are never stored in plain text by LexCom.
The processing of your payment data by LexCom is necessary for the performance of your contract with LexCom, see Art. 6 (1) b) GDPR. LexCom needs this information to bill you for LexCom services and to contact you regarding payment and contract processing issues.
After logging in with your ASA user data, the myASAinfo service (www.myasainfo.com) provides you with the following functions in particular:
Licence ordering and management
Changing your master data
Managing your account
Viewing and downloading your invoices
In this context, various personal data will be processed depending on the function selected. The legal basis is Art. 6 (1) b) GDPR, insofar as this is necessary for the fulfilment of the contractual relationship, or the legitimate interest pursuant to Art. 6 (1) f) GDPR.
"ASA SQT" is an optional add-on module for , which provides you with the following functions in particular:
Creation and exchange of quotations between ASA users and end customers based on predefined menus.
Individual editing/extension of the predefined menus to include additional spare parts and work items.
Creation and exchange of "Vehicle health checks" to document the vehicle status, including photos and videos.
Management of end customer data such as address and contact information required for the creation and exchange of quotations and VHCs.
Interfaces to ASA and ASA WEB to switch to ASA/ASA WEB and research the relevant information using the Single-Sign-On procedure.
Interfaces to DMS via export or LexCom standard interfaces.
Option to report missing menus for selected chassis numbers to LexCom for product improvement.
In this context, various personal data from you and the end customers will be processed depending on the selected function. The legal basis is Art. 6 (1) b) GDPR, insofar as this is necessary for the fulfilment of the contractual relationship, or the legitimate interest pursuant to Art. 6 (1) f) GDPR.
For ASA SQT, there is an extension " ASA SQT Service App " for end customers, which can be activated in ASA SQT. The provision of the "ASA SQT Service App" is subject to separate terms of use and data protection provisions.
When you set up an ASA account, you have the option of logging into the demo version of the LexCom portal www.partslink24.com (hereinafter referred to as "partslink24"). There are two methods available for this:
Cross-login via ASA services: You can log in to the partslink24 demo version from the various ASA services using the Single-Sign-On procedure. Authentication is carried out automatically using your dealer number and user name.
Direct login to partslink24: Alternatively, you can also go directly to the partslink24 website and log in there with your ASA user data.
Your data will be processed in partslink24 in accordance with the partslink24 terms and conditions and privacy regulations. These can be found at www.partslink24.com under "Terms and Conditions" or "Privacy".
The vehicle identification number (VIN) is personal data within the meaning of the GDPR. The VIN is processed within the scope of order processing.
Depending on the ASA service used, it may be necessary to transmit the VIN you have entered to LexCom in order to display the correct information. In any case, each VIN query also generates an online request to LexCom, which also contains the VIN you have entered. This enables LexCom to check whether additional information (so-called memos) from the manufacturer/importer has been published for the VIN queried and to display this information accordingly. The legal basis for processing in both of the above cases is Art. 6 (1) b) GDPR.
In addition, LexCom may process/transfer data to manufacturers/importers for evaluation purposes in accordance with Art. 6 (1) f) GDPR, for example to check how often so-called 'Alert-Memos' have been accessed, which are particularly relevant to safety in the case of recall campaigns. In these cases, personal data is not usually part of the processing and is pseudonymised/anonymised. Otherwise, your personal data will only be processed on the basis of your consent in accordance with Art. 6 (1) a) GDPR.
In addition, the VIN is also processed when creating shopping baskets and parts lists; see Chapter 11 ("Shopping baskets and parts lists") for more information.
As an ASA user, you have the option of uploading your own photos of damaged vehicles or parts for analysis by AI and generation of spare part suggestions. In addition, the user has the option of uploading a previously created parts list in order to more easily add the spare parts contained therein to the shopping basket (parts list scan). The following personal data may be stored and/or transmitted to external AI service providers for this processing:
IP address
User ID/company ID
User name
Session-ID
VIN
Licence plate
Insurance details
Date, time and location of uploaded photos
PC/device name
Image metadata
LexCom requires the image metadata to detect illegal and/or abusive use of the ASA services. Personal data is only subject to evaluation if there is reasonable suspicion of misuse of ASA services by a specific user account. This evaluation serves to protect ASA services and the data contained therein, as well as to protect ASA users and their data from misuse and attacks.
The processing of data for the above-mentioned purposes is carried out for the provision of the function in accordance with Art. 6 (1) b) GDPR and for the legitimate interests of LexCom in accordance with Art. 6 (1) f) GDPR.
Unless longer storage is permitted, e.g. for the enforcement of legal claims, the log files are stored in our data centre for 6 months and then automatically deleted.
As an ASA user, you have the option of creating shopping baskets or parts lists for processing orders and exporting them manually and then importing them manually into the merchandise management system (DMS). Alternatively, there is the option of automated transfer to the DMS via various interfaces, such as the LexCom standard interface or COMbox. In addition, it is also possible to import orders created in the DMS into ASA.
In both cases, the VIN and, if applicable, other personal data (such as customer name, customer reference, etc.) are processed. This depends on the information provided when creating the orders in ASA or in the DMS.
The legal basis for the processing of personal data in this context is Art. 6 (1) b) GDPR.
In addition, every shopping basket or parts list created, including the VIN, is automatically transmitted to LexCom and further processed for its own purposes. The VIN and other personal data are removed or anonymised for further processing. Processing in this context is carried out in accordance with Art. 6 (4) e) GDPR.
As described below, LexCom processes data about the extent and manner of your use of ASA services (hereinafter referred to as "usage data"). This includes, for example, the following data:
Searching and navigating the manufacturer catalogue
Use of functions, buttons, tabs, etc.
Creation of notes on vehicles and parts
Uploading photos for specific chassis numbers
Uploading photos for specific parts, VHCs and offers
Creating shopping baskets/parts lists, VHCs and offers and placing orders
Type and scope of vehicles researched based on chassis numbers (VIN) entered
In addition, usage data can be analysed in a targeted manner, e.g. to measure the relevance or success of the function or, in the event of non-use, to identify possible problems and then contact users in a targeted manner. These evaluations are always used exclusively for the purpose of measuring success and usage as well as for product and sales optimisation in the interests of the customer and represent a legitimate interest of LexCom in accordance with Art. 6 (1) f) GDPR. Personal data is only subject to evaluation if it is absolutely necessary to achieve the purpose (e.g. to establish contact) and is otherwise pseudonymised or anonymised.
In addition, usage data may be used for external evaluations. These are made available by LexCom to importers and MMC, e.g. in the form of dashboards via the www.partsdata24.com service. These evaluations serve the purpose of proper contract fulfilment with our customers in accordance with Art. 6 (1) b) GDPR. Personal data is only subject to evaluation to the extent that this is absolutely necessary to achieve the purpose and is otherwise pseudonymised.
Furthermore, LexCom may also continuously analyse usage data to detect illegal and/or abusive use of LexCom services. Personal data is only subject to evaluation if there is reasonable suspicion of misuse of LexCom services by a specific user account. This evaluation serves to protect the LexCom services and the data contained therein, as well as to protect LexCom users and their data from misuse and attacks, and thus constitutes a legitimate interest of LexCom pursuant to Art. 6 (1) f) GDPR.
LexCom may evaluate usage data in anonymised or pseudonymised form and use it for training purposes in order to further develop and optimise its own support and AI systems. Individual users are not identified in this context. The processing is carried out on the basis of Art. 6 (1) f) GDPR.
If you send us enquiries via the ASA services, we will store your details and the personal data you provide there, including any files you may have uploaded. This is for the purpose of processing your enquiry and in case of follow-up questions.
You also have the option of first logging into one of the relevant ASA services and then sending us an enquiry. In this case, your personal data already stored in your account will be automatically entered/transferred from your account to the contact form. However, this is only an optional feature. You can change or delete the automatically entered data at any time before sending your enquiry.
We will not pass on this data without your consent under any circumstances. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) f) GDPR and, if applicable, Art. 6 (1) b) GDPR, provided that your request is aimed at concluding a contract.
Your data will be deleted after your enquiry has been processed, unless there are legal retention obligations or a legitimate interest pursuant to Art. 6 (1) f) GDPR, in particular for the purpose of reviewing post-contractual claims. In the case of Art. 6 (1) f) GDPR, you can object to the processing of your personal data at any time.
Cookies are small files that enable us to store specific information relating to you, the user, on your PC or other device while you use ASA services. Cookies help, for example, to determine the frequency of use and the number of users of web services, to analyse usage behaviour on websites , to increase security, and to make web services as convenient, efficient and interesting as possible.
After you log in (with your myASAinfo ID/company ID, user name and password), the ASA services use so-called "session cookies" to identify you during your visit. Session cookies expire automatically at the end of the session, i.e. they are deleted.
ASA services also use "permanent cookies". These cookies store information about visitors who repeatedly access ASA services (e.g. company ID, user name, language, time stamp of last use).
The purpose of using these permanent cookies is, on the one hand, to present ASA services to you in the correct language before you have logged in. On the other hand, they allow you to return directly to your last session if you did not log out at the end of your last use of the ASA service. The cookies we set do not create individual profiles of your usage behaviour. The cookies are automatically deleted at the latest 4 weeks after the last use.
You may be able to disable cookies in your browser, restrict them to certain websites, or set your browser to notify you when a cookie is sent. You can also delete cookies from your device at any time. Please note, however, that you will not be able to use ASA services if you reject user cookies.
We use so-called pixels, web beacons, clear GIFs or similar mechanisms ("pixels"). A pixel is an image file or a link to an image file that is inserted into the website code but is not located on your device (e.g. computer, smartphone, etc.). Pixels enable us, for example, to determine the browser used or the screen resolution. We do not establish any personal reference when using pixels. Nor do we carry out any personal tracking. Pixels usually work in conjunction with cookies. If you have deactivated cookies, the pixel will only detect an anonymous website visit.
Each time ASA services are accessed, access data is stored in log files.
The data records stored in this process contain the following data in particular (hereinafter collectively referred to as "log files"):
the IP address
the myASAinfo ID/company ID
the user name
the Session-ID
the login time
VIN
PC/device name
LexCom requires the log files to detect and rectify technical errors, e.g. faulty links or programme errors, i.e. for the further development of ASA services.
Furthermore, LexCom can continuously analyse the log files to detect illegal and/or abusive use of the ASA services. Personal data is only subject to evaluation if there is reasonable suspicion of misuse of the ASA services by a specific user account. This evaluation serves to protect the ASA services and the data contained therein, as well as to protect ASA users and their data from misuse and attacks.
On the other hand, LexCom may use the log files to analyse the use of ASA services (e.g. certain functions) in more detail. This processing also serves exclusively to further develop ASA services in the interests of the customer. At no time is the usage behaviour of specific accounts or users analysed. In this case, personal data is pseudonymised and/or anonymised wherever possible.
The processing of data for the above-mentioned purposes is carried out on the basis of LexCom's legitimate interests in accordance with Art. 6 (1) f) GDPR.
Unless longer storage is permitted, e.g. for the enforcement of legal claims, the log files are stored in our data centre for 6 months and then automatically deleted.
ASA services are predominantly hosted on the controller's own internal servers.
In some cases, ASA services may also be hosted by Amazon Web Services, EMEA SARL, Axel-Springer-Platz 3, 20355 Hamburg (hereinafter: AWS). Your personal data will be processed on AWS servers. Depending on your place of business/residence, these are located in the EU or in another country outside the USA.
The transfer of your personal data to AWS is based on the EU-U.S. Data Privacy Framework. As a subsidiary of Amazon.com, Inc., AWS has valid certification and thus demonstrates a sufficient level of protection.
Details of the certification can be found here:
https://www.privacyshield.gov/ps/participant?id=a2zt0000000TOWQAA4
Further information can be found in the AWS privacy policy: https://aws.amazon.com/privacy/?nc1=h_ls.
The legal basis for processing is Art. 6 (1) f) GDPR. We have a legitimate interest in ensuring that our services operate as efficiently and reliably as possible.
Support from LexCom subsidiaries abroad
We process your personal data listed in the previous sections in the European Union and, where applicable, on behalf of (in particular for the provision of support) in Brazil, China, Japan, the USA, Mexico and the United Kingdom. Processing in these third countries is carried out exclusively on the basis of an adequacy decision by the EU or EU standard data protection clauses in accordance with Art. 46 GDPR. You can view these at the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de)
Analysis of web traffic by Akamai
In addition, your personal data listed in the previous sections is processed by Akamai Technologies Inc. ("Akamai") through the integration of Akamai's delivery, security and analysis services.
On the one hand, traffic to the ASA web services is routed via Akamai servers in order to deliver the ASA web services quickly, reliably and securely, to analyse them for malware and to prevent unauthorised access to them. This processing is carried out on behalf of LexCom in accordance with its legitimate interest pursuant to Art. 6 (1) f) GDPR.
On the other hand, Akamai also processes your data on its own responsibility in the form of generated log files. These may contain personal data in the form of IP addresses and evaluations of your usage behaviour of LexCom web services and are used in particular for security analyses and to detect malicious patterns for the further development of Akamai services. Akamai does not use this data to identify natural persons or to profile natural persons.
The transfer of your personal data to Akamai is based on the EU-U.S. Data Privacy Framework. Akamai has valid certification and thus demonstrates a sufficient level of protection.
Details of the certification can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000Gn4RAAS&status=Active
For more information on Akamai's terms of use for the processing of personal data and Akamai's Privacy policy, please visit https://www.akamai.com/de/de/privacy-policies/.
Matomo Analytics
LexCom web services may use "Matomo Analytics" (formerly "Piwik"), a
service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New
Zealand, NZBN 6106769, to analyse your use of our web services
("Matomo").
We have configured Matomo so that the use of cookies is deactivated and
your IP address is only processed in truncated form. This means that we
are unable to identify you personally.
Google Cloud Platform / Gemini
We use proprietary language and image processing models to process data via AI services. Currently, Gemini models in versions 2.0 and/or 2.5 are used for this purpose. We reserve the right to update these models to newer versions or successor models from the same provider (Google) in the future for security and performance reasons. Processing takes place within the Google Cloud Platform (GCP) with data residency in the European Union (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Data is processed exclusively in accordance with the applicable data protection regulations; personal data is not transferred to third countries and external AI models are not trained with this data.
For more information on Google's terms of use for the processing of personal data and Google's privacy policy and terms of use, please visit:https://policies.google.com/privacy
The duration of the storage of personal data is determined by the relevant statutory retention periods (e.g. under commercial and tax law). After the respective period has expired, the corresponding data is routinely deleted. If data is required for the fulfilment or initiation of a contract, or if we have a legitimate interest in further storage, the data will be deleted when it is no longer required for these purposes or when you have exercised your right of revocation or objection.
Under the applicable data protection laws, you have the right to obtain information about your data (Art. 15 GDPR), to have it corrected (Art. 16 GDPR) or deleted (Art. 17 GDPR) or to restrict its processing (Art. 18 GDPR) and to data portability (Art. 20 GDPR).
If you have any further questions about privacy when using the LexCom website and/or LexCom services, or if you wish to assert the aforementioned rights, please contact our data protection officer directly:
LexCom Informationssysteme GmbH
– Data Protection Officer –
Rüdesheimer Str. 23
80686 Munich
privacy@lex-com.net
You also have the right to complain to a supervisory authority responsible for privacy if you believe that LexCom is not complying with applicable privacy laws.
If we process your personal data on the basis of legitimate interest pursuant to Art. 6 (1) f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If you wish to exercise your right of withdrawal or objection, simply send an email to privacy@lex-com.net.