Privacy Policy

1. AMAG Group Privacy Policy

Version dated 1 June 2019

In this Privacy Policy we, the AMAG Group (AMAG Group Ltd, AMAG Automobil und Motoren AG, AMAG Import Ltd, AMAG Leasing AG, AMAG First AG, AMAG Vaduz AG, AMAG Services AG, AMAG Parking AG and AMAG Corporate Services Ltd, hereinafter collectively referred to as “AMAG”, “we” or “us”), explain how we collect and otherwise process personal data. This Privacy Policy is not exhaustive; other privacy policies, general terms and conditions or participation conditions of the AMAG Group, contracts and similar documents may govern specific circumstances. Personal data is understood to include all information that relates to an identified or identifiable person.

If you provide us with personal data about other persons (e.g. family members or colleagues), kindly ensure that these persons are aware of this Privacy Policy and only disclose their personal data to us if you are permitted to do so, the persons concerned have given their consent and if these personal data are correct.

2. Controller/representative

Unless specified otherwise in a specific case, AMAG Group Ltd (Data Protection – Alte Steinhauserstrasse 12, CH-6330 Cham) is responsible for the data processing that we describe here. If you have any privacy concerns, you may notify us at the above contact address; this applies for all of the AMAG Group companies. Where possible, however, please provide the name of the company of the AMAG Group to which you are referring and, in the event of concerns respecting erasures and access to information, enclose a copy of an identification card. You may also send your concern to us by e-mail at privacy@amag.ch.

Our representative in the EEA region pursuant to Article 27 of the EU General Data Protection Regulation (GDPR) is: AMAG (Vaduz) AG, Austrasse 37, LI-9490 Vaduz.

3. Collecting and processing personal data

We mainly process personal data that we receive from our customers and other business partners as part of our business relationship with them and from other persons involved, or that we collect through operation of our websites, apps and other applications of the users of them.

To the extent allowed, we also gather certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the press or the Internet) or receive such data from other companies within the AMAG Group, from public authorities and other third parties (such as credit bureaus or mailing list brokers). In addition to the data that you give us directly, the categories of personal data that we receive about you from third parties, including but not limited to information from public registers, information that we learn in relation to official and court proceedings, information in connection with your professional duties and activities (so that we may, e.g., conclude and complete transactions with your employer with your assistance), information about you in correspondence and discussions with third parties, credit rating information (if we complete any transactions with you personally), information about you given to us by persons in your personal environment (e.g. family, advisors, legal representatives) so that we may conclude or complete contracts with you or with your involvement (e.g. references, your address for deliveries or powers of attorney), information regarding compliance with legal requirements such as those relating to the combat of money laundering and export restrictions, information from banks, insurance companies, our distribution and other contractual partners so that you can claim or render services (e.g. payments or purchases made), information from the media and the Internet relating to you (if appropriate in a specific case, as part of an application, press review, marketing/sale, etc.), your addresses and possibly your interests and other socio-demographic data (for marketing), or data relating to use of websites (e.g. IP address, MAC address of the smartphone or computer, information on your device and settings, cookies, date and time of your visit, pages accessed and their contents, functions used, referring website or location details).

4. Purpose of data processing and legal bases

We use the personal data collected by us mainly to conclude and execute contracts with our customers and business partners, in particular as part of the car dealership, in the context of the repair, financing and leasing of vehicles and the purchase of products and provision of services by our suppliers and their subcontractors, and to comply with our legal obligations in Switzerland and abroad. If you work for one of these customers or business partners, you may also become a data subject in this capacity with your personal data.

In addition, we process personal data from you and other persons, to the extent that this is allowed and seems appropriate to us, for the following purposes in which we (and sometimes third parties as well) have a legitimate interest that corresponds to the purpose:

  • offering and developing our products, services and websites, apps, and additional platforms on which we have a presence;
  • communicating with third parties and processing their enquiries (e.g. applications or media enquiries);
  • reviewing and optimising procedures to conduct needs analyses for the purpose of approaching customers directly as well as collecting personal data from publicly accessible sources for the purpose of customer acquisition;
  • advertising and marketing (including holding events) provided that you have not objected to the use of your data (if we send advertising to you as an existing customer, you may object to receiving such advertising at any time, in which case we would place you on the list of customers to whom advertising should not be sent);
  • market and opinion research, media monitoring;
  • asserting legal claims and defences in connection with legal disputes and official proceedings;
  • preventing and clarifying criminal acts and other misconduct (e.g. conducting internal investigations or data analyses for the prevention of fraud);
  • assuring our operation, in particular IT, our websites, apps and other platforms;
  • video surveillance to safeguard rights to control who can enter and stay at the premises and other measures for IT, building and system security, and protection of our employees and other persons and assets belonging or entrusted to us (through, e.g., access controls, visitor lists, network and mail scanners or telephone recordings);
  • purchasing and selling business areas, companies or parts of companies and other corporate law transactions and the transfer of personal data related to this; business management measures and compliance with statutory and regulatory obligations; internal rules of the AMAG Group.
If you have given us consent to process your personal data for specific purposes (e.g. when you signed up to receive newsletters or for conducting a background check), we process your personal data within the scope of and based on this consent if we do not have any other legal basis and we require such a basis. Any consent given may be withdrawn at any time, although this will not have any effect on data processing that has already been completed.

5. Cookies/tracking and other technologies in relation to the use of our website

We typically use cookies and similar technologies on our websites and apps with which your browser or your device can be identified. A cookie is a small file that is sent to your computer or automatically saved to your computer or mobile device by the web browser you use when you visit our website or install our app. If you access this website again or use our app, we will be able to recognise you, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your website visit (session cookies), cookies may also be used to store user settings and other information for a certain period of time (maximum two years). These are permanent cookies. You may also set your browser so that it refuses cookies, stores them only for a session or otherwise deletes them prematurely. Most browsers are set to accept cookies by default. We use permanent cookies to enable you to save user preferences (e.g. language or auto login), to better understand how you use our offers and content, and so that we can show you offers and advertising tailored to you. Such functions can also be used by our contracting partners, who in this context can see which users are visiting both our website and their own website. Under no circumstances however do they learn from us who you are, if we even know that ourselves. Certain cookies are set by us and some are also placed by contractual partners with whom we collaborate. If you block cookies, certain functionalities (such as choice of language, shopping basket or ordering processes) may no longer function.

In our newsletter and other marketing e-mails, we incorporate partly, and to the extent permitted, visible and invisible visual elements which, when retrieved from our servers, allow us to determine if and when you opened the e-mail so that we are able to gauge and better understand how you use our offers so we can tailor them to you. You may block this in your e-mail program (most programs are set to do this by default).

By using our websites, apps and consenting to receive newsletters and other marketing e-mails, you agree to the use of these technologies. If you do not want this, you must set your browser and your e-mail program accordingly, uninstall the app (if this cannot be modified in the settings) or have your name removed from the list of newsletter recipients.

On our websites, we sometimes use Google Analytics or comparable services. This is a service provided by third parties who may be located in other countries (in the case of Google Analytics, it is Google LLC in the USA, www.google.com). Using the services of these third parties, we can gauge and assess the use of the website (non-personalised) [this information, which is likewise non-personalised, may also be used by certain contractual partners of ours (e.g. Volkswagen)]. Permanent cookies set by these service providers are also used for this purpose. These service providers do not receive any personal data from us (and also do not store any IP addresses) but are able to follow your use of the website, and to combine this information with data from other websites that you visited, and which are also followed by these service providers, and to use this knowledge for their own purposes (e.g. managing advertising). If you have registered with these service providers yourself, they will know you too. The processing of your personal data by these service providers is then carried out under their own responsibility in accordance with their privacy policy provisions. The service providers only tell us how our respective website is used and do not provide any information about you personally.

We furthermore place social network plug-ins such as Facebook, Twitter, YouTube, Google+, Pinterest or Instagram on our websites. This will be visible to you (typically through the respective symbols). We have configured these elements in such a way that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks are able to register that you are on our website (in particular also where you are within our website), and may use this information for their purposes. The processing of your personal data is then carried out under the responsibility of these operators in accordance with their privacy policy provisions. We do not receive any information about you from these operators.

Our website also uses Adobe Analytics, a web analysis service of Adobe Systems Software Ireland Limited (www.adobe.com), zum Einsatz. Adobe Analytics use cookies, that is text files that are saved on your computer and that allow an analysis to be made of your use of the website. For example, details such as the time of access to our website, duration of the visit and click paths through the website are analysed, without personal data being recorded. Adobe will use this information on our behalf to evaluate the use of the website by the user, in order to compile reports about the activities on the website, and to provide other services related to the use of the website and Internet usage; in some cases the information will also be used in an aggregated and anonymized form by some of our contracting partners (e.g. Volkswagen). If the information provided by the cookie about use of the website is transmitted to an Adobe server, the settings ensure that the IP address is anonymized before geolocation and replaced by a generic IP address before it is stored. The IP address transmitted by your browser within the framework of Adobe Analytics is not merged with other Adobe data. The period for which the cookies are stored is limited to 24 hours. You can prevent cookies from being saved by adjusting the settings in your browser software. However, we point out that in this case it may happen that you are not able to fully use all the functions of this website.

6. Data disclosure and data transfer in Switzerland and/or abroad

We depend on the forwarding of personal data internally with our Group and externally in order to provide our services. This means that we also disclose data to third parties within the scope of our business activities where this is permitted for the purpose set out in section 4 and where it seems appropriate to us; either because they are processing the data for us or because they wish to use the data for their own purposes. This involves, in particular, the following parties:

  • our service providers (within the AMAG Group data as permitted by law and externally, such as banks or insurance companies), including parties processing orders (such as IT providers);
  • dealers, service partners, suppliers, subcontractors and other business partners;
  • customers;
  • authorities, official agencies or courts in Switzerland and abroad;
  • the media;
  • the general public, including the visitors to websites and social media;
  • competitors, organisations in the industry, associations, other organisations and other bodies;
  • purchasers of or parties interested in purchasing business areas, companies or other parts of the AMAG Group;
  • other parties in potential or actual legal proceedings;
  • other companies and holdings of the AMAG Group;
all hereinafter collectively referred to as the “recipients”.

Where necessary for the provision of our services and taking into account the specific purpose, personal data is transmitted to the instances referred to above in Switzerland and the EU as well as to other countries. You must, in particular, expect that your data will be transferred to all countries in which the AMAG Group is represented by Group companies, branches or other offices (this is Switzerland and Liechtenstein), as well as to other countries in Europe and to the USA where our service providers (such as Microsoft, SAP, Amazon or Salesforce) are located. If we transfer data to a country that does not have adequate statutory data protection, we will provide an adequate level of protection, as prescribed by law, through use of the appropriate contracts and/or measures (based in particular on the standard contractual clauses of the European Commission which may be accessed  here, here and here) or the EU Binding Corporate Rules for an adequate level of protection, or will base our actions on the statutory legal exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interests, the publication of personal data, or because it is required to protect the integrity of the data subjects. However, we reserve the right to redact copies for data protection reasons or on grounds of confidentiality, or to provide extracts only.

7. Retention period for personal data

We process and store your personal data for as long as it is required to meet our contractual and statutory obligations or as long as it is required for the purposes pursued by the processing, i.e. e.g. for the entire duration of the business relationship (from the initiation and execution of a contract to its termination and the warranty period, as well as a subsequent service phase) and apart from that in accordance with the statutory obligations regarding retention and documentation. It is possible in this regard that personal data will be retained for the period during which claims may be asserted against us, or if we are otherwise obliged by law to retain such personal data, or legitimate business interests require that the personal data be retained (e.g. for evidentiary and documentation purposes). In principle, as soon as your personal data are no longer required for the purposes indicated above, they will be deleted to the extent possible or rendered anonymous. Generally, shorter retention periods apply in respect of operating data (e.g. system protocols or logs).

8. Data security

To protect your personal data against unauthorised access and misuse, we take appropriate technical and organisational security precautions such as issuing directives and providing training, IT and network security solutions, access monitoring and restrictions, pseudonymisation and controls.

9. Obligation to provide personal data

In the course of our business relationship, you must provide us with the personal data required to enter into and conduct a business relationship, and to perform the related contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without these data, we will generally not be in a position to conclude a contract with you (or with the body or person you represent) or to execute it. In addition, our websites can only be used if certain information to ensure the free flow of data (e.g. IP address) is disclosed.

10. Profiling and automated decision-making

Our processing of your personal data is partially automated with the aim of assessing (profiling) certain personal aspects. We use profiling, in particular, to be able to inform and advise you about products in a targeted manner. For this, we use evaluation tools which facilitate needs-based communication and advertising, including market and opinion research.

To establish and conduct the business relationship and also otherwise, we do not, as a rule, use any automated decision-making (such as is governed by Article 22 of the General Data Protection Regulation of the European Union (GDPR)). In the event that we use such procedures in individual cases, we will inform you about this separately if this is prescribed by law, and will inform you about the related rights.

11. Rights of the data subject

Within the scope of the data protection law which applies to you, and insofar as the law provides for it (as in the case of the GDPR), you have the right of access to information, the right to rectification or erasure of your personal data, the right to restrict data processing, the right to object to our data processing, and the right to the provision of certain personal data for the purpose of the transmission of it to another body (the right to data portability). Please note, however, that for our part, we reserve the right to enforce the restrictions prescribed by law, such as if we are obliged to retain or process certain data, if we have an overriding interest in such data (insofar as we may invoke this interest) or need the data to assert claims. A request for access to information is generally free of charge. A fee may be charged where the request entails a particularly extensive amount of work, the request for access to information is excessive or notorious, unless there is a legitimate interest. If you will incur costs, we will notify you in advance. Regarding the option to withdraw your consent we refer you to section 4. Please note that the exercise of these rights may be in conflict with contractual agreements, and that this may have consequences such as early termination of the contract or costs. In this case, we will inform you in advance if this is not already governed by contract.

The exercise of these rights requires that you provide clear proof of your identity (e.g. by means of a copy of an identification card if your identity is otherwise unclear or cannot be verified). To assert your rights, you may contact us at the address indicated in section 2.

Furthermore, every data subject has the right to assert his or her claims in a court of law or to lodge a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner  (http://www.edoeb.admin.ch). In Liechtenstein, it is the Liechtenstein Data Protection Commission (Liechtensteinische Datenschutzkommission) (www.datenschutzkommission.li).

12. Amendments

We may amend this Privacy Policy at any time without prior notice. The applicable version of the Privacy Policy is the latest version as published on our website. If the Privacy Policy forms part of an agreement with you, we will notify you of any updates to it where this is possible without undue expense.