inSyca has implemented a variety of technical and organizational measures in order to protect your personal data, in particular against random or intentional manipulation, loss, destruction and access by unauthorized persons. These security measures will be continually adapted in accordance with technological developments. The transfer of personal data between your computer and our server invariably takes place by encrypted connection (Secure Socket Layer (SSL)).
The data you provide when you register to receive our newsletter are used solely for that purpose. Subscribers can also receive e-mail updates concerning circumstances that are relevant to the service or the registration (for instance, changes to the newsletter offer or technical matters).
For the registration to be effective, we require a valid e-mail address. In order to verify that the registration is carried out by the owner of the e-mail address, we implement the double opt-in method. To this end, we log the order of the newsletter, the sending of a confirmation e-mail and receipt of the reply requested in that e-mail. No further data are collected. The data are used solely for the newsletter distribution and are not passed to any third party.
When you contact us by e-mail or by using the contact form, the information provided by you is saved for the purpose of processing the enquiry and for possible follow-up questions.
Some new browsers use “Do not track” functions. If this is the case, our website may not respond to “Do not track” requests or may be unable to retrieve the headers of such browsers. To find out more about what your settings are and about whether you want to deny certain providers access to your information, please click here for the US, here for Canada, and here for Europe (please note that opting out will not mean that you are no longer displayed any advertising at all. Rather, you will still receive generic advertising).
Visits to our website may result in information being stored on your computer in the form of “Cookies”. Cookies are small text files that are copied from a web server onto your hard disk. Cookies contain information that can later be read by a web server within the domain in which the cookie was assigned to you. Cookies cannot execute any programmes or infect your computer with viruses. The cookies used by us neither contain personal data nor are they connected to any such data.
You have the opportunity to accept or to reject cookies. Most web browsers accept cookies automatically. Generally, however, you will be able to adjust your browser settings so as to reject cookies. If you opt to reject cookies, you may find that you are unable to use some of the website’s functions. If you accept cookies, you can opt to delete such accepted cookies at a later point in time. You can delete cookies in Internet Explorer 8 by selecting “Tools” > “Delete Browsing History” and then clicking on the button “Delete Cookies”. If you delete the cookies, all settings controlled by these cookies, including advertising settings, will be deleted, possibly irrecoverably.
Further information can be found at www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). We would like to point out that the code "gat._anonymizeIp();" has been added to Google Analytics on this website to ensure anonymous collection of IP addresses (so-called IP masking). Under https://tools.google.com/dlpage/gaoptout?hl=en-GB you will find instructions for deactivating Google Analytics Services.
Advertising shown by us is based on the interest in products our customers previously exhibited. We record information about our customers’ surfing patterns for purposes of providing them with interest-based online advertising. For this, cookies are stored on the respective user’s computer; these contain a multiple-digit identification number. If you do not agree with having your user behavior analyzed, you can adjust your browsers settings so as to prevent analysis cookies from being set. Please note, however, that this may prevent you from being able to use in full all the functions of this website.
The search engine program Google AdWords, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google), facilitates the systematic display on our website of advertising based on Google search terms. For this, Google sets a cookie in the user’s browser as soon as an advert appearing in the Google search or advertising network is clicked on.
For options on how to object to such tracking, please go to: https://www.google.com/ads/preferences.
Through its AdWords cookie-based conversion methods, Google can measure the number of people who, after clicking on an AdWords advert, went on to purchase or use the product/service offered. To the extent that Google Ads link to offers from this website, this website will receive statistics from Google about the number of purchases made after clicking on the respective Google AdWords advert.
The options for disabling this tracking function are as follows: You can adjust your browser so as to block the setting of cookies by the domain googleadservices.com or by third parties in general. You can also delete the Google conversion cookie in your browser’s cookie settings.
For options on how to object to such tracking, please go to: https://www.google.com/ads/preferencesYou can also object to interest-based advertising by Google and by other advertising networks on the following website:
In order to depict our content correctly and in a graphically appealing way across browsers, we use script libraries and font libraries such as Google Webfonts on this website. Google Webfonts are transferred into your browser cache to avoid multiple loading. If the browser does not support Google Webfonts or prevents access, content will be displayed in a standard font. The retrieval of script libraries or font libraries automatically triggers a link to the operator of the library. It is theoretically possible here, although it is currently unclear whether or not and for what reasons, that operators of corresponding libraries may collect data. The data protection policy of the library operator Google can be found here: https://www.google.com/policies/privacy
In the following we would like to inform you about the types of data processed by inSyca IT Solutions GmbH and about the purposes of such data processing. We would also like to inform you about important legal aspects of data protection, such as your rights.
A large part of the personal data we collect directly from you or the data arises directly on the basis of the respective business relationship. However, in the context of the processing operations referred to in inSyca for data processing purposes, it may be necessary to use personal data from other sources. Of course, this takes place in compliance with the data protection regulations. In such cases personal data may be obtained from publicly available sources (e.g., commercial registers, association registries, registration registers, land registers, debtor directories, press releases and internet searches), affiliated companies or other third parties (eg credit bureaus, adress publishers and government agencies). Depending on the processing activity and purpose, in particular data from the following categories are processed:
Art. 6 (1) point (a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your consent to such processing.
Art. 6 (1) point b) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.
Art. 6 (1) point c) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for compliance with a legal obligation to which inSyca is subject.
Art. 6 (1) point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., inSyca, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.
Art. 9 (2) point f) GDPR: Pursuant to this provision, certain special categories of personal data can be processed if such processing is necessary for the establishment, exercise or defence of legal claims. These special categories of personal data include the health data of the data subjects.
The processing of your personal data is carried out in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act as amended on June 30, 2017, and any other applicable data protection regulations.
Processing for the execution and fulfilment of a contract or for pre-contractual measures
A large part of the personal data is processed by us in order to be able to fulfil contracts with you or to carry out pre-contractual measures at your request. The legal basis for this is Article 6 (1) Sent. 1 (b) of the GDPR. The processing activities, which include any associated purpose, arise in particular from the respective contract and include, above all, the provision of our catalogues and ordering systems, the preparation of offers, the acceptance of orders, the commissioning of goods, delivery, and if necessary assembly and/or operationalisation and/or maintenance activities, as well as the provision of other services, such as training sessions and invoicing, which includes order-related payments, payment reminders/warnings and tax assessments. Also required in this context are order-related communications, the documentation of transactions, the booking of business transactions and the processing of claims, including fulfilment of any warranty claims.
Processing as it relates to the fulfilment of legal obligations or to the performance of a task carried out in the public interest
Like any other company, inSyca GmbH has to fulfil and comply with a wide variety of legal obligations. To do this, personal data must also be processed. The legal basis for this is Art. 6 Para. 1 Sent. 1 (c) of the GDPR. Furthermore, personal data may have to be processed during the performance of a task carried out in the public interest. The legal basis for this is Art. 6 Para. 1 Sent. 1 (e) of the GDPR. The requirements and the resulting processing activities and purposes arise, in particular, from commercial and tax law but also from other supervisory or regulatory requirements. The retention periods for business documents require, for example, that a large number of documents, including the personal data that such documents contain, are stored on a long-term basis.
Other regulatory-related processing activities may include the implementation or support of recall actions, the prevention of money laundering, the prevention, combating and resolution of terrorist financing, the fulfilment of tax inspection and reporting obligations, as well as identity verification and reconciliation with anti-terror lists. Judicial or regulatory measures may require that personal data be processed and, in particular, disclosed. Such measures include law enforcement activities, evidence gathering activities, enforcement or defence of civil claims or audits by tax and/or regulatory authorities. The legal requirements for data protection and data security also require certain processing activities. This includes record keeping with the framework of data security measures, e.g. when visiting our websites, when using other electronic services provided by us, or when communicating via e-mail, fax or telephone, as well as making inquiries with regard to data protection.
Processing for the protection of the legitimate interests of inSyca GmbH or a third party
As a customer or business partner of inSyca GmbH, you are accustomed to having a trusting relationship with us. In addition to the execution and fulfilment of contracts with you, the implementation of pre-contractual measures, the fulfilment of legal obligations, and the preservation of public interests, we process personal data in order to safeguard our legitimate interests or those of third parties. The legal basis for this is the first sentence of art. 6 para. 1 sentence 1 letter f) GDPR. The processing activities comprise in particular:
In order to safeguard our own legitimate interests, we may supplement the data stored by us with data stored in publicly accessible sources or with data collected from third parties (e.g. credit agencies, address publishers or authorities).
Furthermore, we process personal data for the purpose of advertising as well as market or opinion research. Approaches for advertising purposes are made personally, by telephone and by post. If you have purchased goods or services from us, we may use your e-mail address to send you information about similar products and services by e-mail. If the legislator requires consent for this, we will obtain it. We also exchange personal data with affiliated companies within the framework of legal regulations. Processing within the framework of a weighing of interests will only take place if you have not objected to it and if the legislator does not require explicit consent. We will inform you separately below about your right of objection pursuant to art. 21 GDPR.
Processing on the basis of your explicit consent
Certain processing operations may require us to obtain your consent. The legal basis for such processing activity is art. 6 para. 1 sentence 1 letter a) GDPR. Consents granted before 25.05.2018 generally remain valid. If we need your consent, we will inform you about the planned use before you grant your consent. You can revoke both new consents and consents granted in the past at any time with effect for the future. However, the revocation of consent does not affect the legality of the processing until the time of revocation.
Within inSyca GmbH, the departments have access to personal data which they require for their professional activities and for carrying out the processing described under The purposes of data processing at inSyca. Your personal data will only be passed on to entities outside inSyca GmbH if this is legally permitted and is necessary as part of the processing mentioned under The purposes of data processing at inSyca.
The legal basis for this is the following:
Transmission to service providers
Like most other companies, inSyca GmbH works together with service providers. These vicarious agents are obliged to comply with data protection regulations. If the order processing is within the meaning of art. 28 GDPR, the service provider may only process personal data in accordance with the instructions and within the narrow limits of the respective order. The service providers and contractors that inSyca GmbH makes use of come from the following categories in particular:
These service providers may also be affiliated companies.
In addition to the purposes mentioned under The purposes of data processing at inSyca -> Processing for the protection of the legitimate interests of inSyca GmbH or a third party, transmission takes place in one or more of the following contexts in particular:
Transmission to other recipients
Apart from service providers who act on behalf of inSyca GmbH, other categories of recipients may be taken into consideration:
Personal data is processed by inSyca GmbH solely in Germany or the European Union. Such data shall only be forwarded to service providers, associated companies or other third parties outside the European Union in accordance with statutory provisions, if:
In cases f) and g), an adequate level of data protection shall be ensured by way of at least one of the following measures:
inSyca stores your personal data until they are no longer necessary in relation to the purposes for which they were collected or otherwise processed (see → The purposes of data processing at inSyca). Where inSyca is under legal obligation to store personal data, it will store personal data for the preservation period stipulated by law. The preservation period for commercial documents, which include bookkeeping documents and accounting records (including invoices), is 10 years (Section 257 (4) of the German Commercial Code). During this period, your data may be subject to restricted use within day-to-day operations if its processing serves no further purposes.
Rights pursuant to Art. 15 – 18 and 20 GDPR
You have the right to, at reasonable intervals, obtain information about your personal data under storage (Art. 15 GDPR). The information you are entitled to includes information about whether or not personal data concerning you are stored, about the categories of personal data concerned, and about the purposes of the processing. Upon request, inSyca will provide you with a copy of the personal data that are processed.
You also have the right to obtain from inSyca the rectification of inaccurate personal data concerning you (Art. 16 GDPR).
You furthermore have the right to obtain from inSyca the erasure of personal data concerning you (Art. 17 GDPR). We are under obligation to erase personal data in certain circumstances, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw the consent on which the processing is based, and if the personal data have been unlawfully processed.
Under certain circumstances, you have the right to have the processing of your personal data restricted (Art. 18 DSGVO). These include circumstances in which you contest the accuracy of your personal data and we then have to verify such accuracy. In such cases, we must refrain from further processing your personal data, with the exception of storage, until the matter has been clarified.
Should you opt to change to a different vehicle rental company, you have the right either to receive, in a machine-readable format, the data that you provided to us based on your consent or on a contractual agreement with us, or to have us transmit, also in a machine-readable format, such data to a third party of your choice (Right to data portability, Art. 20 GDPR).
No contractual or legal obligations to provide data/consequences of failure to provide data
You are not contractually or legally obliged to provide us with your personal data. Please note, however, that you cannot enter a contract of services provided by us if we are not permitted to collect and process the data as required for the purposes specified in the foregoing (see → The purposes of data processing at inSyca)
Right to object pursuant to Art. 21 GDPR
If the processing of your data by inSyca is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) point e) GDPR) or if it is necessary in the legitimate interests of inSyca, then you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data. inSyca will then end the processing, unless we can present compelling legitimate grounds for such processing that supersede the grounds for ending the processing.
You may object, at any time and without restriction, to the processing of your personal data for purposes of direct advertising.
Right to withdraw consent at any time
If data processing at inSyca is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.
You have the right to lodge complaints with the supervisory authority responsible for inSyca. Please send such complaints to the following address:
Bayerisches Landesamt für Datenschutzaufsicht (BayLD)
Promenade 27 (Schloss)
Last amended in: January 2019
© Copyright 2019 inSyca IT Solutions GmbH