Looking for a quick way to edit your cookie preferences?
Privacy policy
Updated on 1 March 2021.
WunderCar Mobility Solutions GmbH and its affiliated companies (“Wunder”, “we”, “us”) is committed to the protection of your (“you” or “your”) personal data. Our Privacy policy is designed to inform you of our practices concerning the collection, use and disclosure of information that you may provide to us via our website, other associated partner websites, as required by Art. 13 of the General Data Protection Regulation (GDPR). By using our website or any service that we offer, you agree to the collection, use, and disclosure of that information about you in accordance with, and are agreeing to be bound by, this Privacy Policy.
- Controller
- How we collect your data
- Usage data
- Anonymous visitor measurement
- Storage of IP address for security purposes
- Data security
- Cookies
- Third party tracking technologies for advertising purposes
- Google Analytics
- Visitor measurement
- Social plugins
- Embedded videos
- Newsletter Registration and Delivery
- Direct Marketing
- Contact form
- Your rights as a data subject
- Asserting your rights
- Other privacy policies
- Contact details of our DPO
1. Controller
The Controller for the data processing operations described below is the office named in the imprint.
2. How we collect your data
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your identity, email and contact details by filling out our online forms or by corresponding with us by post, phone, email or otherwise.
- This includes personal data you provide when you:
- apply for our products or services;
- subscribe to our service or publications;
- request marketing to be sent to you; or
- give us feedback or contact us.
More details are provided in the sections: Contact us, Newsletters and Direct Marketing.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie section for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Technical Data from the following parties:
- analytics providers such as Google based outside the EU;
- advertising networks such as Google & LinkedIn based outside the EU; and
- search information providers such as Google & based outside the EU.
- We keep your personal data only as long as necessary for fulfilment of the purposes described or as required by law.
We keep your personal data only as long as necessary for fulfilment of the purposes described or as required by law.
3. Usage data
When you visit our website, our web server temporarily stores usage data for statistical purposes as a protocol in order to improve the quality of our website. This data consists of the following data categories:
- the name and address of the requested content,
- the date and time of the query,
- of the transferred data volume,
- the access status (content transferred, content not found),
- the description of the used web browser and operating system,
- the referral link, which indicates from which page you reached ours,
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
The mentioned log data will only be evaluated anonymously.
4. Anonymous visitor measurement
On our web pages we make an anonymous visitor measurement. For this purpose, the protocol data of the web server as well as the abbreviated IP address are evaluated. Any conclusions about you are not possible.
5. Storage of IP address for security purposes
In addition, we store the complete IP address transmitted by your web browser for a period of 90 days in the interest of detecting, limiting and eliminating attacks on our web pages. After this period we delete or anonymize the IP address. The legal basis is Art. 6 (1) (1f) of the GDPR.
6. Data security
We take technical and organizational measures to protect your data as effectively as possible from unwanted access. We use an encryption procedure on our web pages. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
7. Cookies
Statistics cookies and Marketing cookies are used on the basis of Art. 6 (1) (a) GDPR (your consent).
You can set your cookies preference at any time by following this link to make the appropriate changes.
8. Third party tracking technologies for advertising purposes
We use cross-device tracking technologies so that based on your visit to our websites you can see advertisements tailored to your interests on other websites and we can measure how effective our advertising has been. The data processing is based on your consent in accordance with Art. 6 (1) (1a) GDPR, if you have given your consent via our website banner. Your consent is voluntary and can be revoked at any time.
(a) How does tracking work?
When you visit our websites, it is possible that those third-party providers listed below may retrieve identification characteristics of your browser or terminal device (e.g. a so-called browser fingerprint), evaluate your IP address, save or extract identification characteristics on your terminal device (e.g. cookies) or gain access to unique tracking pixels. The individual characteristics can be used by those third parties to identify your terminal device on other websites. We may commission the relevant third parties to place advertisements based on the pages visited on our website.
(b) What does cross-device tracking mean?
If you log on to the third-party provider with your user data, the respective identification characteristics of different browsers and terminal devices can be linked with each other. For example, if the third-party provider has created a separate characteristic for each laptop, desktop personal computer, smartphone or tablet you use, these individual characteristics can be assigned to each other as soon as you log in to a service of the third-party provider with your login credentials. This allows the third party to target our advertising campaigns across different devices.
(c) Which third-party providers do we use in this context?
Listed below we specify those third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you give us your consent, any transfer to a third country is based on Art. 49 (1a) GDPR.
9. Google Analytics
We use the web analysis tool “Google Analytics” to design our websites according to your needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In this way we are able to recognize returning visitors and count them as such.
Within the framework of Google Analytics, Google Ireland Limited and Google LLC support us. (USA) support us as processors according to Art. 28 of the GDPR. The data processing can therefore also take place outside the EU or EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. Please take this into account if you decide to give your consent to our use of Google Analytics.
The data processing is based on your consent in accordance with Art. 6 (1 a) of the, if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 (1a) of the GDPR.
You can withdraw your consent at any time. Please follow this link and make the appropriate changes.
10. Visitor measurement
These create usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In addition, it is possible that we call up recognition features for your browser or terminal device (e.g. a so-called browser fingerprint or your unabridged IP address). In this way we are able to recognize returning visitors and count them as such.
In addition, we use the following functions in the context of visitor measurement:
- We enrich the pseudonymous data with additional data provided by third parties. In this way, we are able to record demographic characteristics of our visitors, such as age, gender and place of residence.
- We use a recognition method that allows us to record and subsequently evaluate the mouse pointer movements of our visitors.
The data processing is based on your consent in accordance with Art. 6 (1a) of the GDPR, if you have given your consent via our banners.
Which third-party providers do we use in this context?
In the following, we will name the third-party providers with whom we cooperate in connection with visitor measurement. If the data is processed outside the EU or EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to a third country is based on Art. 49 (1a) of the GDPR.
| Provider | Adequate level of data protection | Revocation of consent |
|---|---|---|
| Google Ireland Limited | Processing within EU/EEA | If you want to revoke your consent, please follow this link and make the appropriate changes. |
| Google LLC (USA) | No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) of the GDPR. | If you want to withdraw your consent, please Please follow this link and make the appropriate changes. |
11. Social plugins
You can use social plugins on our website. However, for reasons of data protection, we only integrate the social plugins we use in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services.
You can, however, activate and use the social plugins integrated in our websites. For this purpose, we use a solution by which our web server provides in a first step all data and functions required to display the social plugin. Only when you decide to activate the respective social plugin and click on the corresponding preview image or icon, in a second step your browser will establish a connection to the servers of the provider of the respective social media service.
If you activate a plugin, the social media service receives in particular your IP address and, among other things, information about your visit to our websites. This happens regardless of whether you have registered an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.
Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles based on your data and use them for the purpose of personalized advertising. Furthermore, your data will be used to inform other users of the social media service about your activities on our websites.
The integration is based on your consent according to Art. 6 (1) (1a) GDPR, if you have given your consent by clicking on the preview image. Please note that the integration of many social plugins means that your data is processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you provide consent, the transfer to an unsafe third country is based on Art. 49 (1a) GDPR.
If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or icon of the respective Social Plugin
| Third party Provider |
Adequate level of data protection |
Revocation of consent |
|---|---|---|
| Twitter (USA) | No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. | If you have clicked on a preview image, the content of the third-party provider is immediately reloaded. If you do not want such reloading on other sites, please do not click on the preview image anymore. |
| Facebook. (Instagram) (USA) | No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. | If you have clicked on a preview image, the content of the third-party provider is immediately reloaded. If you do not want such reloading on other sites, please do not click on the preview image anymore. |
| LinkedIn (USA) | No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. | If you have clicked on a preview image, the content of the third-party provider is immediately reloaded. If you do not want such reloading on other sites, please do not click on the preview image anymore. |
12. Embedded videos
On our websites we embed videos that are not hosted on our servers. If you access web pages with embedded videos, content from the third-party provider who provides the videos will be downloaded. The third-party provider is thereby informed that you have accessed our website and receives the usage data that is technically required for this purpose.
We have no influence on further data processing by the third-party provider. However, when embedding the videos, we have taken care to activate the extended data protection mode offered by the third-party provider. The extended data protection mode ensures that the third-party provider does not set any cookies.
The embedding is based on Art. 6 (1) (1f) GDPR and in the interest of making our site as appealing and informative as possible.
| Third party Provider |
Maximum retention period |
Adequate level of data protection |
Revocation of consent |
|---|---|---|---|
| YouTube / Google (USA) | 90 days | - No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. | If you wish to object to the embedding, please stop using our site. |
| Vimeo (USA) | 90 days | - No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. | If you wish to object to the embedding, please stop using our site. |
13. Newsletter registration and delivery
You may register to receive our newsletter on our website. Please note that we require certain data (your email address) to complete the newsletter registration.
We will only send you the newsletter if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. After you have completed the newsletter registration on our website, you will receive a confirmation e-mail to the e-mail address you provided (double opt-in). You may withdraw your consent at any time. An easy way to withdraw your consent is, for example, to use the unsubscribe link provided in every newsletter.
As part of the newsletter registration process, we store certain data in addition to the above-mentioned data, as far as is necessary to prove so that you have registered for our newsletter. This may include storing the complete IP address at the time of the registration or confirmation of the newsletter, as well as a copy of the confirmation mail sent by us.
The legal basis for the data processing is our legitimate interest to be able to account for the legality of the newsletter delivery according to Art. 6 (1) (a) GDPR.
14. Direct marketing
Where we receive your email address in connection with the sale of a product or service, we will use the email address for direct marketing of our own similar goods or services, unless you have objected to the processing. When collecting the address and for each use, we clearly point out that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.
The legal basis for the data processing is our legitimate interest to be able to promote the sale of our goods or services according to Art. 6 (1) (f) GDPR. An uncomplicated method to object to this processing is provided e.g. by the cancellation link provided in every email.
15. Contact form
You are welcome to reach us via our contact form. In order to use our contact form, we first need the data marked as mandatory.
We use this data on the basis of Art. 6 (1) (1f) GDPR to respond to your requests.
Furthermore, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not required for contacting us. We process your voluntary details on the basis of your consent in accordance with Art. 6 (1) (1a) GDPR.
Your data will only be processed to answer your request. We will delete your data if they are no longer required and there are no legal obligations to retain them.
As far as your data, transmitted via contact form, is processed on the basis of Art. 6 (1) (1f) GDPR, you can object to the processing at any time. In addition, you can revoke your consent to the processing of your voluntarily stated information at any time. To do so, please use the email address provided in the section below “Asserting your rights”.
If you get in contact with us via the contact form for the “Wunder Marketplace” program, the basis of your consent is based on Art. 6.1 (a) GDPR. Our sales representatives may share your personal data (contact data provided by you in the form) with the “Wunder Marketplace” partner you are interested in. Some of those service providers are based in countries outside of the European Economic Area therefore the processing may pose a risk due to the possible absence of an adequacy decision or appropriate safeguards (Art.49.1 (a) GDPR).
As far as your data, transmitted via contact form, is processed on the basis of Art. 6 (1) (1f) GDPR, you can object to the processing at any time. Wunder may process information you make available in your social media profiles if you accept to be connected with us on the social media environment, you can object to this processing at any time. In addition, you can revoke your consent to the processing of your voluntarily stated information at any time. To do so, please use the email address provided in the section below “Asserting your rights”.
16. Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of access by the data subject (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement without delay.
Right to erasure (Art. 17 GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of our examination.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that this data be transferred to a third party.
Right to withdraw consent (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) 1 f GDPR (data processing for the purpose of our legitimate interests) or on the basis of Art. 6 (1) 1 e GDPR (data processing for the purpose of protecting public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or if data is still needed for the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
In terms of Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. This right may be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.
17. Asserting your rights
Please contact us to assert your rights. You will find our contact details in our imprint.
WunderCar Mobility Solutions GmbH
Email address: privacy@wundermobility.com
Postal address: Hongkongstrasse 2-4, 20457, Hamburg, Germany
18. Other privacy policies
19. Contact details of our DPO
Our external data protection officer is available to provide further information on data protection.
Contact details:
FIRST PRIVACY GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Tel.: +49 (0) 421 69 66 32 80
Email: office@first-privacy.com
When contacting our data protection officer by email, please specify the name of the company stated in our imprint.