The protection of your personal data is of particular importance to us.
“We” generally refers to LexCom Informationssysteme GmbH. If you have entered into a user agreement with us in the United Kingdom, your contractual partner may also be LexCom Information Systems Ltd, depending on the content of the contractual documents.
This privacy policy applies to both LexCom Informationssysteme GmbH and LexCom Information Systems Ltd (hereinafter jointly referred to as “LexCom”).
With this privacy policy, we wish to inform you about how LexCom processes your personal data when you use the various ETKA modules (hereinafter collectively referred to as “ETKA Services”)
ETKAlocal
ETKA-Software Server
ETKA Web (www.etka.com)
ETKAmobile (www.etkamobile.com)
This privacy policy supplements the General Terms and Conditions applicable to the use of ETKA.
LexCom Munich
LexCom Informationssysteme GmbH
Rüdesheimer Str. 23
80686 Munich
LexCom UK
LexCom Information Systems Ltd
Unit C3 Arena Business Centre
9 Nimrod Way
Wimborne, BH21 7UH
United Kingdom
You can contact the Data Protection Officer by emailing privacy@lex-com.net.
This privacy policy generally uses the official terms of the GDPR. The official definitions are set out in Article 4 of the GDPR.
LexCom adheres to the following principles when protecting your personal data in connection with the use of ETKA services:
LexCom collects, processes and uses your personal data in accordance with the relevant data protection laws of the European Union (in particular the EU General Data Protection Regulation – GDPR) and the Federal Republic of Germany.
LexCom uses your personal data primarily to enable you to use the ETKA services. In these cases, processing takes place for the purpose of fulfilling the contract on the basis of Article 6(1)(b) of the GDPR. In addition, LexCom may process the data for other purposes where necessary. Any further processing takes place exclusively on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR, or with the consent of the ETKA user pursuant to Article 6(1)(a) of the GDPR. In such cases, your data will be processed in an anonymised or pseudonymised form wherever possible.
In cases where personal data is processed by a data processor or transferred to a third party, processing shall always take place solely on the basis of a data processing agreement pursuant to Article 28 of the GDPR, on the basis of standard contractual clauses in the event of a transfer to third countries pursuant to Article 46 of the GDPR, or on the basis of a legitimate interest pursuant to Article 6 (1)(f) of the GDPR.
LexCom will delete the following data as soon as there is no longer any legitimate interest or legal basis for processing this data and provided that there are no statutory retention obligations.
It is possible to purchase licences for the use of the various ETKA services. For an initial order, this is done via an order form. Depending on the user’s brand and location, the order can be submitted either directly to LexCom or to the relevant/responsible importer.
In this context, LexCom must process certain personal data from you (hereinafter referred to as “order data”). In the course of this, personal data is processed by LexCom either directly or via forwarding by the importer to LexCom.
This initially includes the following data:
(Company) master data
Dealer ID
Contact details (telephone number/email address)
Licence order
Payment details
LexCom processes this personal data, in particular in the following cases, to fulfil your contract and to provide the ETKA services in accordance with Article 6(1)(b) of the GDPR:
To register you as a user in the ETKA system, set up a user account and grant you the relevant access to user management. This is necessary to enable you to make full use of the ETKA services.
For the purpose of delivery, in particular
To send you, as the purchaser, the login details, e.g. by email.
To grant you access to the software/the ‘Downloader’ using your login details, which you wish to download and install in order to use ETKA Local.
Additional/accompanying hardware, e.g. LexCOMbox
To process (further) licence orders
To provide you with important information regarding the existing contractual relationship (such as announcements of new software versions and key features) and to assist you with any queries regarding payment and contract processing.
To be able to identify and contact you for the purposes of customer service
In addition, LexCom may use this personal data for the following further purposes on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR:
To send you news and help topics regarding the use of the ETKA services you have licensed.
To send you offers and promotions exclusively for our own or similar goods and/or services.
To survey you regarding your use of and satisfaction with the ETKA services.
For internal evaluation by LexCom for the purpose of product development in the customer’s interest and/or for forwarding to dealers/order recipients, manufacturers and/or importers for the purpose of sales optimisation and performance measurement. In these cases, personal data will only be processed on the basis of your consent and will otherwise be pseudonymised/anonymised, unless the legitimate interest also encompasses the processing of your data in plain text.
Users who are registered in the system as account administrators (“admin”) are free, following their initial order/registration, to log in to www.etka.com using their login details and to create additional users from their own organisation within the system with the appropriate permissions. These users will then receive their individual login details at the email address provided by the admin. LexCom processes this user data for the purpose of providing ETKA on the instructions of the account administrator in accordance with Article 6(1)(b) of the GDPR. LexCom will also automatically deactivate users created by the admin after a period of inactivity of at least 3 months for security reasons. This status can be changed by the admin at any time. The data protection responsibility for all additional users, in particular obtaining the users’ consent as well as updating and deleting user data, lies with the account administrator.
Where necessary, LexCom processes your payment details, such as bank and credit card details, for the purposes of payment processing and billing in accordance with your chosen payment method.
For the initial purchase of licences to use the ETKA services, various payment options are available to you, depending on your country:
Invoice via bank transfer
Direct debit
Payment by credit card: To process credit card payments, LexCom transfers your payment details to the service provider Ayden (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands) to the extent necessary for further processing. In doing so, LexCom ensures that your credit card details are processed in accordance with the PCI-DSS security standard. This means, amongst other things, that your credit card details are never stored in plain text by LexCom.
The processing of your payment data by LexCom is necessary for the performance of your contract with LexCom, see Article 6(1)(b) of the GDPR. LexCom requires this information to bill you for LexCom services and to be able to contact you regarding payment and contract processing.
When purchasing further/additional licence orders for the use of ETKA services, we will adjust the invoicing accordingly. During the ordering process, you confirm via a tick box, in the sense of consent pursuant to Article 6(1)(a) of the GDPR, the adjustment of your invoicing and the associated processing of your stored payment details.
The Vehicle Identification Number (VIN) is personal data within the meaning of the GDPR. The VIN is processed in connection with the use of ETKA services.
In order to provide VIN-specific parts identification and, where applicable, for further ETKA services, it is necessary to process the VIN you have entered and/or transmit it to Volkswagen services to ensure the correct provision of content. This processing may take place within the framework of data processing on behalf of a client. If Volkswagen further processes the transmitted data for its own purposes, this processing is carried out under its own responsibility under data protection law . The legal basis for the processing is the performance of a contract in accordance with Article 6(1)(b) of the GDPR.
Furthermore, LexCom may process data for its own purposes, such as product development, the detection of unauthorised use or for evaluation purposes in accordance with Article 6(1)(f) of the GDPR, and may process or transmit such data to manufacturers/importers where applicable. In such cases, personal data is generally pseudonymised or anonymised. Otherwise, the processing of your personal data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR.
The VIN is also processed when creating parts lists for spare parts orders (see Chapter 8 “ETKA parts lists”).
As an ETKA user, you have the option of creating so-called parts lists to initiate spare parts orders, exporting these manually and subsequently importing them into the merchandise management system (DMS). Alternatively, there is the option of automated transfer to the DMS via various interfaces, such as the LexCom standard interface or “COMbox”. In connection with the parts list upload, personal data may also be processed for the purpose of synchronisation between the platforms.
In this context, the VIN and, where applicable, other personal data (such as customer name, customer reference, etc.) are processed. This depends on the information provided when creating the material slips.
The legal basis for the processing of personal data in this context is Article 6(1)(b) of the GDPR.
In addition, every material slip created, including the VIN, is automatically transmitted to LexCom and further processed for its own purposes of product development. The VIN and other personal data are removed or anonymised for further processing. Processing in this context is carried out in accordance with Article 6(1)(f) of the GDPR.
In addition to processing material requisition forms, it is also possible to receive orders from so-called independent garages via the LexCom web service www.partslink24.com (“partslink24”). As an ETKA user, you will automatically be granted access to this function and to partslink24.
Orders can be viewed and processed via the central order management system linked in ETKA and integrated into partslink24.
In partslink24, you can initially view incoming and outgoing orders and maintain master data. If you have taken out a paid subscription to partslink24 , you can also use the available spare parts catalogues.
The processing of your data in this context is carried out in accordance with the partslink24 Terms and Conditions and Privacy Policy. You can access these at www.partslink24.com under ‘Terms and Conditions’ or ‘Privacy’.
When using ETKA, users have the option of taking photos of spare parts or vehicles via the “ETKA Community” and making these available to other ETKA users (“Community Pictures”). The uploaded photos are stored on LexCom’s servers. In addition, users have the option to compile and upload typically related spare parts as “Favourites” or to select from favourites created by others (“Community Kits”).
The following personal data may be processed for this purpose:
IP address
User ID/Company ID
Username
Session-ID
VIN
Number plate
Date, time and location of the uploaded photos
PC/device name
Image metadata
LexCom requires the image metadata to detect unlawful and/or abusive use of the ETKA services. Personal data is only subject to analysis if there is reasonable suspicion of unlawful use of the ETKA services by a specific user account. This analysis serves to protect the ETKA services and the data they contain, as well as to protect ETKA users and their data from misuse and attacks.
The processing of data for the above-mentioned purposes is carried out to provide the service in accordance with Article 6(1)(b) of the GDPR, as well as on the basis of LexCom’s legitimate interests in accordance with Article 6(1)(f) of the GDPR.
Unless a longer retention period is permitted, e.g. for the enforcement of legal claims, the log files are stored in our data centre for 6 months and then automatically deleted.
In addition, you have the option of creating so-called notes in ETKA. These are text notes created by you, which you can attach to researched VINs, image tables or part numbers at various points within the ETKA application and which are automatically displayed when the respective VIN/part number is searched for (again). To a certain extent, you can also attach files to your notes. All notes you create, including attachments, are visible to all users of your ETKA account and are stored by LexCom until you remove the note. The legal basis for this processing is the provision of this function in accordance with Article 6(1)(b) of the GDPR.
If you download images via your browser whilst using ETKA, these are automatically saved as temporary files on your PC/device. These downloaded files may, under certain circumstances, contain personal data. The temporary files are not automatically deleted. If necessary, they can be deleted manually or, alternatively, via a deletion routine set up in your browser.
Via the so-called Supportweb, you as a user can open support tickets which, depending on the selected category/topic as well as the country and brand, are automatically forwarded to the relevant importer or their responsible department. However, this requires you to have previously registered in the ETKA system.
To process your enquiry, your account/dealer ID, username, VIN, contact details, employee data and metadata, amongst other things, may be processed. This data is primarily processed for the purpose of handling and responding to your enquiry by the importer in accordance with Article 6(1)(b) of the GDPR.
In addition, the data may be analysed internally by the responsible importer and/or manufacturer, for example to determine the number of tickets relating to a specific topic.
Furthermore, tickets created may be transmitted to LexCom and analysed for the purpose of further developing and optimising our support services. Personal data is processed in this context only on the basis of consent in accordance with Article 6(1)(a) of the GDPR, or is removed or anonymised where possible. Processing then takes place in accordance with Article 6(4)(e) of the GDPR.
As described below, LexCom processes data regarding the extent and manner of your use of the ETKA services (hereinafter referred to as ‘usage data’). This includes, for example, the following data:
Searching and navigating within the manufacturer catalogues
Use of functions, buttons, tabs, etc.
Creation of notes on vehicles and parts
Uploading photos to chassis numbers, parts, etc.
Generation of material sheets and placing of orders
Type and scope of vehicles searched for based on entered chassis numbers (VIN)
Click tracking, e.g. copying spare part numbers
This usage data may be analysed for specific purposes, e.g. to measure the relevance or success of the function or – in the event of non-use – to identify potential issues. These analyses are always used exclusively for the purposes of measuring success and usage, as well as for product and sales optimisation in the customer’s interest, and constitute a legitimate interest of LexCom pursuant to Article 6(1)(f) of the GDPR. Personal data is not subject to evaluation and is pseudonymised or anonymised wherever possible. The usage behaviour of specific accounts or users is not analysed at any time.
Furthermore, LexCom may also continuously analyse usage data to detect unlawful and/or illegitimate use of LexCom services. Personal data is only subject to analysis if there is reasonable suspicion of illegitimate use of LexCom services by a specific user account. This analysis serves to protect the LexCom services and the data contained therein, as well as to protect LexCom users and their data from misuse and attacks, and thus constitutes a legitimate interest of LexCom pursuant to Article 6(1)(f) of the GDPR.
LexCom may also analyse usage data in anonymised form and use it for training purposes to further develop and optimise its own support and AI systems. Individual users are not identified in this process. Processing is carried out on the basis of Article 6(1)(f) of the GDPR.
If you send us enquiries via email, we will store your details and the personal data you provide there, including any files you may have uploaded. This is to process your enquiry and in the event of follow-up questions.
You also have the option of sending us enquiries via the contact form at www.ETKA.com. If you submit an enquiry after Login, your stored personal data – specifically your username and ETKA-ID – will be automatically entered into the contact form. These fields are mandatory and are required to match incoming enquiries with the relevant customer. You can change or delete the automatically entered data at any time in the user management section before submitting your enquiry.
However, no personal data is automatically collected before you log in to www.ETKA.com. Providing this data is then voluntary/optional.
We will not pass on your data under any circumstances without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR and Article 6(1)(b) of the GDPR, provided that your enquiry is aimed at concluding a contract or that your enquiry concerns the contractually owed provision of customer support for existing customers.
Your data will be deleted once your enquiry has been fully processed, provided there are no legal retention obligations or a legitimate interest pursuant to Article 6(1)(f) of the GDPR, in particular for the purpose of assessing post-contractual claims. In the case of Article 6(1)(f) of the GDPR, you may object to the processing of your personal data at any time.
"Cookies" are small files that enable us to store specific information relating to you, the user, on your PC or other device whilst you are using the ETKA services. Cookies help, for example, to determine the frequency of use and the number of users of web services, to analyse usage behaviour on websites, to enhance security, and to make web services as convenient, efficient and interesting as possible.
Once you have logged in (using your ETKA-ID, username and password), the ETKA services use so-called “session cookies”, which allow you to be identified for the duration of your visit. Session cookies expire automatically at the end of the session, i.e. they are deleted.
You may be able to disable the storage of cookies in your browser, restrict it to certain websites, or set your browser to notify you as soon as a cookie is sent. You can also delete cookies from your device at any time. Please note, however, that it is not possible to use the ETKA services if user cookies are rejected.
We use so-called pixels, web beacons, clear GIFs or similar mechanisms (“pixels”). A pixel is an image file or a link to an image file that is inserted into the website code but is not stored on your device (e.g. computer, smartphone, etc.). Pixels enable us, for example, to determine the browser used or the screen resolution. We do not establish any personal reference when using pixels. Nor does any personal tracking take place. Pixels usually work in conjunction with cookies. If you have disabled cookies, the pixel will merely detect an anonymous website visit.
Every time the ETKA services are accessed, access data is stored in log files.
The data records stored in this way contain, in particular, the following data (hereinafter collectively referred to as ‘log files’):
the IP address
the ETKA-ID
the username
the Session-ID
the time of Login
Cookies
VIN
PC/device name
URLs accessed, including content sent to the server
DMS requests and responses
LexCom requires the log files, on the one hand, to identify and rectify technical errors, e.g. broken links or software bugs, i.e. for the further development of the ETKA services.
Secondly, LexCom may use the log files to analyse the use of the ETKA services (e.g. specific functions) in more detail. This processing also serves exclusively to further develop the ETKA services in the customer’s interest. At no point is the usage behaviour of specific accounts or users analysed. Where possible, personal data is pseudonymised and/or anonymised.
Furthermore, LexCom may continuously analyse the log files to detect unlawful and/or abusive use of the ETKA services. Personal data is only subject to evaluation if there is reasonable suspicion of illegitimate use of the ETKA services by a specific user account. This evaluation serves to protect the ETKA services and the data contained therein, as well as to protect ETKA users and their data from misuse and attacks.
These are therefore the legitimate interests of LexCom, the protection of which requires the processing of your aforementioned personal data (Art. 6(1)(f) GDPR).
Unless a longer retention period is permitted, e.g. for the enforcement of legal claims, the log files are stored in our data centre for 6 months and then automatically deleted.
The ETKA services are predominantly hosted on the controller’s own internal servers.
In some cases, ETKA services may also be hosted by Amazon Web Services, EMEA SARL, Axel-Springer-Platz 3, 20355 Hamburg (hereinafter: AWS). Your personal data is processed on AWS’s servers. Depending on your place of business or residence, these are located either in the EU or in another country outside the USA.
The transfer of your personal data to AWS is based on the EU-US Data Privacy Framework. As a subsidiary of Amazon.com, Inc., AWS holds a valid certification and thus demonstrates an adequate level of protection.
Details of the certification can be found here:
https://www.privacyshield.gov/ps/participant?id=a2zt0000000TOWQAA4
Further information can be found in the AWS Privacy Policy: https://aws.amazon.com/privacy/?nc1=h_ls.
The legal basis for the processing is Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our services operate as efficiently and reliably as possible.
Support provided by LexCom’s foreign subsidiaries
We process the personal data listed in the previous sections within the European Union and, where necessary, on our behalf (in particular to provide support) in Brazil, China, Japan, the USA, Mexico and the United Kingdom. Processing in these third countries takes place exclusively on the basis of an EU adequacy decision or EU Standard Data Protection Clauses in accordance with Article 46 of the GDPR. You can view these at the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Analysis of web traffic by Akamai
In addition, your personal data listed in the previous sections is processed by Akamai Technologies Inc. (“Akamai”) through the integration of Akamai’s delivery, security and analytics services.
Firstly, traffic to the ETKA web services is routed via Akamai’s servers in order to deliver the ETKA web services quickly, reliably and securely, to analyse them for malware and to prevent unauthorised access to them. This processing is carried out on behalf of LexCom on the basis of its legitimate interest pursuant to Article 6(1)(f) of the GDPR.
Secondly, Akamai also processes your data on its own behalf in the form of generated log files. These may contain personal data in the form of IP addresses and analyses of your usage behaviour of the LexCom web services and are used in particular for security analyses and to detect malicious patterns for the further development of Akamai’s services. Akamai does not use this data to identify natural persons or for profiling natural persons.
The transfer of your personal data to Akamai is based on the EU-U.S. Data Privacy Framework. Akamai holds a valid certification and thus demonstrates an adequate level of protection.
Details of the certification can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000Gn4RAAS&status=Active
Further information on the terms of use regarding the processing of personal data by Akamai and on the Akamai Privacy Policy can be found at https://www.akamai.com/de/de/privacy-policies/.
Matomo Analytics
The ETKA services may use the open-source software “Matomo Analytics” (formerly “Piwik”), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, to analyse your use of our web services (“Matomo”).
We have configured Matomo so that the use of cookies is disabled and your IP address is processed exclusively in truncated form. Consequently, we are unable to identify you personally.
Vimeo
LexCom uses the external service Vimeo to upload videos and make them available to you. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit a page with an integrated Vimeo plugin, a connection to Vimeo’s servers in the USA is not established immediately. Instead, a local image (“thumbnail”) is loaded to preview the video, and Vimeo is identified as a third-party provider. As a user, you must actively start the Vimeo video. Only then does Vimeo obtain the IP address of your device and the page containing the Vimeo video that you have just visited, even if you are not logged in to the video portal or do not have an account there.
Furthermore, Vimeo can link your browsing behaviour directly to your personal profile. You can prevent this by logging out beforehand.
The use of Vimeo only takes place with your consent through your active playback of the video within the meaning of Article 6(1)(a) of the GDPR.
As personal data may be transferred to the USA, further safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, Vimeo uses standard data protection clauses in accordance with Article 46(2)(c) of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. Details on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy
In addition, LexCom has supplemented the Vimeo embed code with the parameter dnt=1, which prevents the setting of cookies. See https://vimeo.zendesk.com/hc/en-us/articles/360001494447-Using-Player-Parameters for further details.
Vimeo videos embedded on our site may automatically include the Google Analytics tracking tool. We have no influence over this embedding or the analysis results collected through it, nor can we view them.
The duration of the storage of personal data is determined by the relevant statutory retention periods (e.g. under commercial law and tax law ) and, where applicable, by legitimate interest, e.g. for the examination of post-contractual claims. Once the relevant period has expired, the corresponding data is routinely deleted. Where data is required for the performance of a contract or for entering into a contract, or where we have a legitimate interest in continuing to store the data, the data will be deleted once it is no longer required for these purposes or once you have exercised your right of withdrawal or right to object.
Under the applicable data protection laws, you have the right to access your data (Art. 15 GDPR), to have it rectified (Art. 16 GDPR) or erased (Art. 17 GDPR), or to restrict its processing (Art. 18 GDPR), as well as the right to data portability (Art. 20 GDPR).
If you have any further questions regarding Privacy when using the LexCom website and/or LexCom services, or if you wish to exercise the aforementioned rights, please contact our Data Protection Officer directly:
LexCom Informationssysteme GmbH
– Data Protection Officer –
Rüdesheimer Str. 23
80686 Munich
privacy@lex-com.net
You also have the right to lodge a complaint with a supervisory authority responsible for Privacy if you believe that LexCom is not complying with applicable Privacy laws.
Where we process your personal data on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right, pursuant to Article 21 of the GDPR, to object to the processing of your personal data, provided this is for reasons arising from your particular situation. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
If you wish to exercise your right of withdrawal or right to object, simply send an email to , privacy@lex-com.net or .