Advice & Contact Merbag Group

interior

exterior

Protection & Care

Privacy policy

    1 What is this privacy policy about?

    In this privacy policy, we inform you about how and why we collect, process and use your personal data. It is aimed at visitors to the website, customers in our branches and online store, interested parties in our branches and from our website offers, contact persons of our business partners, organizations and authorities, applicants and all other persons who use our services or come into contact with our offers.

    In addition to this privacy policy, declarations of consent, contractual terms and conditions (in particular general terms and conditions), additional privacy policies, forms and other notices may apply.

    This Privacy Policy is designed to meet the requirements of the Swiss Data Protection Act ("DPA") and the EU General Data Protection Regulation ("GDPR"). However, whether and to what extent the GDPR is applicable depends on the individual case.

    2 Who is responsible for data processing?

    Mercedes-Benz Automobil AG ("we" or "us") is responsible under data protection law for data processing in accordance with this Privacy Policy:

    Mercedes-Benz Automobil AG
    Zürcherstrasse 109
    8952 Schlieren
    datenschutz.ch@merbag.ch

    Unless otherwise communicated, this Privacy Policy also applies to cases in which a group company of Mercedes-Benz Automobil AG is the controller (collectively "Merbag Group"). The Merbag Group includes in particular the branches of Mercedes-Benz Automobil AG (see https://www.merbag.ch/de/personenwagen/standorte andhttps://www.merbag.ch/de/nutzfahrzeuge/stand orte) as well as Euro Truck AG, Merbag Holding AG, Merbag International AG and Merbag AG. If you have direct contact with a Group company, this Group company is generally responsible for the data processing in question. This is the case, for example, if you purchase your vehicle from a branch office, have it serviced there or receive advertising from this branch office.

    Several companies in the Merbag Group may also be jointly responsible for a particular data processing operation or assume the role of a processor.

    We have appointed the following body as data protection representative in the EU in accordance with Art. 27 GDPR

    VGS Datenschutzpartner GmbH
    Am Kaiserkai 69
    20457 Hamburg
    Germany
    info@datenschutzpartner.eu

    3 What personal data do we process?

    Personal data is any information relating to an identified or identifiable natural person. We process the categories of personal data listed below, although other personal data may also be processed in individual cases:

    3.1 Master data

    Master data is the basic information about you, in particular

    • Salutation, title, first name, surname, nationality;
    • Address, e-mail address, telephone number and other contact details;
    • Customer numbers (e.g. your Merbag customer number, fuel card number);
    • Login data (user names)
    • Details of related persons (e.g. persons living in the household and family members);
    • Information about your employment (e.g. employer, function, employment relationship, workload);
    • Payment information (e.g. means of payment used, bank details, billing address);
    • Vehicle data and related data (e.g. Vehicle Identification Number ("VIN"), license plate, vehicle analysis data);
    • Demographic data (e.g. date of birth, age, gender, income);
    • Information about your relationship with us (customer, prospective customer, supplier, applicant, etc.);
    • Declarations of consent regarding receipt of advertising, newsletter subscriptions, etc;
    • Information on preferences, lifestyle, interests, (club) memberships and hobbies (e.g. dietary preferences for events);
    • Information on participation in events;
    • Your social media account (e.g. as part of an application or if contact is made via a social media channel)
    • Official documents in which you are mentioned (vehicle license, driver's license, etc.).

    3.2 Contract data

    Contract data is data that arises in connection with the conclusion or execution of a contract, in particular information

    • on the initiation and conclusion of contracts (e.g. type and date of contract conclusion, details from the quotation process and details of the contract in question, copies of official identification documents, proof of insurance or insurance policy, confirmation of residence for vehicle redemption);
    • on the processing and administration of contracts (e.g. contact details, services, payment information, turnover data per customer);
    • in interactions with customer service or another contact person of ours
    • about defects and complaints as well as adjustments to a contract;
    • on customer satisfaction, which we can collect through surveys
    • on financial matters (e.g. to determine creditworthiness, reminders, debt collection and enforcement of claims);
    • contained in a job application (e.g. CV, references, qualifications, certificates, interview notes, etc.).

    3.3 Communication data

    If you contact us via the contact form, by e-mail, telephone, chat, letter or other means of communication, we collect the data exchanged between you and us, in particular

    • Contact data (e.g. name, postal and e-mail address, telephone number);
    • marginal data (type, time and place of communication);
    • Content of the communication (e.g. e-mails, written correspondence, chat messages, telephone conversations, etc.);
    • Answers to customer and satisfaction surveys;
    • Proof of identity (e.g. copies of official identification documents for requests for information).

    3.4 Behavioral and preference data

    When you visit our website, purchase products from us, visit our online store, make use of our services, use our offers and infrastructure, we often collect data about this use, in particular about

    • vehicle purchases, purchases of parts or accessories in our branches and online stores;
    • your behavior in our online store (orders, items in the shopping cart, items viewed, search terms and results, type of payment method, selected delivery method, etc.);
    • the use and your behavior on our websites (e.g. websites visited, duration of visit, links clicked on)
    • your attendance at our events (e.g. date, location and type of event);
    • participation in competitions, prize draws and similar events;
    • the use of electronic communications from us (e.g. whether and when you have opened an email or clicked on a link)
    • Your interaction with our social media profiles;
    • your use of our Wi-Fi networks (e.g. date, time and duration of the connection, location of the Wi-Fi network and data volume).

    This data helps us to tailor our offers and services to you based on your interests and preferences, possibly in combination with other data (in particular technical data, see section 3.5). Specifically, we can draw conclusions about characteristics, preferences and expected behavior (which may constitute "profiling", see section 9), e.g. derive your affinity for certain products and services or determine the preferences of segments (groups of people). This data may be used on a personal basis (e.g. to show you personalized advertising) or non-personal basis (e.g. for market research and product development).

    3.5 Technical data

    When you use our website or our Wi-Fi networks, we collect certain technical data, in particular

    • the IP address of your end device;
    • other device IDs (e.g. MAC address);
    • system-side records of accesses and other processes (e.g. protocols, log data);
    • Assignment of an ID to your end device using cookies or similar technologies (e.g. pixel tags) for the purpose of recognition (see cookie information);
    • information about your device and its configuration (e.g. operating system or language settings)
    • information about the browser you use to access the website and its configuration
    • Information about your movements and actions on our websites (e.g. clicks, length of stay, etc.);
    • Information about your internet provider;
    • your approximate location and the time of use.

    This can help us to transmit the correct formatting of the website or, for example, to show you a website adapted to your region. Although we know from the IP address which provider you are using to access our offers (and therefore also the region), we cannot generally deduce who you are from this.

    3.6 Image and sound recordings

    We may make photos, videos and sound recordings in which you may appear, in particular

    • if you take part in an event and occasions (e.g. customer events, promotional events, sponsoring events);
    • as part of courses, presentations, training courses, etc.
    • if you are in contact with our customer service or take advantage of a consultation via video conference;
    • in the case of recordings from video surveillance systems.

    The use of video recordings may provide us with information about your behavior in the relevant areas. The use of video surveillance systems is localized and marked.

    4 Where does the personal data come from?

    4.1 Data provided

    You often provide us with personal data yourself, in particular master data, contract data, communication data and, where applicable, preference data. This is the case, for example, when you

    • contact our customer service or you contact us in any other way (e.g. by filling out physical or online accessible forms);
    • register for our newsletter or other offers;
    • apply for a job vacancy with us;
    • take part in a prize draw or other competitions.

    The provision of personal data is generally voluntary, unless this is necessary for the performance of a contract and the fulfillment of the associated obligations or is required by law. Otherwise we will not be able to conclude or continue the relevant contract.

    If you transmit or disclose data about other persons (e.g. family members) to us, we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also make sure that these third parties have been informed about this privacy policy.

    4.2 Data collected

    We may also collect personal data about you ourselves or automatically, in particular behavioral and preference data as well as technical data. This is the case, for example, when you

    • purchase a vehicle or accessories from us;
    • order a product in our online store;
    • have a vehicle service or repair carried out by us;
    • visit one of our websites or use our WLAN;
    • click on a link in one of our newsletters or otherwise interact with one of our electronic advertising messages.

    We may also derive personal data from existing personal data, e.g. by analyzing behavioral and preference data.

    We analyze the behavioral and transaction data (see section 3.4) that is generated when you visit or make purchases in our online store in order to draw conclusions about your personal interests, affinities and preferences. This helps us to tailor our offers and information to your individual needs and interests. In this way, we can present you with a customized selection of relevant offers (see also the information on profiling in section 9).

    4.3 Data received

    We may also receive personal data from other companies in the Merbag Group (cf. section 2) or from third parties (e.g. from companies with which we cooperate; from persons who communicate with us; from public sources). This is the case, for example

    • from contractual partners, e.g. car manufacturers and suppliers or leasing companies;
    • from other companies within the Merbag Group;
    • from your employer and colleagues in connection with a job application about your professional functions and qualifications;
    • from third parties when correspondence and meetings concern you;
    • from people close to you, such as family members, legal representatives, etc. (e.g. your address for deliveries, references or powers of attorney);
    • from credit agencies, e.g. when we obtain credit information;
    • Swiss Post and address dealers, e.g. for address updates;
    • from banks, insurance companies, sales and other contractual partners for purchases and payments
    • from providers of online services, e.g. providers of Internet analysis services;
    • from information services for compliance with legal requirements such as anti-money laundering and export restrictions;
    • authorities, parties and other third parties in connection with official and legal proceedings;
    • from media monitoring companies in connection with articles and reports in which you appear;
    • from public registers such as the debt collection or commercial register, from public bodies such as the Federal Statistical Office or from the Internet.

    5 For what purposes do we process your data?

    We process your data for the purposes explained below (see also our cookie information). These purposes and the underlying objectives represent legitimate interests on our part and, where applicable, on the part of third parties. You will find further information on the legal basis for our processing in section 6.

    5.1 Contract processing

    We process your personal data for the initiation, administration and processing of contractual relationships, in particular to

    • process offers (preparation of offers for interested parties and customers);
    • decide whether and how (e.g. with which payment conditions) we enter into a contract with you (including credit checks)
    • perform contractually agreed services and provide services (e.g. order and deliver vehicles and goods, provide services), including personalized services;
    • to offer test drives and to check identity and driver's license in this context;
    • to carry out Eurotax valuations (e.g. to determine the value of the vehicle);
    • maintain and manage vehicle master data and vehicle sales data;
    • redeem vehicles (e.g. application for a license plate and vehicle registration document at the road traffic office);
    • arrange purchases and services (e.g. processing and forwarding leasing applications and transactions or insurance transactions);
    • handling damage and insurance claims (e.g. vehicle damage analysis, registration and handling of insurance claims);
    • operate filling stations and charging stations (e.g. provision of fuel cards for customers, operation of the filling station/charging stations and billing);
    • organizing and conducting prize draws and competitions;
    • to continuously analyze and improve the range of products and services (e.g. customer satisfaction analysis)
    • to invoice our services and for accounting in general;
    • to check the suitability of applicants for an open position and, if necessary, to prepare and conclude the employment contract;
    • to check whether we want to and can work with a company and to monitor and assess its performance;
    • to prepare and process corporate transactions (e.g. company acquisitions, sales and mergers);
    • enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
    • to store data within the scope of retention obligations;
    • cancel and terminate contracts.

    5.2 Communication

    We process your personal data for purposes related to communication with you, in particular

    • Responding to inquiries (e.g. submitting vehicle offers);
    • Arranging a test drive or a consultation appointment;
    • Vehicle service management (e.g. identification, processing, administration and handling of service appointments and orders);
    • general questions and contacts;
    • Customer service and customer care;
    • Communication in connection with product recalls;
    • Delivery of other notifications (e.g. order or service status);
    • Training and quality assurance;
    • Communication in connection with all other processing purposes (e.g. contract processing, information and direct advertising, in particular in the context of events);
    • Communication during the application process if you apply for an open position.

    In particular, we use communication data, master data and, if the communication relates to a contract, contract data.

    5.3 Information and marketing

    We process personal data for marketing purposes and to maintain relationships, in particular in order to

    • Send (personalized) written, electronic and telephone communications and offers (e.g. newsletters, advertising or company brochures and other printed materials);
    • carry out marketing campaigns (e.g. advertising messages and commercials; invitations to events, competitions and contests);
    • operate our customer relationship management system ("CRM");
    • operate the customer cockpit (provision of customer key figures such as sales, revenue/customer, last workshop visit, to identify customer loyalty measures).

    This may involve our own offers (including those of other companies in the Merbag Group) or those of the car manufacturer or supplier (in particular Mercedes-Benz Schweiz AG, Daimler Truck Schweiz AG and smart Schweiz GmbH and their affiliated companies, such as Mercedes-Benz Financial Services Schweiz AG). We may also act on behalf of Mercedes-Benz Schweiz AG, Daimler Truck Schweiz AG or smart Schweiz GmbH and their affiliated companies.

    In particular, we use master data, contract data, communication data, behavioral data and preference data, as well as image and sound recordings.

    Unless we separately ask for your consent to contact you for marketing purposes, you can refuse such contact at any time (see section 12). In the case of newsletters and other electronic communications, you can usually unsubscribe from the relevant service via an unsubscribe link integrated into the communication.

    5.4 Market research and product development

    We continue to process your personal data for market research, to improve our services and our operations and for product development, in particular for

    • Conducting customer surveys and polls;
    • Further development of our offers;
    • Evaluating and improving our communication in connection with offers;
    • Optimize and improve the user-friendliness of the website;
    • review and improve our internal processes
    • statistical analysis;
    • market observation (e.g. to understand and respond to current developments, the supply situation and trends).

    In particular, we process master data, contract data, behavioral data and preference data, as well as communication data and information from customer surveys and polls.

    5.5 Job applications

    We process personal data about applicants, in particular if this is necessary for

    • the assessment of suitability for an employment relationship;
    • the subsequent conclusion of an employment contract.

    The required personal data results in particular from the information requested (e.g. as part of a job advertisement). We also process the personal data that applicants voluntarily provide or publish, in particular as part of cover letters, CVs and other application documents as well as online profiles.

    If you consent to this as an applicant, we may store your details in our candidate pool in order to consider and inform you of future vacancies.

    5.6 Security and prevention

    We may also process your data for security purposes (including IT security, theft, fraud and abuse prevention and for evidence purposes) and for access control, in particular:

    • Making and evaluating video recordings to detect criminal acts;
    • Evaluation of system-side recordings of the use of our systems (log data);
    • Preventing, defending against and investigating cyberattacks and malware attacks;
    • Monitoring, checking, analyzing and testing our networks and IT infrastructures as well as system and error checks;
    • Physical access controls (e.g. access to office premises);
    • Documentation purposes and creation of backup copies.

    For this purpose, we use all categories of personal data mentioned in section 3, in particular behavioral and preference data as well as image and sound recordings.

    5.7 Compliance with legal requirements

    We process personal data to comply with laws, directives and recommendations from authorities and internal regulations ("compliance") and to prevent and detect violations, in particular to

    • Implementation of health and safety concepts;
    • Carrying out quality and certification audits as well as internal audits
    • Clarification of business partners;
    • Carrying out internal investigations, including following up on reports in our whistleblower system;
    • Ensuring compliance and risk management;
    • Receiving and processing complaints and other reports, including data protection, supervisory and tax law obligations to provide information, information or reports;
    • Fulfillment of retention obligations;
    • Compliance with orders from a court or authority (e.g. disclosure of information and documents, cooperation in external investigations);
    • Ensuring the legally required data security;
    • Preventing, detecting and investigating criminal offenses and other violations and abuses;
    • combating money laundering and terrorist financing as required by law.

    This may involve Swiss or foreign law, self-regulation, (industry) standards, corporate governance or official instructions.

    For all of these purposes, we may process all of the categories of personal data listed in section 3.

    5.8 Protection of rights

    We process personal data to protect the law, in particular to

    • Enforce claims before, outside and in court as well as before authorities in Switzerland and abroad and to defend ourselves against claims;
    • clarify the prospects of legal proceedings and other legal, economic or other issues;
    • participate in proceedings before courts and authorities in Switzerland and abroad;
    • to secure evidence;
    • to have the prospects of litigation clarified;
    • to submit documents to an authority;
    • to comply with requests from authorities to disclose documents and data carriers.

    For this purpose, we use different personal data depending on the constellation.

    5.9 Group-internal administration and support

    We process personal data for our internal Group administration, in particular for

    • IT administration;
    • Accounting and financial management;
    • Accounts receivable accounting (e.g. processing and posting of customer invoices and payments, monitoring and collection of outstanding customer invoices);
    • Accounts payable (e.g. recording, posting and payment of vendor invoices);
    • Data storage and management of our archives;
    • Training and education;
    • Property management (caretaking);
    • centralized storage and management of data used by several Merbag Group companies;
    • Examination or implementation of transactions under company law (e.g. company acquisitions, sales and mergers);
    • Forwarding inquiries to the relevant departments (e.g. if you send an inquiry to Mercedes-Benz Automobil AG concerning a branch office);
    • sale of receivables, where we provide the purchaser with information such as the type and amount of the receivable and the debtor's contact details;
    • general review and improvement of internal processes.

    In particular, we process master data, contract data and technical data, as well as behavioral and communication data.

    6 On what legal basis do we process your personal data?

    If we ask for your consent for certain processing (e.g. for the processing of particularly sensitive personal data, for marketing mailings and for advertising control and behavioral analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time with effect for the future (see section 2 on contact options). Information on revoking your consent to online tracking can be found in the cookie information. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent will not affect the lawfulness of processing based on your consent before its withdrawal.

    Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you or that we or third parties have a legitimate interest in it, in particular in order to pursue the purposes and associated objectives described above under Section 5 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with statutory provisions, insofar as this is not already recognized as a legal basis by the applicable data protection law (e.g. the FADP in Switzerland or the GDPR in the EEA). However, this also includes the marketing of our products and services, the interest in better understanding our markets and the secure and efficient management and further development of our company, including its operations.

    If we receive sensitive data (e.g. health data, information on political, religious or ideological views), we may also process your data on the basis of other legal grounds, e.g. in the event of disputes due to the necessity of processing for possible litigation or the enforcement of or defense against legal claims. In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.

    7 To whom do we disclose your data?

    7.1 Within the Merbag Group

    We may disclose personal data to other companies in the Merbag Group. Disclosure may be for internal group administration or to support the group companies concerned and their own processing purposes, in particular for the centralized management of marketing activities and IT infrastructure:

    • Centralized management of marketing activities and IT infrastructure;
    • centralized accounting and controlling;
    • central administration and processing of contractual relationships, in particular in connection with applicants;
    • Development and improvement of products and services;
    • Support in the protection of rights.

    7.2 Outside the Merbag Group

    We work with service providers in Switzerland and abroad who regularly process personal data on our behalf as so-called "processors". As such, they are obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. This includes

    • IT providers/IT services (e.g. data storage/hosting, cloud services, sending email newsletters/text messages, data analysis and refinement, online store providers, etc.);
    • Car manufacturers and suppliers and their affiliated companies;
    • Body manufacturers;
    • Shipping companies/forwarding and logistics;
    • Printing services;
    • Advertising and marketing services (e.g. for sending communications and information);
    • Company administration (e.g. bookkeeping or asset management);
    • Service providers for the organization and implementation of events;

    In other cases, these service providers are jointly or independently responsible with us (e.g. if you have given us your consent or we are legally obliged or entitled to disclose). These include:

    • Car manufacturers or suppliers or leasing companies (e.g. for our own and joint marketing activities, marketplace for vehicles);
    • Advertising providers with whom we work on the website (e.g. Google, Facebook, etc.);
    • Banks;
    • Insurance companies;
    • payment service providers;
    • Consulting service providers (e.g. external auditors, tax consultants, lawyers; management consultants; recruitment agencies);
    • Debt collection agencies;
    • Credit and credit agencies;
    • address verifiers;
    • Courts and authorities in Switzerland and abroad (e.g. road traffic authorities, criminal prosecution authorities in cases of suspected criminal acts).

    8. how do we disclose personal data abroad?

    As explained in section 7, we also disclose data to other bodies. These are not only located in Switzerland and the European Economic Area (EEA). In certain cases, your personal data may therefore also be processed in the USA; in exceptional cases, however, in any country in the world. These countries may not have laws that guarantee an adequate level of data protection from the perspective of the FADP or the GDPR.

    If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (so-called standard contractual clauses), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply, in particular, in the case of legal proceedings abroad, if the execution of a contract requires such disclosure or if you have given your consent. The standard contractual clauses we use have been approved, issued or recognized by the European Commission and the Federal Data Protection and Information Commissioner (see here, for example). However, such contractual precautions cannot completely eliminate all risks (in particular of government access abroad).

    9 What applies to profiling?

    We may automatically evaluate certain personal characteristics of you for the purposes stated in Section 5 using your data (Section 3) ("profiling") if we want to determine preference data (in particular, evaluation of usage and purchasing behavior in our online store and assignment of interests and individual offers), but also to determine abuse and security risks, to carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioral and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics. In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling. If these can have legal consequences or significant disadvantages for you, we always provide for a manual review.

    10 How long do we process your data?

    We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require it or storage is technically necessary.

    We are guided by the following retention periods:

    • Contracts: We generally retain master and contract data as well as related behavioral and preference data for ten years from the last contract activity or from the end of the contract.
    • Communication data: E-mails , messages via the contact form and written correspondence are generally stored for ten years.
    • Technical data: We generally store log data for 14 months. Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
    • Image and sound recordings: The retention period varies depending on the purpose. It ranges from a few days for recordings from security cameras to several years for reports on events with images.
    • Job applications: We generally delete application data within six months of completing the application process or rejecting an application. With your consent, we will store your application data in our candidate pool for up to two years so that we can consider you for future vacancies. In the event of application rejections, we also store the associated anonymized summary data (e.g. gender, age, reason for rejection, nationality, type of application received, vacancy, etc.) for up to five years for statistical purposes.

    After the aforementioned periods have expired, we delete or anonymize your personal data, unless a longer retention period is indicated in individual cases or for the reasons stated above (evidentiary purposes, legal or contractual requirements, technical requirements).

    11 How do we protect your data?

    We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access.

    12 What rights do you have?

    Under certain circumstances, the applicable data protection law grants you the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing.

    Insofar as the applicable requirements are met and no legal exceptions apply, you also have the right to

    • to request information about the personal data we have stored about you;
    • to have incorrect or incomplete personal data corrected;
    • to request the deletion or anonymization of your personal data
    • to request the restriction of the processing of your personal data
    • to request the disclosure of certain personal data in a commonly used electronic format or its transfer to another controller
    • to withdraw your consent with effect for the future, insofar as our processing is based on your consent.

    If you wish to exercise such rights, please contact us (our contact details are in section 2).

    So that we can rule out misuse, we must identify you (e.g. with a copy of your ID, if this is not otherwise possible).

    You also have the right to lodge a complaint with the data protection supervisory authority in your country:


    13. can we change this privacy policy?

    We may amend this Privacy Policy at any time. The version published on this website is the current version.

    Version 2.1

    Search