top of page

Заява про конфіденційність AG24

Protecting your personal data is of the utmost concern to us.

We generally refers to AG24 Informationssysteme GmbH (ag24.pro@gmail.com). If you have a user agreement with us in the United Kingdom, your contractual partner may, depending on the content of your contract documents, be AG24 Information Systems Ltd. This Privacy Statement applies both for AG24 Informationssysteme GmbH and for AG24 Information Systems Ltd (hereinafter referred to jointly as “AG24 Information Systems Ltd.”) as controllers within the meaning of data protection law.

This Privacy Statement is intended to inform you about AG24 policy regarding your personal data when you use

  • the websites available at www.ag24.pro - possibly other addresses (“AG24 websites”)

  • the following locally installed software products and web services (collectively referred to as “AG24 Information Systems Ltd.”):

This Privacy Statement supplements AG24 General Terms and Conditions governing the use of the relevant AG24 services.

1. AG24 Policy for Processing Your Personal Data

LexCom has adopted the following policies with a view to protecting your personal data during the use of the AG24 websites: 

  • AG collects, processes and uses your personal data in compliance with the relevant data protection legislation of the Federal Republic of Ukraine. 

  • AG24 uses your personal data primarily to enable you to use the AG24 services. In these cases, the processing is necessary for fulfilment of the contract on the basis of Art. 6 (1) b) GDPR. In addition, AG24 may process the processed data for further purposes in the interests of the AG24 user. Any further processing takes place exclusively on the basis of a legitimate interest in accordance with Art. 6 (1) f) GDPR, or consent by the AG24 user in accordance with Art. 6 (1) a) GDPR. In these cases, your data will be processed anonymously or pseudonymously if possible.

  • In cases where personal data is processed by a data processing company or passed on to a third party, the processing is always carried out only on the basis of a data processing agreement in accordance with Art. 28 GDPR, on the basis of standard data protection clauses in the case of transmission to third countries in accordance with Art. 46 GDPR or on the basis of a legitimate interest pursuant to Art. 6 (1) f) GDPR.

2. Terms and Definitions in the Privacy Statement

LexCom uses certain fixed terms in this Privacy Statement, which are defined as follows:

  • “Personal data” includes all information referring to a natural person who is or could be identified.

  • The users registered for a specific LexCom software and/or a specific LexCom web service are referred to as “LexCom users”.

  • AG24 services” includes all products and services listed under “AG24 software” and “AG24 web services”.

3. What does AG24 know about you, what do you allow AG24 to do, and how is your personal data handled?

3.1 Registration information

When you register to use the AG24 services, AG24 has to process certain personal data from you as your registration information (hereinafter referred to as “registration data”). First and foremost, this information is your:

  • Company ID/ID

  • User name / Email address

  • Password

AG24 must process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)), as the AG24 services can only work properly with this information. In some cases, access to one AG24 web service also allows access to another web service. In this case, your registration details will be processed for logging in to the other AG24 web service using the “single sign-on” procedure.

Furthermore, you need to fill in certain mandatory fields during registration, for example, your first name, surname, the name and address of your company, and your e-mail address (the mandatory fields of the AG24 web services may vary).

AG24 must also process this registration information in order to fulfil the requirements of your contract with AG24 (Art. 6 (1) b) GDPR) in particular for the following purposes:

  • To set up and administer your user account, e.g. to verify your data, to assign you the necessary rights and roles or to enable you to access the AG24 services and specific functions. For individual services and certain user roles, e.g. as a dealer, it may be necessary to forward your data to manufacturers/importers for approval.

  • For the correct billing of licenses. If this is done via importers/manufacturers, your data must be forwarded to them.

  • To establish contact, e.g. to fulfil the customer service and to provide you with important information regarding the current contractual relationship (such as changes in support structures, announcements regarding new program versions and important features).

  • For shipping hardware and software.

In addition, we process your data based on a legitimate interest in accordance with Art. 6 (1) f) GDPR, in particular for the following purposes:

  • To send you, for example, news and help topics about the use of the AG24 services you have licensed, to contact you regarding offers and promotions for own or similar goods and/or services or to ask you about your usage and satisfaction regarding existing products and/or functionalities. In these cases, you are generally free to object to the processing of your data for these purposes.

  • With the exception of the password, your data may also be evaluated internally together with usage data and order data and forwarded to dealers/order recipients, manufacturers and/or importers. In this case, the purpose of the processing is to provide an overview of the orders received as well as to measure success and usage and optimise the product and sales for the benefit of the user. Personal data is only evaluated if this is essential to achieve the purpose and is otherwise pseudonymised or anonymised.

3.2 Payment data

Where necessary, AG24 processes your payment data, such as credit card or bank details, for the purpose of payment handling and accounting as necessary for the selected mode of payment. Depending on the AG24 service used and to the extent necessary to process your transaction, your payment data will be transferred to the service providers Adyen, GetNet and Allpago as well as financial institutions or may be collected directly and processed by these organisations. Your payment data is stored in order to enable payment handling and accounting for the automatic extension of your subscription. We process your credit card data in accordance with the PCI DSS security standard. That means, for example, that AG24 never stores your credit card data as plain text.

AG24 must process your payment data in order to fulfil the requirements of your contract with AG24 (Art. 6 (1) b) GDPR). AG24 needs this information to invoice the AG24 services as well as to contact you about any issues related to payment or performance of contracts.

3.3 Usage data

As described below, AG24 processes data about the scope and nature of your use of the AG24 services (hereafter referred to as “usage data”). This includes the following data:

  • Searches and navigation in brand catalogues

  • Use of functions, buttons, tabs etc.

  • Creation of shopping baskets and execution of orders

  • Type and scope of the vehicles researched based on the chassis numbers (VIN) entered

We process your usage data to fulfil the contract in accordance with Art. 6 (1) b) GDPR, provided that the use of individual AG24 services is subject to a charge depending on the scope of use. In this case, the monitoring and evaluation of your scope of use is necessary in order to charge you for the use or to determine the need for a paid subscription.

In addition, we process your data based on a legitimate interest in accordance with Art. 6 (1) f) GDPR, in particular for the following purposes:

  • To analyse the use of AG24 services and their functions in a targeted manner, to measure their relevance and success and to develop them further. This processing is exclusively for the purpose of developing the AG24 services in the interests of the user. At no time will the usage behaviour of specific accounts or users be analysed. Personal data is pseudonymised and/or anonymised as far as possible and otherwise only processed if essential to achieve the purpose, or if you have given us your consent in accordance with Art. 6 (1) a) GDPR.

  • In order to detect any illegal and/or improper use of the AG24 services, we must also analyse the use of the AG24 services on an ongoing basis and, if there is a reasonable suspicion of abuse, contact responsible user accounts and/or users or restrict and/or block their access and, if necessary, terminate the user contract. The purpose of this processing is to protect the AG24 services and the data they contain as well as to protect the AG24 users and their data against misuse and attacks.

3.4 Order data

The AG24 services may provide the option to order spare parts from other AG24 users. All data processed within the framework of created shopping baskets as well as the transmission of order inquiries and orders is referred to here as “order data”.

AG24 transfers the data collected from you on a case by case basis within the LexCom services used to the respective order recipients. This processing serves the purpose of contract fulfilment in accordance with Art. 6 (1) b) GDPR. Further processing of your data by the order recipient for carrying out the order and, if necessary, transfer of your data into its own systems takes place under the responsibility of the order recipient outside our control.

In addition, AG24 may pseudonymise/anonymise order data for the purpose of designing, enhancing and optimising the AG24 services as needed and analyse it internally in this form for its own purposes based on a legitimate interest pursuant to Art. 6 (1) f) GDPR and, if necessary, forward it to dealers/order recipients, manufacturers and/or importers. Personal data is processed and forwarded exclusively on the basis of the consent of the AG24 user in accordance with Art. 6 (1) a) GDPR.

3.5 Contact by e-mail or using contact forms

AG24 processes the data entered via the contact forms available on the AG24 websites, in the AG24 services as well as the data received via the contact e-mail addresses provided to handle your request or concern. Under no circumstances will this data be processed for any other purpose. Your personal data is processed on the basis of Art. 6 (1) b) GDPR.

3.6 Log files

Each time you open the AG24 website and whenever you log in to the AG24 services, access data is saved in a log file. The data stored includes, in particular, the IP address, AG24 company ID, user name, session ID, login time and cookies and, if applicable, vehicle data (chassis number, vehicle registration number).

AG24 processes this log data for the purposes of fulfilling the contract in accordance with Art. 6 (1) b) GDPR to detect and correct any technical problems such as defective links or program bugs, i.e. to improve and develop the LexCom services and provide customer service.

In addition, we process your data based on a legitimate interest in accordance with Art. 6 (1) f) GDPR, in particular for the following purposes:

  • To analyse the use of LexCom services and their functions in a targeted manner, to measure their relevance and success and to develop them further. This processing is exclusively for the purpose of developing the AG24 services in the interests of the user. At no time will the usage behaviour of specific accounts or users be analysed. Personal data is pseudonymised and/or anonymised as far as possible.

  • In order to detect any illegal and/or improper use of the AG24 services, we must also analyse the log data for the AG24 services on an ongoing basis and, if there is a reasonable suspicion of misuse, contact responsible user accounts and/or users or restrict and/or block their access and, if necessary, terminate the user contract. The purpose of this processing is to protect the LexCom services and the data they contain as well as to protect LexCom users and their data against misuse and attacks.

3.7 Retention of your data

Unless a longer storage period is permitted, e.g. to enforce legal claims, or the data is anonymised/pseudonymised for further processing for our own purposes, log files are stored in our data centre for six months and then automatically deleted.

Your data otherwise mentioned above will be kept only for as long as absolutely necessary to achieve the stated purposes and will be deleted as soon as there is no longer any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for AG24 in accordance with Art. 6 (1) f) GDPR), unless the applicable commercial or tax laws obligate AG24 to retain the data (Art. 6 (1) c) GDPR). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every 12 months, we check whether there is a legitimate interest in retaining the data.

4. Cookies and Pixel Tags

“Cookies” are small files that enable us to store some specific information related to you as a user on your PC or other terminal device when you use the AG24 web services. Cookies help us to make our web services as convenient, efficient and interesting as possible for you. LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)). Only you and AG24 have access to these cookies, which are used for the purposes described below.

When you log in (with your company ID/ID and/or user name and password), the LexCom web services utilise session cookies with which you can be identified for the duration of your visit. The session cookies expire automatically after the end of your session, meaning that they are deleted.

In addition, the AG24 web services use permanent cookies. These cookies store information about visitors accessing the LexCom web services repeatedly (for example, company ID, user name, language, time stamp of previous access). The purpose of these permanent cookies is, firstly, to present you with the relevant web service in the correct language even before you have logged in. Secondly, they enable you to return directly to your previous session if you did not log out after the last time you used the AG24 web service. The cookies we set do not generate an individual profile of your user behaviour. The cookies are automatically deleted within four weeks of your last session.

We utilise pixel tags, web beacons, clear GIFs or similar mechanisms (“pixel tags”). A pixel tag is an image file or a link to an image file that is inserted into the code of the web pages but not stored on your terminal device (e.g. computer, smartphone etc.). Pixel tags enable us, for example, to determine the browser used or the screen resolution. In this way, pixel tags help us optimise the efficiency of our web pages, and revise and optimise our offers and publicity activities. Our use of pixel tags does not involve any reference to any person; nor does any personalised tracking occur. Pixel tags usually work in conjunction with cookies. If you turn off cookies, the pixel tag will simply detect an anonymous website visit.

In addition, cookies and other tracking services are used for marketing or other purposes in the AG24 services exclusively on the basis of your consent in accordance with Art. 6 (1) a) GDPR. You may revoke your consent at any time by opening the consent management tool again in the respective LexCom web service.

In certain circumstances, you may also generally disable the storage of cookies or restrict it to specific websites in your browser, or set your browser to notify you when a cookie is sent. You may also delete cookies from your terminal device at any time. However, please note that the use of LexCom web services is not possible if user cookies are rejected.

5. Other Recipients of Your Personal Data and Transmission to Third Countries

Support by foreign subsidiaries of LexCom

The aforementioned personal data is processed by us in the European Union and, in some cases, by others on our behalf (in particular to provide support) in Brazil, China, Japan as well as in the USA, Mexico and the United Kingdom. Data is processed in these third countries exclusively on the basis of an adequacy decision by the EU or the EU’s standard data protection clauses as defined in Art. 46 GDPR. You can view these clauses at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Hosting at Amazon Web Services (AWS)

For these services, your personal data will be processed on AWS servers. These servers are located in the EU or in another country outside the USA, depending on your place of business or residence. However, we cannot exclude the possibility that personal data may be transferred to AWS’s parent company in the USA or accessed by American authorities under section 702 of the FISA law.

The legal basis for this processing is Art. 6 (1) f) GDPR. We have a legitimate interest in ensuring that our services operate effectively and in compliance with requirements.

Analysis of web traffic by Akamai

In addition, your personal data detailed in the previous sections is processed by Akamai Technologies Inc. (“Akamai”) by integrating delivery, security and analysis services from Akamai.

Firstly, the traffic for the LexCom web services is routed via Akamai servers to enable the LexCom web services to be delivered quickly, reliably and securely, analysed for malicious software and to prevent unauthorised access to them. This processing is carried out on behalf LexCom and constitutes a legitimate interest on the part of AG24 pursuant to Art. 6 (1) f) GDPR.

Secondly, Akamai also processes your data on its own authority in the form of generated log files. These may contain personal data in the form of IP addresses and evaluations of your usage patterns of the LexCom web services, and are used in particular for the purpose of performing security analyses and to detect malicious patterns for the further development of the Akamai services. Akamai does not use this data to identify or profile natural persons. Akamai processes and stores this data predominantly on servers in the US and ensures that the data is transferred exclusively on the basis of EU standard contractual clauses in accordance with GDPR Art. 46. You can view these clauses at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).

6. Availability of the Privacy Statement

You can retrieve and print out this Privacy Statement from any page of the LexCom websites and the websites of each AG24 web service or within the AG24 software by clicking the “Privacy” link.

7. Assertion of Claims and Rights

In accordance with the applicable data protection legislation, you have the right to information about your data (Art. 15 GDPR), to rectification of it (Art. 16 GDPR) and to deletion of it (Art. 17 GDPR) or to restriction of its processing (Art. 18 GDPR) as well as to data portability (Art. 20 GDPR).

You also have the right to file a complaint with the supervisory authority responsible for data protection if you believe that AG24 has failed to comply with the applicable data protection legislation.

8. Right to Object

You have the right to object to the processing of personal data that refers to you under the terms of items 3, 4 and 5 of this Privacy Statement (i.e. processing in accordance with Art. 6 (1) f) GDPR for reasons resulting from your specific situation at any time. In this case, AG24 will no longer process the personal data unless AG24 can demonstrate that it has compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

bottom of page