Privacy policy
Persons concerned
This data protection declaration is directed at all persons who visit our website. All personal designations refer to both male and female and diverse persons and language forms and are always to be understood with the addition "(m/f/d)".
Person responsible
The person responsible for processing the personal data of visitors to this website is: Choice AG, Thomas-Mann-Strasse 16-20, 90471 Nuremberg, T: +49 911 480 499 0, E: info@choice.de, Mr Antonio Pardo, Mr Bego Jasenac, Mr Hannes Beyer. Together with Jaguar Land Rover Europe and Jaguar Land Rover España S.L.U, we operate “Jaguar & Land Rover Rent”. Our data protection officer is the lawyer Dr. Stephan Gärtner (Data Protection Officer certified by TÜV Süd), who can be contacted by e-mail to request@thenextstanhope.de.
Rights
(1) The data subjects have the following rights with regard to the data stored about them: the right to information, the right to correction of incorrect data, the right to deletion of data for whose further storage there is no basis for permission, to restriction of processing and to data portability. Furthermore, they have the right to complain to the responsible supervisory authority.
(2) Insofar as the processing is based on the consent of the data subjects, the data subjects may revoke their consent at any time and with effect for the future; for example, by sending an informal message to one of the above-mentioned contact channels (controller).
(3) Insofar as the processing is based on the fulfilment of a legitimate interest, thus on Article 6 (1) sentence 1 lit. f DSGVO, the data subjects may object to the processing at any time, for example by sending an informal message to one of the above-mentioned contact channels (responsible party). If the objection is justified, the processing will be terminated. If the legitimate interest lies in direct marketing, the objection is always justified.
Transfer outside the European Union
(1) If personal data are transferred to bodies outside the European Union, the controller must communicate supplementary safeguards in accordance with Article 44 et seq. DSGVO.
(2) If the controller refers to a so-called adequacy decision in the following privacy statement, this means that the receiving body is located in a country, territory or specific sector for which the EU Commission has decided that it offers an adequate level of data protection. The guarantee then follows from Article 45 GDPR.
If the controller refers to the so-called EU standard contractual clauses in the following data protection declaration, this means that the receiving body has contractually committed itself to respecting the EU data protection principles on the basis of the so-called EU standard contractual clauses, the guarantee then follows from Article 45 of the GDPR.
(4) If the controller refers to so-called binding, internal data protection regulations in the following data protection declaration, this means that the competent supervisory authority has approved the transfer. The guarantee then follows from Article 47 DSGVO.
(5) If the controller refers in the following privacy statement to the fact that the data subjects have expressly consented to the transfer to a country outside the European Union, this means that they nevertheless consent to the transfer in the knowledge of all the risks involved. The guarantee then follows from Article 49(1)(a) of the GDPR. In this context, we point out the following risks: No data protection law comparable to the GDPR has been codified in the EU. The state authorities there have approved intensive data access, whereby the principle of proportionality regulated in the EU is not applied. Furthermore, there is no effective legal protection for EU citizens in these countries.
(6) The above advice is given only as a precautionary measure. They only apply if and insofar as reference is made to them in the following data protection declaration.
Further notes
(1) Automated decision-making, including profiling, does not take place.
(2) There is only a legal obligation to process data if reference is made below to Article 6 (1) sentence 1 lit. c DSGVO.
Data processing in principle
(1) The data subjects initially use the website for information purposes, i.e. they call up the website without actively interacting with it. In doing so, the data controller collects the following data of the data subjects, insofar as this is technically necessary for the presentation of the website: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, Internet page from which the request comes, browser, operating system and its interface, language and version of the browser software. The purpose is the presentation of the website. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO, whereby the legitimate interest results from the aforementioned purpose.
(2) After the end of the informative use, the data is deleted. The purpose is the fulfilment of a legal obligation (Article 5(1) litt. a, e DSGVO). The legal basis is Article 6 (1) sentence 1 lit. c DSGVO.
Data processing on the basis of a legitimate interest
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website on the basis of a legitimate interest. The legal basis is then Article 6 (1) sentence 1 lit. f DSGVO.
(2) Reference is made to the following processing operations:
Promotional contact with contractual partners
The data controller processes the e-mail address and the name of the data subjects in order to send them useful information by e-mail at regular or irregular intervals. Furthermore, he stores the information that a contractual relationship exists or existed between them and him in order to be able to prove the legitimate interest. The legitimate interest here follows from the fact that there is a contractual relationship between the data subjects and the controller, in the context of which the promotional approach by e-mail is part of the usual expectations of the data subjects. This is supported by recital 47, sentence 7. The following data are processed: (1) e-mail address, (2) name and (3) the status data of the contractual relationship.
Special note on the right to object: Data subjects can object to the use of their data for this purpose at any time; for example, by sending an informal message to the person responsible (contact channels can be found at the beginning of this statement and in the imprint). In particular, data subjects may object without incurring any costs other than the transmission costs according to the basic rates.
Rights management and external legal advice if applicable
If the data subjects make claims of any kind against the data controller, the data will be processed as follows.
1. the data controller receives the request and stores all related data. 2. the data controller uses these data to examine the request.
2. The data controller will use the data to investigate the request. If necessary, he will seek external legal advice. 3.
3. if the request is justified, use the data to respond to the request. Otherwise, the data will be used to inform the data subjects.
4. The data controller shall retain the data involved in the processing referred to in points (1) to (3) for three years, starting on 31 December of the calendar year in which step (3) took place.The legitimate interest in points (1) to (3) stems from the interest of the data subjects in having the claims processed and from the interest of the controller in avoiding claims and sanctions. The legitimate interest in point 4 follows from the need of the data controller to be able to defend itself later against civil claims and accusations of fines and criminal law. This interest in storage according to number 4 ends with the expiry of the limitation period according to §§ 193, 195 BGB. The following data are processed in this context: Name, contact details and communication content.
External web hosting
The controller has contracted third party service providers to provide storage space and delivery for the publication of this website. In order for these service providers to fulfil their mandate, they necessarily receive some data of the data subjects. The legitimate interest follows from the claim to be allowed to present oneself publicly. In this context, the following data are processed: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software; possibly also communication and interaction data from the behaviour of the data subjects.
Data processing in connection with contracts
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website in order to establish, execute and/or terminate contracts. The legal basis is then in principle Article 6 (1) sentence 1 lit. b DSGVO. Only in the event that the data subjects are employees (including applicants), the legal basis is Article 88 DSGVO in conjunction with. § Section 26(1) BDSG2018.
(2) Attention is drawn to the following processing operations:
Form
The data controller provides a form tool on the website. This is used for communication between the data subject and the data controller, whereby the data subject's entries are documented and transmitted to the data controller. The following data is processed in this process: Data on the content, manner and scope of the entries in the respective form.
Login-Area
On this website, data subjects have the possibility to register for the use of an internal area, to subsequently log in to it and finally to log out again. When they register for the internal area, the controller collects the data they provide during the registration process. Within the internal area, the controller registers actions of the data subjects to the extent necessary to provide the internal area with its functions. The following data is processed: (1) the registration data entered by the data subjects, (2) the data on logins, (3) on actions performed by the data subjects within the log-in area, (4) on the log-out status.
Data processing on the basis of consent
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website on the basis of consent. The legal basis is then in principle Article 6 (1) sentence 1 lit. a DSGVO. Only in the event that the data subjects are employees (including applicants), the legal basis is Article 88 DSGVO in conjunction with. § Section 26(2) BDSG2018.
(2) Attention is drawn to the following processing operations:
Consent for registration to the login area
If the data subject consents to this during registration, the personal data collected during registration will be transmitted to Jaguar Land Rover Europe and Jaguar Land Rover España S.L.U and the Jaguar dealers so that they can contact the data subject for advertising purposes, either by post, by telephone, by e-mail or via social networks. The consent text is authoritative in this respect.
Analysis of usage behaviour
So-called cookies are used to analyse the user behaviour of the persons concerned on this website. These are text files that are stored on the computer of the person concerned and enable an analysis of the use of the website. The information about the usage behaviour is used to create reports about the activities and interactions. The data controller here uses this data to be able to regularly improve the user experience on the website. The statistics obtained also enable him to improve his offer in order to direct the interest of the persons concerned more specifically to products and services that are suitable for them. The following data is processed: cookie-based data on interactions (in particular the order of interactions, length of stay).
External fonts
External font directories are accessed in connection with the website. In this context, data is transmitted to external providers who use it to determine the results and success of certain fonts in order to optimise them as their own offering. In concrete, this is what happens: As soon as the data subjects visit the website here, their browsers send HTTP requests to the external providers of the fonts. The requested URL identifies the font families for which the user would like to load fonts. This data is logged so that the external provider can determine how often a particular font family is requested. Furthermore, the font is adapted to the respective browser type, which in turn requires the collection and storage of browser type data. This data is processed to generate aggregated usage statistics that measure the popularity of font families. This also generates statistics that are in turn used to optimise fonts. Finally, the referral URL is logged so that the data can be used for production maintenance and to generate an aggregated report on top integrations based on the number of font requests. The length of storage depends on the provider. The following data is processed: cookie-based data on interactions (in particular the order of interactions, length of stay).
Data processing for compliance with a legal obligation
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website in order to fulfil a legal obligation. The legal basis is then Article 6(1) sentence 1 lit. c DSGVO.
(2) Attention is drawn to the following processing operations:
Retention of data in connection with contracts
Insofar as the data controller collects data in order to establish, execute and/or terminate contracts, it shall in principle retain data relevant for the taxation of the data controller for six years. In deviation from this, data shall be retained for ten years as an exception, provided that they result from internal documents (books and records, inventories, annual financial statements, management reports, the opening balance sheet as well as the work instructions and other organisational documents required for their understanding, accounting vouchers). The purpose is to fulfil the legal obligation to retain documents under § 147 AO.
Retention of data proving the granting of consent
Insofar as the controller processes data on the basis of consent, the controller shall store the data proving the granting of consent for three years. The period begins when the consent is revoked or the processing subject to consent ends, whichever occurs earlier. The purpose is to comply with the obligation to retain data pursuant to Article 7(1) DSGVO in conjunction with. Article 5(2) of the GDPR. The period is determined according to the statute of limitations under administrative offence law pursuant to Article 31(2)(1) OWiG in conjunction with. Article 83(4) and (5) of the GDPR.
Processing to document consent (cookie consent)
As soon as the data subjects open the website here, a banner appears through which the data subjects can make declarations on the use of data processing tools. Their declarations and any subsequent modifications to these declarations are documented. As a rule, the following data are processed: IP address, date and time of the declaration, time zone difference to Greenwich Mean Time (GMT), content of the declaration. The purpose is the fulfilment of a legal obligation within the meaning of Article 7(1) DSGVO.
Double-Opt-In
In order to obtain consent for advertising by e-mail, the person responsible uses the so-called double opt-in procedure. This means that after they have registered, he sends an e-mail to the e-mail address provided in which he asks them to confirm their consent. If they do not confirm their registration within 30 days, their information is blocked and automatically deleted after one month. In addition, the responsible party stores the IP addresses used and the times of registration and confirmation. The purpose of the procedure is to be able to prove their registration and, if necessary, to clarify a possible misuse of their personal data. The legal obligation follows from Article 7 (1) DSGVO and Article 5 (1) DSGVO. This is because according to these regulations, the data controller here is legally obliged to document that consent has been obtained. This is only possible if the data subject's data is collected for verification purposes.
Processors and third parties receiving data
The following third-party providers receive access to personal data of visitors to the website as part of the data processing described above:
Third-party provider: The analysis tool "Google Analytics" is used. It is provided by Google Ireland Ltd. (Ireland - EU), which has been commissioned in accordance with Article 28 DSGVO. In this regard, it should be added: The IP address is shortened beforehand by the provider within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there. The IP address transmitted by the browser when using this tool is not merged with other data by the provider. The tool is also used for a cross-device analysis of visitor flows, which is carried out via a user ID. The persons concerned can deactivate the cross-device analysis in their customer account under "My data", "Personal data". For information purposes, it should be noted that this tool is used with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. Insofar as the data collected about the persons concerned is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted. The fact that the data is transferred to the USA, possibly in cooperation with Google LLC (USA), does not prevent processing. This is because the transfer is justified according to Article 45 DSGVO. The map display tool "Google Maps" and the font tool "Google Font" are also used by this provider.
Third-party provider: The web host "noris network" of noris network AG (EU - Germany) is used.
Our Cookies
| Title | Description | Containing cookies | Required | Selected |
|---|---|---|---|---|
| Required | These cookies are necessary for the operation of the website. This includes session variables, functions for controlling the login process or user account management, etc. | cbc PHPSESSID fe_typo_user klaro |
Yes | Yes |
| Comfort | These cookies are not absolutely necessary for the operation of the website, but enable you to use functions that make your stay more pleasant for you, e.g. sorting and search functions. | preferred_language | No | No |
| Statistic | These cookies are not absolutely necessary for the operation of the website, but they give us the opportunity to continuously improve our application and to optimize it for you, e.g. by statistical evaluations. | _gat_gtag_UA_89210413_1 _gid _ga _sesid |
No | No |
| Others | These cookies are not absolutely necessary for the operation of the website. They might be used by map views, translations, etc., which make your stay on our site more pleasant. | No | No |
Daily, weekly and monthly rentals
Collect and return at official retailer
24-hour roadside assistance