Data Protection

1. About us

We, HOERBIGER Automotive Komfortsysteme GmbH, are responsible for the collection, processing and storage of your data. Details about us can be found at any time in our imprint: >.

The careful handling of your personal data is our highest priority. During processing, we comply with the statutory provisions, e.g. the German Data Protection Ordinance (DSGVO) and the associated national provisions.

This data protection declaration applies to the websites of our company that can be accessed under our domain ( If you change to websites of other operators within the scope of our offer, there are valid own data protection regulations, for whose contents the respective operators of these websites are responsible.

Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or if we ask you for your consent, we will inform you separately before using the respective service (e.g. for newsletter subscription or when contacting us for a free test).

In addition, we take various security measures to protect your personal data. For example, the transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.


2. Why do we process your data

In principle, you can use our website without disclosing your identity. If you would like to subscribe to our newsletter or get in touch with us, we will ask you for your name and other personal information. It is up to you to decide whether you want to enter this (extended) data or not. Data which we absolutely need from you in order to provide our services are marked as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

  •     Contract initiation pursuant to Art. 6 Para. 1 lit. a) and b) DSGVO
  •     Contract execution pursuant to Art. 6 para. 1 lit. b) DSGVO
  •     Customer management pursuant to Art. 6 para. 1 lit. b) and c), f) DSGVO
  •     Communication and data exchange pursuant to Art. 6 para. 1 lit. a), b), c), f) DSGVO
  •     External image and advertising pursuant to Art. 6 para. 1 lit. a), f) DSGVO
  •     Implementation of declarations of consent pursuant to Art. 6 para. 1 lit. a) DSGVO

Ensuring the proper operation of a data processing system pursuant to Art. 6 para. 1 lit. c) and f) DSGVO


3. Which data do we collect and process from you

We collect different categories of personal data from you. Personal information is any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified directly or indirectly, particularly by association with an identifier such as a name. Personal data includes, for example, information such as your name, address and telephone number. Statistical information that cannot be directly or indirectly associated with you - such as the popularity of individual web pages on our site or the number of users of a page - is not personal data. There are direct and indirect data collected. In both cases, data is only collected to the extent necessary; the data is processed exclusively for the purposes mentioned under point 2. It is up to you to decide whether you wish to send us data that optimises the use of our services for you, but is not necessary for this. Corresponding data fields are marked as 'voluntary'.

The directly collected data includes:

  •     Salutation and name, e.g. in the context of a price inquiry or in the contact form.
  •     Mail address, e.g. for the purpose of receiving the newsletter and contacting us via our contact form.
  •     Address data, e.g. for the purpose of finding a dealer near you
  •     Data that you actively and consciously transmit to us in the course of using our services,
  •     Other data that you voluntarily transmit to us, e.g. data fields filled in by you and marked as 'voluntary'.

In addition, data about you is collected indirectly when you use our services:

  •     Technical connection data, e.g. the page accessed on our website, your IP address, shortened by the last three digits, date and time of access, terminal used, browser configuration data.
  •     Data collected in the context of website tracking and newsletter tracking


Our website is not intended for minors and we do not knowingly collect personally identifiable information from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent or guardian has consented or the consent of the young person. In accordance with Art. 8 Para. 2 DSGVO, the contact data of the legal guardian must be communicated to us in order to convince us of the consent or consent of the legal guardian. This data and the data of the minor will then be processed in accordance with this data protection declaration.

If we discover that a minor under the age of 16 has sent personal data to us without the parent or legal guardian's consent or the consent of the minor, we will delete the data immediately.

4. Who has access to your data and to whom we transmit your data

a) Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.

If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.

We also use service providers to provide services and process your data (e.g. for hosting, sending newsletters, sending letters or e-mails, maintaining and analysing databases, securing our web servers or website tracking). To the extent that these special provisions apply, we have listed them below under the respective service for you. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contract processors have been carefully selected and will only have access to your data to the extent and for the period required that is necessary for the provision of the services or to the extent to which you have consented to the processing and use of the data.

b) Data exchange within the group of companies

An exchange of data within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies in the sense of Art. 4 No. 19 DSGVO.

c) Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the member states of the European Union. If your data is processed in a country which does not have a recognised high level of data protection such as the European Union, we ensure that your personal data is adequately protected by means of contractual regulations or other recognised instruments. We expressly point this out to you again within the scope of the individual services.

If personal data is transferred to third countries, this is done on the basis of the EU Commission's adequacy decision on the EU-U.S. Privacy Shield pursuant to Art. 45 DSGVO or the EU Standard Treaty 2010 pursuant to Art. 46 Para. 2 lit. c DSGVO in conjunction with the EU Commission's decision of 5 February 2010 (2010/87/EU) or on the basis of your consent pursuant to Art. 49 Para. 1 lit. a) DSGVO.

d) Transmission to prosecution and criminal investigation authorities

In exceptional cases, we transmit personal data to law enforcement and criminal investigation authorities. This happens due to corresponding legal obligations, e.g. from the criminal procedure code, the tax code, the money laundering law or national police laws.

5. Storage periods

We store personal data within the scope of the legal regulations or your consent.

We use the following criteria to determine the specific storage period:

We store the personal data until the purposes for which they were collected cease to apply (e.g. at the end of a contractual relationship or through last activity, if there is no continuing obligation, or in the case of a revocation of your consent for concrete data processing).

A storage beyond that takes place only, if

  •     there are legal storage obligations (e.g. according to AO and HGB);
  •     the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
  •     the deletion would be contrary to the legitimate interest of the persons concerned;


  •     another exception pursuant to Art. 17 (3) DSGVO applies.

6. Your rights

You are entitled to a number of legal rights to which we would like to draw your attention below. In addition, of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed under the contact details given below.

a) Right to Information and Data Transferability

You have the right at any time to information about the personal data processed by us concerning you.

If the data processing is based on your consent or on a contract pursuant to Art. 6 Para. 1 b) DSGVO, you may also request, pursuant to Art. 20 Para. 1 DSGVO, that the personal data stored about you be preserved in a structured, common and machine-readable format. At your request, we will also forward the data directly to the recipient specified by you.

b) Right to correction, restriction and deletion

Furthermore, pursuant to Articles 16 to 18 DSGVO, you may request us to correct, restrict (block) or delete your personal data if the data has been incorrectly processed by us, if there is a reason for restricting further data processing, or if the data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to
deletion may be limited by legal retention periods.

c) Rights of objection

If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 para. 1 f) DSGVO, you may object to this processing pursuant to Art. 21 para. 1 DSGVO. We will then cease processing your data unless we can prove that there are legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct marketing with effect for the future pursuant to Art. 21 para. 2 DSGVO.

d) Right of withdrawal

If you have permitted us to process your personal data by giving your consent, you have a right of revocation with effect for the future pursuant to Art. 7 para. 3 DSGVO.

e) Right of complaint to the supervisory authority

You are free to file a complaint with a supervisory authority if you believe that our processing of your personal data violates the European Basic Data Protection Regulation or other national and international data protection laws.

The contact details of the supervisory authority responsible for us are as follows:

Bavarian State Office for Data Protection Supervision

Promenade 27 (Castle)

91522 Ansbach, Germany

Phone: 0981/53-1300

fax: 0981/53-5300


f) Contact details

To exercise your rights you can send us an informal message to the following contact details. Please also address the revocation of your consent, stating which declaration of consent you wish to revoke, to the following contact details:


Data protection officer

HOERBIGER Automotive Komfortsysteme GmbH

Martina-Hörbiger-Straße 5

86956 Schongau

Telefon: +49 8861 210 30 30


it.sec GmbH & Co. KG

Einsteinstr. 55

89077 Ulm

Telefon: +49 731 20589-24

7. Use of our website - profiling, cookies and web tracking

a) Principles on cookies and opt-out options

We use so-called cookies in some areas of our website, e.g. in order to recognise visitor preferences and to be able to design the website accordingly. This makes navigation easier and provides a high degree of user-friendliness. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor's hard drive. They make it possible to store information over a certain period of time and to identify the visitor's computer. We use permanent cookies for better user guidance and individual performance presentation.

We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. This is done to check the authorization of actions and the authentication of the inquiring user of our services. The legal bases are Art. 6 para. 1 lit. c) in conjunction with Art. 32 and Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to secure our web server in order, for example, to defend itself against attacks and to guarantee the functionality of our services.

Cookies that are not technically necessary will only be set after your express consent, which you can of course revoke at any time.

Within the framework of our cookie information on our website, you have agreed to the following declaration in this regard:

This website uses tracking cookies or tracking software to provide you with the full functionality of our website and thus a better online experience. You can find more information about the cookies and web tracking procedures we use and the consents you have given to them in our data protection declaration at []. However, technically unnecessary cookies or our tracking software are only activated after you have given us your consent. Agreed]

If you completely exclude the use of cookies, you cannot use individual functions of our website - including the option of cookie-based opt-out from tracking. If necessary, please allow the opt-out cookies of the services for which you wish to prevent tracking.

Please also keep in mind that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, i.e. they must always be set separately for each browser you use on each device you use. You will find the links required for this in the following under the description of the respective service.

The following cookies are used by us - provided you allow this and have not set one or more opt-out cookies - for the purpose described in more detail:

Name of the cookiepurpose of useStorage timeTechnically necessaryPossibility of revoking consent (if cookie is not technically necessary)


This cookie is used by Google Analytics to control the frequency of queries.

1 day


see below


This cookie is used by Google Analytics to distinguish between users.

1 day


see below


This cookie is used by Google Analytics to distinguish between users.

2 years


see below


This cookie is set when the user agrees to the use of cookies.

1 year






















b) Google Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. If IP anonymisation is activated on this website, however, Google will shorten your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage.

c) Google Maps

Our website uses the service 'Google Maps' of Google, e.g. to enable you to find a dealer near you.

When you call up Google Maps on this website, data will be passed on to Google, e.g. your current location. This service is governed by Google's Privacy Policy (, as amended by the separate Google Maps Privacy Policy (

You can prevent the execution of Google Maps by selectively preventing the execution of the Java-Script code used by using a Java-Script blocker; alternatively, you can also completely deactivate the execution of Java-Script in your browser settings.

Recipient of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Privacy-Shield:


d) Youtube video, embedded via iFrame in advanced data protection mode

We use Youtube, a service from Google, to show you video content. To protect your privacy, we have enabled advanced privacy mode.

YouTube also uses cookies to collect information about visitors to its website. YouTube uses these cookies to collect video statistics, prevent fraud and improve usability, among other things. The call of a video usually leads to a connection with the Google DoubleClick network. If you start the video, this could trigger further data processing operations, especially if you are already logged in to Youtube. We have no influence on this.

By pressing the start button on the video, you consent to the transmission of the data to Youtube LLC:

You can find more information about YouTube's privacy practices in their privacy statement (

Recipient of the data: Youtube LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA


e) Google Web Fonts

This page uses so-called web fonts provided by Google for the uniform display of fonts. These fonts are stored locally on our server and are integrated accordingly when the page is accessed. An exchange of data with Google therefore does not take place.


f) DoubleClick by Google

Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number is assigned to your browser to check which ads were displayed in your browser and which ads were viewed. The cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its affiliates to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted and stored by Google for evaluation. A transmission of the data by Google to third parties takes place only due to legal regulations or in the context of order processing. Google will not merge your data with other data collected by Google.

If you do not agree with this form of processing, you can prevent the storage of cookies by adjusting your browser settings accordingly. In addition, you can prevent Google from collecting the data generated by the cookies and related to your use of the websites and Google from processing this data by downloading and installing the browser plugin available here <>. Alternatively, you can also deactivate the double-click cookies on this page <>.

Recipient of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA



g) Social Media Buttons

Our website uses social media buttons (Facebook, YouTube) to enable you to interact with third parties.

These social media buttons are not integrated as plug-ins via a so-called iFrame, but are stored as links. By pressing the social media buttons, you will be forwarded directly to the page of the corresponding provider. The respective provider is then responsible in the sense of Art. 4 No. 17 DSGVO for compliance with the data protection regulations and for the correctness, up-to-dateness and completeness of the information provided there for data processing.

8. Supplementary notes and provisions on individual services

a) Contact form

Data that you send us via our contact form will be processed for the purpose of communication and data exchange, i.e. to respond to your specific enquiry. These data are stored as long as their processing is necessary for these purposes or until the expiry of any subsequent storage periods.

b) Hotline

You can call our hotline to request help or contact us in the event of a malfunction. Data that you provide to us in this context will be stored if this is necessary to process your request. These data are stored as long as their processing is necessary for these purposes or until the expiry of any subsequent storage periods.

c) Dealer search

If you are looking for a dealer near you, please enter your postcode. The purpose of the processing is to compare it with our dealer list in order to show you the nearest dealer(s). A storage or evaluation does not take place.

d) Testing xetto

You can use a form to inform us that you would like to test our xetto® free of charge. We ask you for your name, e-mail address and postal code. We need the postcode in order to send you a list of dealers in your area. Your data can only be accessed by those of our employees who need it to fulfil their tasks. They will then contact you regarding the test. If you have agreed to this separately, we will forward the data to a dealer in your area for the purpose of contacting you.

You have agreed to the following:

I agree that my data given here may be passed on to a dealer near me for the purpose of contacting you regarding the testing of a xetto ®.

The data will be stored by us as long as it is needed to process your request and will be deleted after the legal storage periods.

e) Data processing for direct marketing purposes

Mail advertising

To the extent permitted by law, we may also use your name and the postal address known to us to send advertising for our own offers. The legal basis is
Art. 6 para. 1 lit. f) in connection with Recital 47 DSGVO. Our legitimate interest is to promote sales or demand among our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time for the future. A text message to the contact data mentioned above is sufficient. We will then delete your data from our mailing list. The data which prove your objection will then be kept for 6 years in accordance with Art. 17 Para. 3 lit. e) DSGVO. During this period, however, your personal data will be blocked from further processing.

Telephone advertising

To the extent permitted by law, we may also use your name, affiliation and telephone number for business customers in order to inform them about our own offers, assuming your presumed interest. The legal basis is Art. 6 para. 1 lit. f) i.V.m. Recital 47 DSGVO, § 7 Abs. 2 Nr. 2 UWG. Our legitimate interest is to promote sales or demand among our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time for the future. A communication in text form to the contact data mentioned above is sufficient. We will then delete your data from our mailing list. The data which prove your objection will then be kept for 6 years in accordance with Art. 17 Para. 3 lit. e) DSGVO. During this period, however, your personal data will be blocked from further processing.

Cookie Information

xetto uses cookies to provide you with the best possible website and to improve your experience. If you want to use this service, click "I agree".