Data Protection

General information

The data controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

smart Europe GmbH
Esslinger Str. 7, 70771 Leinfelden-Echterdingen, Germany

The body, which alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar) is the natural or legal person of smart Europe GmbH.

Data protection officer required by law

A responsible data protection officer has been designated for our company:

Katja Green
DEKRA Assurance Services GmbH
Handwerkstraße 15, 70565 Stuttgart

1. Hosting and Content Delivery Networks (CDN)

This web application is hosted by smart Europe GmbH, Esslinger Str. 7, 70771 Leinfelden-Echterdingen, Germany and our service providers (hoster). The personal data, collected on this web applications, is stored on the servers of the hosters in the EU (currently Frankfurt, Germany). This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The hosters are used for the purpose of contract fulfillment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfill the respective service obligations and follow our instructions regarding this data.

To ensure data protection-compliant processing, we have concluded an order processing contract according to Art. 28 GDPR with our hoster.

2. Privacy Policy

We are pleased about your visit to our web applications and your interest in our offers. The protection of your personal data is an important concern for us. In this privacy policy, we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and what rights and claims are associated with it for you.

The privacy policy for the use of our web applications does not apply to your activities on websites of social networks or other providers that are accessible via links on our web applications. Please check the websites of these providers for their privacy policies.

3. Collection and processing of your personal data

When you visit our web applications, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g., whether you were able to access a web application or received an error message), the use of functions of the web application, the search terms you may have entered, the frequency which you access individual contents, the name of accessed files, the amount of data transferred, the website from which you accessed our web application, and the website you visit from our web applications, whether by clicking on links provided by us or by entering a domain directly in the input field of the same tab (or window) of your browser, in which you have opened our web application. We also store your IP address and the name of your Internet service provider for a period of seven days for security reasons, in particular to prevent and detect attacks on our applications or fraud attempts.

We only store other personal data if you provide us such data, e.g. in the context of a registration, a contact form, a chat, a survey and also in these cases only to the extent that we are permitted to do so on the basis of a consent granted by you. When requesting a price quote, initiating a contract or for contract processing, Art. 6 (1) lit b GDPR is the legal basis for the processing.

4. Purposes of use of personal data

  • We use the collected personal data when you visit our web applications to operate them as conveniently as possible for you and to protect our IT systems from attacks and other illegal activities.
  • If you provide us further personal data, e.g. in the context of a registration, a chat, a contact form, a survey, or a lottery we will use this data for the before mentioned purposes.
  • For the execution of a contract as well as for customer administration reasons and – if necessary – for the execution and settlement of any business transactions, we use the data in each case only to the extent necessary for this purpose.
  • For other purposes (e.g. display of personalized content or advertisements based on your usage behavior), we and, if applicable, selected third parties will use your data.
  • In addition, we use personal data insofar as we are legally obligated to do so (e.g. storage for the fulfillment of commercial or tax law retention obligations, release in accordance with official or court orders, e.g. to a law enforcement agency).
  • Below we list the legal basis and purposes for the processing of personal data:


5. Transfer of personal data to third parties

Our web applications may also contain third-party offers. If you click on such an offer, we will transfer data to the respective provider to the extent necessary (e.g., information, that you found this offer on our website and, if applicable, further information that you have already provided for this purpose on our websites).

We also use qualified service providers (e.g. IT service providers, marketing agencies) to operate, optimize and secure our web applications. We only pass on personal data to them insofar as this is necessary for the provision and use of the web applications and their functionalities, for the pursuit of legitimate interests, for the fulfillment of legal obligations or insofar as you have consented to this (see section 7).

6. Cookies

Cookies may be used when visiting our web applications. Technically, these are so-called HTML cookies and similar software tools such as web/DOM storage or local shared objects (so-called "flash cookies"), which we refer to collectively as cookies.

Cookies are small text files that do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your personal device until you delete them by yourself or until they are automatically deleted by your web browser.

Cookies are stored on your desktop, notebook or mobile device when you visit our web applications. From this, we can recognize, for example, whether there has already been a connection between the device and our application, take into account your preferred language or other settings, offer you certain functionalities (e.g. online store offers, vehicle configurations) or recognize your interests on a usage basis. Cookies may also contain personal data.

The question of which and whether cookies are used when you visit our web applications depends on which areas and functions of our applications you use and to what extent you have consented to the use of cookies that are not technically necessary in our Consent Management System.

The use of cookies also depends on the settings of the web browser you are using (e.g. Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies; however, you can usually change this settings. You can delete existing cookies at any time. You can delete Web/DOM storage and Local Shared Objects separately. How this works in the browser or device you are using, you can find out in the instructions of the respective manufacturer.

The consent (= approval) to as well as the rejection or deletion of cookies are tied to the device being used and also to the web browser being used in each case. If you use multiple devices or web browsers, you can make the decisions or settings differently for each.

If you decide against the use of cookies or delete them, it is possible that not all functions of our web applications or individual functions will be available to you only to a limited extent.

This web application uses a special cookie consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies in advance in order to document this consent in a data protection compliant manner.

We have concluded a contract on the commissioned data processing with the provider of the cookie consent technology according to Art. 28. GDPR.

7. Server-Log-Files

The providers of the pages automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

IP address (Internet protocol address) of the terminal device from which the online offer is accessed;

Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);

Name of the service provider through whom the online offer is accessed;

Name of the files or information accessed;

Date and time as well as duration of the retrieval;

Amount of data transferred;

Device (PC, mobile, other), operating system and information on the Internet browser used, including installed add-ons (e.g. for the Flash Player);

http status code (eg "request successful" or "requested file not found").

The above data is stored in the log files without your full IP address, so that no conclusions can be drawn about your IP address.

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website for this purpose, the server log files must be collected.

8. Technical and organizational security measures

We use technical and organizational security measures to protect the data we manage against manipulation, loss, destruction and against access by unauthorized persons. We continuously improve our security measures in line with technological developments and possibilities.

9. SSL resp. TLS encryption

Our web applications use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests, etc. that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Legal basis of data processing

If you have given us your consent for the processing of your personal data, this will be the legal basis for the processing (Art. 6 para. 1 letter a GDPR)

For the processing of personal data for the purpose of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.

Insofar as the processing of your personal data is necessary for the fulfillment of our legal obligations (e.g. for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 lit. c GDPR.

In addition, we process personal data for the purposes of safeguarding our legitimate interests as well as the legitimate interests of third parties pursuant to Art. 6 (1) (f) GDPR.

Maintaining the functionality of our IT systems, the (direct) marketing of our own and third-party products and services (unless this is done with your consent) and the legally required documentation of business contacts are such legitimate interests. We take into account in particular the type of personal data, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal data as part of the respective necessary balancing of interests.

11. Right to restrict the processing of personal data

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

If you dispute the correctness of your personal data stored by us, we usually need time to verify this. For the duration of the review, you are entitled to request the restriction of the processing of your personal data.

If the processing of your personal data was/is being done unlawfully, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but require it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of the deletion.

If you have raised an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data has been restricted, these data - apart from their storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a authorized member state of Europe.

12. Deletion of your personal data

We delete your IP address and the name of your Internet service provider, which we store for security reasons, after seven days.

Otherwise, we delete your personal data as soon as the purpose for which we collected and processed the data no longer applies. Beyond this point in time, storage only takes place insofar as this is required in accordance with the laws, regulations or other legal provisions to which we are subject, in the EU or in accordance with legal provisions in third countries, if an appropriate level of data protection is provided there in each case.

Insofar as deletion is not possible in individual cases, the relevant personal data will be marked with the aim of restricting its future processing.

13. Rights of the data subject

As a data subject, you have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), data erasure/deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

Right to information, correction, restriction, transfer, blocking, deletion:

          You have the right to free information about your stored personal data, the origin of the data, their recipients and the purpose of the data processing and a right to correction, restriction, transfer, blocking and deletion of this data at any time within the framework of the applicable legal provisions.

Revocation of consent to data processing:

          If you have consented to the processing of your personal data by us, then you have the right to cancel your consent at any time. The legality of the processing of your personal data until a revocation is not affected by the revocation. Likewise, further processing of this data on the basis of another legal basis, such as for the fulfillment of legal obligations (see section "Legal bases of processing"), remains unaffected.

Right of protest (Art. 21 GDPR):

          You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) or Article 6(1)(f) GDPR (data processing on the basis of a balance of interests).

          If you object, we will only continue to process your personal data insofar as we can demonstrate compelling legitimate grounds for doing so that override your interests, rights and freedoms, or insofar as the processing serves the assertion, exercise or defense of legal claims.

          If we process your personal data for the purpose of direct marketing to protect legitimate interests on the basis of a balance of interests, you also have the right to object to this at any time without stating reasons.

 We ask you to send your claims or explanations to the following contact address, if possible:

Right to lodge a complaint with the competent supervisory authority:

If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

The responsible data protection supervisory authority is:

State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg
Dr. Stefan Brink
Address: Lautenschlagerstraße 20, D- 70173 Stuttgart
Postal address: Postfach 10 29 32, 70025 Stuttgart
Telephone: +49 711/61 55 41-0

14. Newsletter

If you subscribe to a newsletter, offered on our website, the data provided during the newsletter registration will only be used for shipping of the newsletter, as far as you do not agree to a further use. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe proactive from the mailinglist. Your data will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings.

The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both – your and our interest – in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR).

15. Data transmission to recipients outside the European Economic Area

When using service providers (see section 1.) and passing on data to third parties based on your consent (see section 5.), personal data may be provided to recipients in countries outside the European Union ("EU"), Iceland, Liechtenstein,Norway (= European Economic Area), USA and Indiaare transferred and processed there..

In the following countries, from the EU's point of view, there is an adequate level of personal data protection (so-called "adequacy"), in compliance with EU standards: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. We agree with recipients in other countries on the use of EU standard contractual clauses or binding corporate rules to create an "adequate level of protection" according to legal requirements. For more information, please contact us:


The area of ​​data protection is subject to frequent changes that make it necessary to adapt our data protection declaration. Please check our website at regular intervals to keep track of the changes. Our data protection officer is available to answer your questions:


Status: August 2021