inSyca has implemented a variety of technical and organizational measures in order to protect your personal data, in particular against random or intentional manipulation, loss, destruction and access by unauthorized persons. These security measures will be continually adapted in accordance with technological developments. The transfer of personal data between your computer and our server invariably takes place by encrypted connection (Secure Socket Layer (SSL)).

The data you provide when you register to receive our newsletter are used solely for that purpose. Subscribers can also receive e-mail updates concerning circumstances that are relevant to the service or the registration (for instance, changes to the newsletter offer or technical matters).

For the registration to be effective, we require a valid e-mail address. In order to verify that the registration is carried out by the owner of the e-mail address, we implement the double opt-in method. To this end, we log the order of the newsletter, the sending of a confirmation e-mail and receipt of the reply requested in that e-mail. No further data are collected. The data are used solely for the newsletter distribution and are not passed to any third party.

You can withdraw your consent at any time to the storage of your personal data and their use for newsletter distribution. Each newsletter contains a link which you can use for this purpose. In addition, you can also unsubscribe directly on this website at any time or send us your request to that effect using the contact details in this privacy policy.

When you contact us by e-mail or by using the contact form, the information provided by you is saved for the purpose of processing the enquiry and for possible follow-up questions.

Some new browsers use “Do not track” functions. If this is the case, our website may not respond to “Do not track” requests or may be unable to retrieve the headers of such browsers. To find out more about what your settings are and about whether you want to deny certain providers access to your information, please click here for the US, here for Canada, and here for Europe (please note that opting out will not mean that you are no longer displayed any advertising at all. Rather, you will still receive generic advertising).

Visits to our website may result in information being stored on your computer in the form of “Cookies”. Cookies are small text files that are copied from a web server onto your hard disk. Cookies contain information that can later be read by a web server within the domain in which the cookie was assigned to you. Cookies cannot execute any programmes or infect your computer with viruses. The cookies used by us neither contain personal data nor are they connected to any such data.

Most of the cookies used by us are so-called session cookies, which are required in order to maintain consistency during your visit, for example by ensuring that the preferences you entered as part of a registration for an event, as well as any other information entered, are remembered for the duration of your session. We also need session cookies in order to ensure that any offers (e.g., promotional offers) you click on are assigned to your request. Session cookies are automatically deleted after each session. We furthermore use cookies in order to determine, when you pay return visits to our website, whether you are interested in certain types of offers. This enables us to be more targeted about the offers we show you on our website. If you are already registered with us and have a customer account, it will be possible for us to compare the information recorded by the cookies used with the information known to us. This in turn enables us to tune our offers more finely to your needs and wishes. These cookies have a lifespan of one year, after which they are automatically deleted. We also need cookies for purposes of settling accounts with our advertising partners, because cookies are able to record the page or promotional campaign that led the customer to us. As with other data, we record this data exclusively in abstract form so as to ensure that it cannot be used to identify the data subject. A cookie of this type has a lifespan of 31 days.

You have the opportunity to accept or to reject cookies. Most web browsers accept cookies automatically. Generally, however, you will be able to adjust your browser settings so as to reject cookies. If you opt to reject cookies, you may find that you are unable to use some of the website’s functions. If you accept cookies, you can opt to delete such accepted cookies at a later point in time. You can delete cookies in Internet Explorer 8 by selecting “Tools” > “Delete Browsing History” and then clicking on the button “Delete Cookies”. If you delete the cookies, all settings controlled by these cookies, including advertising settings, will be deleted, possibly irrecoverably.

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above.

Further information can be found at www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). We would like to point out that the code "gat._anonymizeIp();" has been added to Google Analytics on this website to ensure anonymous collection of IP addresses (so-called IP masking). Under https://tools.google.com/dlpage/gaoptout?hl=en-GB you will find instructions for deactivating Google Analytics Services.

Advertising shown by us is based on the interest in products our customers previously exhibited. We record information about our customers’ surfing patterns for purposes of providing them with interest-based online advertising. For this, cookies are stored on the respective user’s computer; these contain a multiple-digit identification number. If you do not agree with having your user behavior analyzed, you can adjust your browsers settings so as to prevent analysis cookies from being set. Please note, however, that this may prevent you from being able to use in full all the functions of this website.

The search engine program Google AdWords, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google), facilitates the systematic display on our website of advertising based on Google search terms. For this, Google sets a cookie in the user’s browser as soon as an advert appearing in the Google search or advertising network is clicked on.

For options on how to object to such tracking, please go to: https://www.google.com/ads/preferences.

Through its AdWords cookie-based conversion methods, Google can measure the number of people who, after clicking on an AdWords advert, went on to purchase or use the product/service offered. To the extent that Google Ads link to offers from this website, this website will receive statistics from Google about the number of purchases made after clicking on the respective Google AdWords advert.

The options for disabling this tracking function are as follows: You can adjust your browser so as to block the setting of cookies by the domain googleadservices.com or by third parties in general. You can also delete the Google conversion cookie in your browser’s cookie settings.

This website uses Google Remarketing on the basis of Doubleclick, another Google Inc service, to display interest-based advertising. The process of reviewing the pages shown and of allocating adverts is based on a pseudonymous identification number in the Doubleclick cookie. The cookie-generated information about the pages shown is then transferred to and stored on Google servers for evaluation purposes. To read the Google Privacy Policy, please go to https://www.google.de/policies/privacy.

For options on how to object to such tracking, please go to: https://www.google.com/ads/preferences

In order to depict our content correctly and in a graphically appealing way across browsers, we use script libraries and font libraries such as Google Webfonts on this website. Google Webfonts are transferred into your browser cache to avoid multiple loading. If the browser does not support Google Webfonts or prevents access, content will be displayed in a standard font. The retrieval of script libraries or font libraries automatically triggers a link to the operator of the library. It is theoretically possible here, although it is currently unclear whether or not and for what reasons, that operators of corresponding libraries may collect data. The data protection policy of the library operator Google can be found here: https://www.google.com/policies/privacy

If you have any questions on data protection, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.. You can also contact our data protection officer at the following address: inSyca GmbH, Datenschutzbeauftragter, Kronstadter Strasse 4, DE 81677 München.

A large part of the personal data we collect directly from you or the data arises directly on the basis of the respective business relationship. However, in the context of the processing operations referred to in inSyca for data processing purposes, it may be necessary to use personal data from other sources. Of course, this takes place in compliance with the data protection regulations. In such cases personal data may be obtained from publicly available sources (e.g., commercial registers, association registries, registration registers, land registers, debtor directories, press releases and internet searches), affiliated companies or other third parties (eg credit bureaus, adress publishers and government agencies). Depending on the processing activity and purpose, in particular data from the following categories are processed:

1. Personal master data, such as name, date of birth, place of birth, nationality, marital status, job title and industry affiliation
2. Contact details and addresses, e.g. residential address, registration address if different, e-mail address, telephone and fax numbers
3. Bank details, other account information and payment data
4. Tax information, such as tax ID and/or VAT ID
5. Order data, such as type and quantity of goods ordered or services used
6. Credit information and payment conditions
7. Data concerning complaints
8. Authentication data, such as ID card data, signature, company stamps and passwords
9. Image and video data
10. Historical data on any business relationship with inSyca GmbH and affiliated companies
11. Advertising and sales data including target group-specific information
12. Data concerning the maintenance of contacts or the initiation of a relationship, such as data on communications that have already taken place, including date and time as well as purpose and content of the communications
13. Copies of correspondence, if made in writing, by email or by fax
14. Third party data: If you provide us with personal data of third parties within a service relationship (for example, of customers, suppliers, employees), we also process this data.

Unless you are on websites of inSyca GmbH or use other electronic services provided by us, we process various IT-specific information. In addition to the type, time and duration of access, this also includes the IP addresses you use, data about the terminals you use, such as the number of IP addresses you use. Operating system and browser as well as amount of transmitted data. Further information can be found in the context of the specific data protection information for the respective website or the respective electronic service under the item Cookie Policy and The purposes of data processing at inSyca

Art. 6 (1) point (a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your consent to such processing.

Art. 6 (1) point b) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.

Art. 6 (1) point c) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for compliance with a legal obligation to which inSyca is subject.

Art. 6 (1) point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., inSyca, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.

Art. 9 (2) point f) GDPR: Pursuant to this provision, certain special categories of personal data can be processed if such processing is necessary for the establishment, exercise or defence of legal claims. These special categories of personal data include the health data of the data subjects.

The processing of your personal data is carried out in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act as amended on June 30, 2017, and any other applicable data protection regulations.

Processing for the execution and fulfilment of a contract or for pre-contractual measures

A large part of the personal data is processed by us in order to be able to fulfil contracts with you or to carry out pre-contractual measures at your request. The legal basis for this is Article 6 (1) Sent. 1 (b) of the GDPR. The processing activities, which include any associated purpose, arise in particular from the respective contract and include, above all, the provision of our catalogues and ordering systems, the preparation of offers, the acceptance of orders, the commissioning of goods, delivery, and if necessary assembly and/or operationalisation and/or maintenance activities, as well as the provision of other services, such as training sessions and invoicing, which includes order-related payments, payment reminders/warnings and tax assessments. Also required in this context are order-related communications, the documentation of transactions, the booking of business transactions and the processing of claims, including fulfilment of any warranty claims.

Processing as it relates to the fulfilment of legal obligations or to the performance of a task carried out in the public interest

Like any other company, inSyca GmbH has to fulfil and comply with a wide variety of legal obligations. To do this, personal data must also be processed. The legal basis for this is Art. 6 Para. 1 Sent. 1 (c) of the GDPR. Furthermore, personal data may have to be processed during the performance of a task carried out in the public interest. The legal basis for this is Art. 6 Para. 1 Sent. 1 (e) of the GDPR. The requirements and the resulting processing activities and purposes arise, in particular, from commercial and tax law but also from other supervisory or regulatory requirements. The retention periods for business documents require, for example, that a large number of documents, including the personal data that such documents contain, are stored on a long-term basis.

Other regulatory-related processing activities may include the implementation or support of recall actions, the prevention of money laundering, the prevention, combating and resolution of terrorist financing, the fulfilment of tax inspection and reporting obligations, as well as identity verification and reconciliation with anti-terror lists. Judicial or regulatory measures may require that personal data be processed and, in particular, disclosed. Such measures include law enforcement activities, evidence gathering activities, enforcement or defence of civil claims or audits by tax and/or regulatory authorities. The legal requirements for data protection and data security also require certain processing activities. This includes record keeping with the framework of data security measures, e.g. when visiting our websites, when using other electronic services provided by us, or when communicating via e-mail, fax or telephone, as well as making inquiries with regard to data protection.

Processing for the protection of the legitimate interests of inSyca GmbH or a third party

As a customer or business partner of inSyca GmbH, you are accustomed to having a trusting relationship with us. In addition to the execution and fulfilment of contracts with you, the implementation of pre-contractual measures, the fulfilment of legal obligations, and the preservation of public interests, we process personal data in order to safeguard our legitimate interests or those of third parties. The legal basis for this is the first sentence of art. 6 para. 1 sentence 1 letter f) GDPR. The processing activities comprise in particular:

1. General contact maintenance within the framework of an existing business relationship
2. General internal and external communication
3. Compliance measures, including internal and external investigations to prevent and, if necessary, detect criminal offences or other violations
4. Data exchange with affiliated companies to optimise the range of goods and services and to improve processes and structures
5. Limited storage of personal data instead of deletion according to Section 35 FDPA
6. Obtaining offers for credit insurance and taking out credit insurance to reduce the economic risk for inSyca GmbH
7. Obtaining information and exchanging data with credit agencies, among other things to reduce the economic risk for inSyca GmbH and to grant payment terms
8. Enforcement, exercise or defence of legal claims
9. Ensuring IT and data security, including measures to safeguard the confidentiality, integrity and availability of data
10. Measures for corporate management, e.g. recording of costs, controlling, internal and external reporting, internal auditing
11. In individual cases, monitoring of telephone calls during order acceptance for training purposes or as part of quality control
12. Quality management, monitoring and optimisation of business processes,
13. Risk and emergency management as well as various security measures including measures for the protection of domiciliary rights
14. Statistical evaluations and demand analyses to optimise the offer, availability of goods and services and to enable direct customer approach
15. Statistical evaluations for measuring the reach of newsletters (e.g. opening rate)
16. Activities in the interest of building and system security, including access control and logging
17. Video surveillance in the context of the protection of domiciliary rights, for the prevention and prosecution of criminal offences as well as for the protection of the property of inSyca GmbH and of third parties
18. Video surveillance of technical equipment for the safety of the persons present and for the detection of technical defects

In order to safeguard our own legitimate interests, we may supplement the data stored by us with data stored in publicly accessible sources or with data collected from third parties (e.g. credit agencies, address publishers or authorities).

Furthermore, we process personal data for the purpose of advertising as well as market or opinion research. Approaches for advertising purposes are made personally, by telephone and by post. If you have purchased goods or services from us, we may use your e-mail address to send you information about similar products and services by e-mail. If the legislator requires consent for this, we will obtain it. We also exchange personal data with affiliated companies within the framework of legal regulations. Processing within the framework of a weighing of interests will only take place if you have not objected to it and if the legislator does not require explicit consent. We will inform you separately below about your right of objection pursuant to art. 21 GDPR.

Processing on the basis of your explicit consent

Certain processing operations may require us to obtain your consent. The legal basis for such processing activity is art. 6 para. 1 sentence 1 letter a) GDPR. Consents granted before 25.05.2018 generally remain valid. If we need your consent, we will inform you about the planned use before you grant your consent. You can revoke both new consents and consents granted in the past at any time with effect for the future. However, the revocation of consent does not affect the legality of the processing until the time of revocation.

Within inSyca GmbH, the departments have access to personal data which they require for their professional activities and for carrying out the processing described under The purposes of data processing at inSyca. Your personal data will only be passed on to entities outside inSyca GmbH if this is legally permitted and is necessary as part of the processing mentioned under The purposes of data processing at inSyca.

The legal basis for this is the following:

1. You have given us or a third party your explicit consent. Art. 6 para. 1 sentence 1 letter a) GDPR
2. The transfer is necessary for the performance of a contract which you have concluded with inSyca GmbH or a third party or for the implementation of pre contractual measures. Art. 6 para. 1 sentence 1 letter b) GDPR
3. The transfer is necessary for the fulfilment of legal obligations to which inSyca GmbH is subject. Art. 6 para. 1 sentence 1 letter c) GDPR
4. Such disclosure is necessary for safeguarding public interests. Art. 6 para. 1 sentence 1 letter e) GDPR
5. The transfer is necessary to protect the legitimate interests of inSyca GmbH or a third party. Art. 6 para. 1 sentence 1 letter f) GDPR
6. It involves order processing within the meaning of art. 28 GDPR.

Transmission to service providers

Like most other companies, inSyca GmbH works together with service providers. These vicarious agents are obliged to comply with data protection regulations. If the order processing is within the meaning of art. 28 GDPR, the service provider may only process personal data in accordance with the instructions and within the narrow limits of the respective order. The service providers and contractors that inSyca GmbH makes use of come from the following categories in particular:

1. Credit agencies
2. Banks, credit institutions and other payment service providers
3. Consulting, including legal advice, tax advice, management consulting and auditing
4. Security companies and security service providers
5. Printing services
6. Waste-disposal companies
7. Debt collectors
8. IT service providers Logistics and transport
9. Marketing and sales
10. Training companies
11. Technical service providers
12. Telecom companies
13. Insurance companies

These service providers may also be affiliated companies.

In addition to the purposes mentioned under The purposes of data processing at inSyca -> Processing for the protection of the legitimate interests of inSyca GmbH or a third party, transmission takes place in one or more of the following contexts in particular:

1. Conclusion of credit insurance,
2. Archiving,
3. Processing of receipts and other documents,
4. Procurement and purchasing,
5. Controlling,
6. Data and data carrier destruction,
7. Obtaining credit information,
8. Creation of personalised print products,
9. Preparation and evaluation of expert opinions,
10. Debt collection,
11. Lettershop,
12. Marketing, including the implementation of advertising measures and market and opinion research,
13. Media and communication technology
14. Reporting,
15. Legal and tax advice
16. Risk management,
17. Screening of data in the context of the fight against money laundering,
18. Security management,
19. Training services,
20. Statistical evaluations,
21. Telephony and/or other electronic communication,
22. Management consulting,
23. Dispatch and delivery of goods and/or documents,
24. Management of customers and suppliers,
25. Maintenance and support for IT systems (hardware and software),
26. Auditing,
27. Monetary transactions

Transmission to other recipients

Apart from service providers who act on behalf of inSyca GmbH, other categories of recipients may be taken into consideration:

1. third parties with whom you have a contractual relationship,
2. third parties, provided that you have consented to the disclosure of your data,
3. inSyca GmbH suppliers,
4. public offices and institutions, such as tax and financial authorities, law enforcement authorities, courts of law, supervisory authorities, etc.,
5. companies associated with inSyca GmbH for the purpose of joint administration, risk management, controlling and/or statutory obligations

Personal data is processed by inSyca GmbH solely in Germany or the European Union. Such data shall only be forwarded to service providers, associated companies or other third parties outside the European Union in accordance with statutory provisions, if:

1. you have given us your express consent to do so,
2. this is necessary for the purpose of performing a contract with you or for pre-contractual measures (e.g. delivery to an address outside the European Union),
3. this is necessary for the purpose of concluding or performing a contract in your interest,
4. there is a statutory obligation to this effect or a substantial public interest in doing so,
5. this is necessary to assert, exercise or defend legal claims,
6. this is necessary to safeguard the legitimate interests of inSyca GmbH or an associated company, or
7. contract processing is involved.

In cases f) and g), an adequate level of data protection shall be ensured by way of at least one of the following measures:

1. Adequacy decision of the European Commission,
2. binding in-house data protection regulations,
3. standard data protection clauses adopted by the European Commission,
4. approved Codes of Conduct pursuant to Article 40 GDPR,
5. approved certification mechanism or
6. contractual clauses approved by the supervisory authorities.

inSyca stores your personal data until they are no longer necessary in relation to the purposes for which they were collected or otherwise processed (see → The purposes of data processing at inSyca). Where inSyca is under legal obligation to store personal data, it will store personal data for the preservation period stipulated by law. The preservation period for commercial documents, which include bookkeeping documents and accounting records (including invoices), is 10 years (Section 257 (4) of the German Commercial Code). During this period, your data may be subject to restricted use within day-to-day operations if its processing serves no further purposes.

Rights pursuant to Art. 15 – 18 and 20 GDPR

You have the right to, at reasonable intervals, obtain information about your personal data under storage (Art. 15 GDPR). The information you are entitled to includes information about whether or not personal data concerning you are stored, about the categories of personal data concerned, and about the purposes of the processing. Upon request, inSyca will provide you with a copy of the personal data that are processed.

You also have the right to obtain from inSyca the rectification of inaccurate personal data concerning you (Art. 16 GDPR).

You furthermore have the right to obtain from inSyca the erasure of personal data concerning you (Art. 17 GDPR). We are under obligation to erase personal data in certain circumstances, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw the consent on which the processing is based, and if the personal data have been unlawfully processed.

Under certain circumstances, you have the right to have the processing of your personal data restricted (Art. 18 DSGVO). These include circumstances in which you contest the accuracy of your personal data and we then have to verify such accuracy. In such cases, we must refrain from further processing your personal data, with the exception of storage, until the matter has been clarified.

Should you opt to change to a different vehicle rental company, you have the right either to receive, in a machine-readable format, the data that you provided to us based on your consent or on a contractual agreement with us, or to have us transmit, also in a machine-readable format, such data to a third party of your choice (Right to data portability, Art. 20 GDPR).

No contractual or legal obligations to provide data/consequences of failure to provide data

You are not contractually or legally obliged to provide us with your personal data. Please note, however, that you cannot enter a contract of services provided by us if we are not permitted to collect and process the data as required for the purposes specified in the foregoing (see → The purposes of data processing at inSyca)

Right to object pursuant to Art. 21 GDPR

If the processing of your data by inSyca is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) point e) GDPR) or if it is necessary in the legitimate interests of inSyca, then you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data. inSyca will then end the processing, unless we can present compelling legitimate grounds for such processing that supersede the grounds for ending the processing.

You may object, at any time and without restriction, to the processing of your personal data for purposes of direct advertising.

Right to withdraw consent at any time

If data processing at inSyca is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.

You have the right to lodge complaints with the supervisory authority responsible for inSyca. Please send such complaints to the following address:

Bayerisches Landesamt für Datenschutzaufsicht (BayLD)
Promenade 27 (Schloss)
91522 Ansbach