Privacy Policy

Data privacy notice (website)
I. General information on data processing by Giti Tire Deutschland GmbH

The following regulations, notes and information apply to the processing of personal data concerning natural persons. “Personal data” means information relating to an identified or identifiable person. A person is “identifiable” if they can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data or other special characteristics.

1. Scope of processing of personal data
   Our customers’ personal data is particularly important to us. That’s why, as a matter of principle, we process personal data relating to users of our websites only to the extent that this is necessary for the provision of a functioning website as well as to enable us to provide our content and services. In addition, we only ever do this with the consent of the respective user. Exceptions apply only in cases in which we are unable to obtain prior consent for practical reasons and data processing is permitted by legal regulations.

2. Legal basis for the processing of personal data
   The following legal bases apply to the processing of personal data:
   a) Where the data subject has given us consent to the processing of their personal data, the legal basis is Article 6 (1)(a) of the European General Data Protection Regulation (GDPR).
   b) Where processing of personal data is necessary for the performance of a contract to which the data subject is a party, or in order to take steps prior to entering into a contract, the legal basis is Article 6(1)(b) GDPR.
   c) Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR provides the corresponding legal basis.
   d) Where processing is necessary in order to protect the legitimate interests of our company or a third party and provided these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR provides the legal basis for data processing.

3. Data processing during the application procedure
   You have the option to find out about and apply for job vacancies via our careers website. In doing so, you share personal data with us, which we process exclusively for the application process.
   To the extent that the data is necessary for making a decision on establishing an employment relationship, we process it on the basis of Section 26(1) of the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). To the extent that the data is used to suggest jobs to you, we process the data on the basis of Article 6(1)(a) GDPR. For more information, see the respective declarations of consent. You can withdraw your consent at any time with effect for the future.

4. Data deletion and retention period
   We delete or block the data subject’s personal data as soon as the purpose of storage lapses. However, we are obliged to store data beyond this time if this is provided for by the laws, regulations or other provisions of the European Union or the German legislator. In these cases too, we shall delete or block the data upon expiry of a retention deadline specified by the above-mentioned standards, unless further storage is required in order to use the data for completion of a contract or to fulfil a contract.

II. Provision of the website and creation of log files

1. Description and scope of data processing
   Each time our website is accessed, our system automatically records data and information about the computer system of the computer accessing the website. The following data is collected:
    Information on the user’s browser
    The user’s IP address
    Date and time of access to the website
    The pages visited
    The website from which the user accessed the Giti Tire Deutschland GmbH website.
   With the exception of the user’s IP address or other data that would enable the assignment of data to a user, we store this data in your system’s log files.
   If you access pages and files within our website and are prompted to enter personal data, we will notify you that the transfer of this data via the internet is unsecured and that the data could therefore be seen by unauthorised parties or even falsified.

2. Legal basis for data processing
   The legal basis for the temporary storage of data is Article 6(1)(f) GDPR.

3. Purpose of data processing
   We rely on temporarily storing the IP address of the user of our website, i.e. during the period of internet usage, so that our website can be opened on the user’s computer. This is also our legitimate interest in data processing, in accordance with Article 6(1)(f) GDPR.

4. Duration of storage
   As soon as the data is no longer necessary for the purpose for which it was collected, it will be deleted. If the data is collected to enable the provision of the website, it is deemed to be no longer necessary as soon as the respective session has ended.

5. Right to object and possibility of removal
   We are reliant on collecting the above-mentioned data or storing it in log files in order to enable the operation of our website. Therefore, users shall have no right to object.

III. Use of cookies

1. Description and scope of data processing
   When you visit our website, information may be saved on your computer in the form of a so-called cookie. Such cookies are used solely to ensure the operation of the websites. Other cookies (e.g. regarding the use of the website) are only stored with your consent (see the cookie policy). You can also refuse to accept cookies via your browser settings. However, please note that, in this case, you may not be able to use all functions of this website in their full scope.

2. Legal basis for data processing
   The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

3. Purpose of data processing
   The purpose of the use of technically necessary cookies is to make the website easier for the user to use. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for your browser to be recognised again even after switching between pages.
   The user data collected by technically necessary cookies is not used to create user profiles.
   These purposes represent our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR.

4. Duration of storage, right to object and possibility of removal
   Cookies are stored on the user’s computer and sent to our website from it. Each user can deactivate or restrict the use of cookies by changing their internet browser settings. Cookies that have already been stored can be deleted at any time. If cookies are deactivated for our website, it may not be possible to use all functions of the website in their full scope.

IV. E-mail contact

1. Description and scope of data processing
   On our website, the user can contact Giti Tire Deutschland GmbH via the specified e-mail address. In this case, the user’s personal data sent with the e-mail will be stored in order to enable correspondence with the user. This data is not shared with third parties.

2. Legal basis for data processing
   Where the user has given consent, the legal basis for data processing is Article 6(1)(a) GDPR and, where data is processed as a result of an e-mail being sent, the legal basis is Article 6(1)(f) GDPR.

3. Purpose of data processing
   The purpose of the data processing is to enable correspondence with you.

4. Duration of storage
   We shall delete the data as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is deemed to be the case when the respective correspondence with you has ended and a legal statute of limitation for any claims under civil law and/or retention periods in the context of the principles of proper accounting have expired. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Right to object and possibility of removal
   You have the right to withdraw your consent to the processing of the personal data at any time and to object to further storage of the data. Without the personal contact details, however, correspondence cannot be continued in such a case.

In this case, we ask you to contact us directly via info@giti.de. All personal data stored in the course of contacting us will be deleted in this case.

V. Subscription to the Giti newsletter

1. Description and scope of data processing
   On our website, we offer prospective users the option of subscribing to a newsletter free of charge. Participation is voluntary for the user.
   If you wish to subscribe to our newsletter, we will need your e-mail address as well as confirmation that you are the owner of the specified e-mail address and agree to receive the newsletter as well as any advertising that may be contained within it. For the purpose of personalising the newsletter or e mail, we also ask for your first name and surname, your gender and your date of birth. We store this personal data relating to the user in order to enable correspondence with the user. This data is not shared with third parties.
   No data will be shared with third parties in the context of data processing for the delivery of newsletters. The data will be used exclusively for delivery of the newsletter.

2. Legal basis for data processing
   The newsletter will be delivered based on the user’s registration for the newsletter. Where the user has given consent, the legal basis for data processing is Article 6(1)(a) GDPR.

3. Purpose of data processing
   The purpose of the data processing is to send the newsletter to you and be able to correspond with you.

4. Duration of storage
   We shall delete the data as soon as it is no longer required to achieve the purpose for which it was collected. This is the case if you cancel a subscription to the newsletter or object to the processing of your personal data or if we terminate the newsletter offering. The relevant user can cancel the subscription to the newsletter at any time.

5. Right to object and possibility of removal
   You have the right to withdraw your consent to the processing of the personal data at any time and to object to further storage of the data. Without the personal contact details, however, it will no longer be possible to deliver a newsletter to you.

In this case, we ask you to contact us directly via info@giti.de. All personal data stored in the course of contacting us will be deleted in this case.

VI. E-commerce

1. Description and scope of data processing
   We offer users of our website a platform for the online purchase of Giti products. In the context of conclusion of the contract, the personal data of the contracting partner (in particular name, address, bank details or credit card details) is routinely collected. If the buyer defaults in payment, we reserve the right to forward this personal data to a collection agency for the purpose of debt collection.

2. Legal basis for data processing
   The legal basis for the processing of this data is Article 6(1)(b) GDPR.

3. Purpose of data processing
   The purpose of data processing is to fulfil and process the purchase agreement with the data subject.

4. Duration of storage
   We shall delete the data as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when a legal statute of limitations for any claims under civil law as well as retention periods in the context of proper accounting (currently 10 years) have expired.

5. Right to object and possibility of removal
   As we are reliant on the processing of personal data for the performance and processing of the contract, there shall be no right to object and no possibility of removal.

VII. Use of Google Analytics

1. Google Maps data privacy notice
   On our website, we use Google Maps from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). When the functions of this map are used, data is transferred to Google. To find out which data is collected by Google and what this data is used for, go to https://www.google.com/intl/de/policies/privacy/.

2. Google Analytics data privacy notice
   On this website, we use Google Analytics from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) statistically evaluate user data. Google Analytics does this using targeted cookies.
   For more information on the terms of use and data privacy, go to http://www.google.com/analytics/terms/de.html or https://support.google.com/analytics/answer/6004245?hl=de.

3. Google Analytics Data Processing Amendment
   We have completed a direct customer contract with Google for the use of Google Analytics, by accepting the “Data Processing Amendment” in Google Analytics. You can find out more about the Data Processing Amendment for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

4. Google Analytics demographics and interests data
   In Google Analytics, we have activated the functions for ads reports. The reports on demographics and interests data includes information on age, gender and interests. Using this – without being able to attribute this data to individual persons – we are able to get a better picture of our users.
   You can find more information on the ads functions here
   https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
   You can end the use of the activities and information from your Google account via the checkbox in “Ads settings” at https://adssettings.google.com/authenticated.

5. Google Analytics deactivation link
   By clicking on the following deactivation link, you can prevent Google from recording further visits to this website. Attention: Deleting cookies, using Incognito/private mode in your browser or using a different browser will result in data being collected again.
   Deactivating Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de

6. Description and scope of data processing
   Legal basis for data processing
   The legal basis for the processing of this data is Article 6(1)(f) GDPR.

VIII. Use of Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland inc.
Google Tag Manager is a tool we use to incorporate tracking and statistics tools within our website. Google Tag Manager does not create user profiles itself, store cookies or carry out independent analyses. It is only used to manage and display the tools integrated through it. Google Tag Manager does however collect your IP address, which may also be transferred to Google's parent company in the United States.
The use of Google Tag Manager takes place on the basis of Art. 6 Para. 1 (f) GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on its website. Provided that appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 (a) GDPR; consent may be revoked at any time.

NFor more information on processing by Google Tag Manager, please see Google's Privacy Policy.

IX. Data privacy notice for Facebook Social Plugin

1. Description and scope of data processing
   Our website uses social plugins of the facebook.com network, which is operated by Facebook Inc., USA (“Facebook”). When you open a page on our website that contains one of these plugins, your browser establishes a direct connection to Facebook’s servers. Facebook sends the content of the plugin directly to your browser and you browser integrates it directly in the website. When the plugin is integrated, Facebook is informed that you have opened the corresponding page on our website. If you are logged into Facebook, Facebook can match the visit to your Facebook account. If you interact with the plugins, such as by using the “Like” button or leaving a comment, your browser sends the corresponding information directly to Facebook, where it is stored.

2. Legal basis for data processing
   The legal basis for the processing of this data is Article 6(1)(f) GDPR.

3. Purpose of data processing
   The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your corresponding rights and settings options to protect your privacy can be found in Facebook’s data privacy notice de-de.facebook.com/policy.php

4. Duration of storage, right to object and possibility of removal
   If you do not wish Facebook to collect data about you via our website, you must log out of Facebook before visiting our website.

X. Twitter data privacy notice

1. Description and scope of data processing
   Twitter functions are integrated in our website. These functions are provided by Twitter Inc., USA. By using Twitter and the “Re-Tweet” function, the websites you have visited are linked with your Twitter account and shared with other users. Data is also sent to Twitter.

2. Legal basis for data processing
   The legal basis for the processing of this data is Article 6(1)(f) GDPR.

3. Purpose of data processing
   The purpose and scope of data processing and data use by Twitter as well as your corresponding rights and settings options to protect your privacy can be found in Twitter’s data privacy notice (twitter.com/privacy).

4. Duration of storage, right to object and possibility of removal
   Please note that we, as the provider of the website, have no knowledge of the content of the data sent or its use by Twitter. For more information on this, see Twitter’s data privacy policy at twitter.com/privacy. You can also change your data privacy settings for Twitter in the account settings at twitter.com/account/settings.

XI. Social media networks

1. Meta platforms
    We operate one or more company websites (“fan pages”) on Meta’s Facebook and Instagram social media networks, in particular for self-presentation and brand development but also for the purpose of customer communication and recruiting.
    We process your data – notwithstanding any other procedure specified below – only if you contact us via the platform. In this case, Facebook collects your data and makes it available to us. Under certain circumstances, we may also store and further process the data. If you submit a request or application, your personal data will be processed on the basis of our other data privacy notices in this regard.
    The legal basis for the processing of personal data, depending on the situation, is processing in order to initiate and perform a contract with you, in accordance with Article 6(1)(b) GDPR or, on the basis of our legitimate interest in communicating with users and our public image for the purpose of advertising, in accordance with Article 6(1)(f) GDPR.
    If you have granted the provider of the social network consent to process the above-mentioned data on our behalf, the legal basis is Article 6(1)(a) GDPR.
   In addition, we may collect data regarding visitors to our company sites to the extent that reporting them as visitors can be defined as processing. We store this data – subject to the further procedure listed below – but not on our own systems, nor is it systematically further processed through occasional perusal. Our information regarding the data controller, the data protection officer and the declaration of your rights as the data subject apply to these processing steps.
    For any processing beyond this on our fan pages, please note that the data privacy notice of Meta Platforms, Inc (1 Hacker Way, Menlo Park, California 94025, USA) or Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) applies. Data transmission to third countries is based on the use of standard contract clauses in accordance with the European Commission: https://de-de.facebook.com/help/566994660333381.
    Further, more detailed information about data processing by Facebook and corresponding information on how to object can be found at https://www.facebook.com/about/privacy/ as well as at https://www.facebook.com/legal/terms/dataprocessing. Meta is the provider of this service and it alone is qualified to provide complete information about data processing on Facebook.
    For more information on the purpose and scope of data collection and the further processing and use of the data by Instagram as well as your corresponding rights and settings options to protect your privacy, see Instagram’s data privacy notice: http://instagram.com/about/legal/privacy/ oder https://help.instagram.com/155833707900388/

2. YouTube
    We operate one or more company websites on the Youtube social media network of Google Inc., in particular for self-presentation.
    We assume analogous applicability of this decision to other social networks, including YouTube. To date, we are not aware of YouTube offering an agreement to satisfy the requirements of Article 26.
    Therefore, please note that you are using the Youtube channel offered here, and its functions, under your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, liking, disliking, commenting).
    We process your data only if you contact us via the YouTube platform. In this case, YouTube collects your data and makes it available to us.
    Under certain circumstances, we may also store and further process the data. In this case, your personal data will be processed on the basis of one of our other data privacy notices, depending on the group of data subjects to which you belong.
    In addition, we may collect data regarding visitors to our company sites to the extent that reporting them as visitors can be defined as processing. We store this data but not on our own systems, nor is it further processed systematically through occasional perusal.
    The legal basis for the processing of personal data, depending on the situation, is processing in order to initiate and perform a contract with you, in accordance with Article 6(1)(b) GDPR (e.g. for questions about products or services) or, on the basis of our legitimate interest in communicating with users and our public image for the purpose of advertising, in accordance with Article 6(1)(1)(f) GDPR. If you have granted the provider of the social network consent to process the above-mentioned data on our behalf, the legal basis is Article 6(1)(a) GDPR.
    Our information regarding the data controller, the data protection officer and the declaration of your rights as the data subject apply to these processing steps.
    For any processing beyond this on our YouTube channel, please note that the data privacy notice of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 or alternatively Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA applies. We have no sustained knowledge of or any influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective control options at our disposal in this regard. For more information on the processing of personal data by YouTube, see here:
   Terms of use: http://www.google.com/analytics/terms/de.html
   About data privacy: http://www.google.com/intl/de/analytics/learn/privacy.html
   Data privacy notice: http://www.google.de/intl/de/policies/privacy
    For cases in which personal data is transferred to the USA, standard contract clauses shall apply.

3. LinkedIn
    Our company operates a social media channel on the LinkedIn platform.
    We process your data only if you make contact with our HR department via the LinkedIn platform or apply for a job via LinkedIn for precisely these purposes. In this case, LinkedIn collects your data and makes it available to us.
    The legal basis for the processing of personal data, depending on the situation, is processing in order to initiate and perform a contract with you, in accordance with Article 6(1)(b) GDPR or, on the basis of our legitimate interest in communicating with users and our public image for the purpose of advertising, in accordance with Article 6(1)(f) GDPR.
    If you have granted the provider of the social network consent to process the above-mentioned data on our behalf, the legal basis is Article 6(1)(a) GDPR.
    Under certain circumstances, we may also store and further process the data. If you submit an application, your personal data will be processed on the basis of our applicant data privacy notice.
    In addition, we may collect data regarding visitors to our company sites to the extent that reporting them as visitors can be defined as processing. We store this data but not on our own systems, nor is it further processed systematically through occasional perusal.
    Our information regarding the data controller, the data protection officer and the declaration of your rights as the data subject apply to these processing steps.
    For any processing beyond this on our LinkedIn company site, please note that the data privacy notice of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn) applies.
    For more information on the processing of your personal data by LinkedIn, go to https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

4. Xing
    We operate one or more company websites on the professional social media network XING, in particular for self-presentation, but also for recruiting.
    We assume analogous applicability of this decision to other social networks, including XING. To date, we are not aware of XING offering an agreement to satisfy the requirements of Article 26.
    We process your data only if you make contact with our HR department via the XING platform or apply for a job via XING. In this case, XING collects your data and makes it available to us. Under certain circumstances, we may also store and further process the data. If you submit an application, your personal data will be processed on the basis of our applicant data privacy notice.
    The legal basis for the processing of personal data, depending on the situation, is processing in order to initiate and perform a contract with you, in accordance with Article 6(1)(b) GDPR or, on the basis of our legitimate interest in communicating with users and our public image for the purpose of advertising, in accordance with Article 6(1)(f) GDPR.
    If you have granted the provider of the social network consent to process the above-mentioned data on our behalf, the legal basis is Article 6(1)(a) GDPR.
    Under certain circumstances, we may also store and further process the data. If you submit an application, your personal data will be processed on the basis of our applicant data privacy notice.
    In addition, we may collect data regarding visitors to our company sites to the extent that reporting them as visitors can be defined as processing. We store this data but not on our own systems, nor is it further processed systematically through occasional perusal.
    Our information regarding the data controller, the data protection officer and the declaration of your rights as the data subject apply to these processing steps.
    For any processing beyond this on our XING company site, please note that the data privacy notice of NEW WORK SE, Am Strandkai 1, 20457 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, E-mail: info@xing.com (hereinafter: XING) applies. For more information on the processing of personal data by XING, go to: https://privacy.xing.com/de/datenschutzerklaerung

5. Tik Tok
    We have one or more accounts on the Tik Tok social network in order to communicate with registered users of Tik Tok and provide information about our company as well as our products and services.
    We process your data that you send to us via these networks to communicate with you and to answer your messages from these networks.
    Under certain circumstances, we may also store and further process the data. If you submit an application, your personal data will be processed on the basis of our applicant data privacy notice.
    In addition, we may collect data regarding visitors to our company sites to the extent that reporting them as visitors can be defined as processing. We store this data but not on our own systems, nor is it further processed systematically through occasional perusal.
    Our information regarding the data controller, the data protection officer and the declaration of your rights as the data subject apply to these processing steps.
    The legal basis for the processing of the personal data is our legitimate interest in communicating with users and our public image for the purpose of advertising in accordance with Article 6(1)(f) GDPR.
    If you have granted the provider of the social network consent to process the above-mentioned data on our behalf, the legal basis is Article 6(1)(a) GDPR.
    For any processing beyond this on our company site, please note that the data privacy notice of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380 Ireland applies.
    For more information on the purpose and scope of data collection and the further processing and use of the data by Tik Tok as well as your corresponding rights and settings options to protect your privacy, see Tik Tok’s data privacy notice: https://www.tiktok.com/legal/privacy-policy

XII. Data privacy notice for competitions and voucher campaigns

To participate in our prize draws, contests or similar campaigns, we collect certain personal data from you. This data processing is carried out in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
The data you provide, such as name, email, address, and telephone number, will be used exclusively for the purpose of participating in the respective giveaway. Your data will not be disclosed to third parties unless it is necessary for the execution of the competition (e.g. prize delivery by a partner).
Your data will be stored after the competition for the duration of the legally required retention period and then deleted. You have the right to obtain information about your stored data at any time, as well as the right to rectify, erase, or restrict the processing of your data.
By participating in the competition, you agree to the processing of your data in accordance with this privacy policy.
For questions about data processing or to exercise your data protection rights, you can contact us at any time.

XIII. Rights of data subjects

If your personal data is or has been processed, you can assert the following rights vis-à-vis Giti Tire Deutschland GmbH:

1. Right of access
   You can demand confirmation as to whether we have processed personal data that concerns you. If this is the case, you can demand access to the following information:
   (1) The purposes of the processing;
   (2) The categories of personal data concerned;
   (3) The recipients or categories of recipient to whom the personal data concerning you has been or will be disclosed;
   (4) The planned duration of storage of the personal data concerning you or, if specific data is not possible, the criteria used to determine the storage period;
   (5) The existence of the right to request rectification or erasure of personal data concerning you or restriction of processing by Giti Tire Deutschland GmbH or to object to such processing;
   (6) The right to lodge a complaint with a supervisory authority;
   (7) All available information regarding the origin of the data, if the personal data was not collected from you;
   (8) The existence of automated decision-making, including profiling according to Article 22(1) and (4) and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

2. Right to rectification
   You have the right to rectification and/or completion by Giti Tire Deutschland GmbH to the extent that the processed personal data concerning you is inaccurate or incomplete. Giti Tire Deutschland GmbH must implement the rectification immediately.

3. Right to restriction of processing
   You have the right to the restriction of processing of the personal data concerning you where one of the following applies:
   (1) You dispute the accuracy of the personal data concerning you for a period enabling Giti Tire Deutschland GmbH to check the correctness of the personal data;
   (2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
   (3) Giti Tire Deutschland GmbH no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
   (4) You have objected to processing pursuant to Article 21(1) GDPR but it has not yet been established whether the legitimate grounds of Giti Tire Deutschland GmbH override your legitimate grounds.
   Where processing of the personal data concerning you has been restricted, such data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

4. Right to erasure
   You have the right to obtain from Giti Tire Deutschland GmbH the erasure of the personal data concerning you without undue delay and we shall be obligated to erase this data without undue delay where one of the following grounds applies:
   (1) The personal data concerning you is no longer required for the purposes for which it was collected or otherwise processed.
   (2) You withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for processing.
   (3) Pursuant to Article 21(1) GDPR, you object to the processing and there are no overriding legitimate grounds for processing, or you object to the processing pursuant to Article 21(2) GDPR.
   (4) The personal data concerning you was unlawfully processed.
   (5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
   (6) the personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
   Where Giti Tire Deutschland GmbH has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copies or replication of, that personal data.
   There shall be no right to erasure if the processing is required
   (1) For exercising the right of freedom of expression and information;
   (2) For compliance with a legal obligation which requires processing by Union or Member State law to which Giti Tire Deutschland GmbH is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
   (3) For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
   (4) For the establishment, exercise or defence of legal claims.

5. Right to be informed
   If you have asserted the right to rectification, erasure or restriction of processing of your personal data against us, we shall communicate any rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. We shall also be obligated to inform you about these recipients on request.

6. Right to data portability
   You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You shall also have the right to transmit this data to another controller without hindrance from us, where
   (1) The processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or in a contract pursuant to Article 6(1)(b) GDPR and
   (2) The processing is carried out by automated means.
   In exercising this right to data portability, you shall have the right to have the personal data concerning you transmitted directly from us to another data controller, where technically feasible. This must not adversely affect the rights and freedoms of others.

7. Right to object
   You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
   Giti Tire Deutschland GmbH shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is required for the establishment, exercise or defence of legal claims.
   Where personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing.
   If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

8. Right to withdraw declaration of consent according to data privacy law
   You have the right to withdraw your declaration of consent according to data privacy law at any time. Withdrawing consent shall not affect the lawfulness of the processing carried out based on consent until the time of withdrawal.

9. Right to lodge a complaint with a supervisory authority
   If you are of the opinion that we have violated data privacy regulations through the processing of the personal data concerning you, you shall have the right, regardless of any other official or judicial remedies, to lodge a complaint with the Data Protection Officer for the State of Lower Saxony, Prinzenstr. 5, 30159 Hannover, Germany, Tel: 0511 120 4500, Fax: 0511 120 4599.

10. Name and address of the data controller
    The data controller, in the meaning of the General Data Protection Regulation and other national data protection laws as well as other data protection provisions is:

Giti Tire Deutschland GmbH
Hollerithallee 18 A
30419 Hannover
Germany
Telephone: +49(0) 511-5153 56-0
Fax: +49(0) 511-5153 56-10
E-mail: info@giti-tire.de

11. Name and address of the data protection officer
    The data protection officer of Giti Tire Deutschland GmbH is:
    Streit GmbH Management Systems
    Frühlingstraße 8
    13158 Berlin
    Telephone: +49 (0) 30 – 98 19 3 – 116
    Fax: +49 (0) 30 – 98 19 3 - 135
    E-mail address: ds-beauftragter@streit-online.de

Hannover, January 2024
Giti Tire Deutschland GmbH