Privacy Policy

In the following we would like to inform you about the types of data processed by SIXT and about the purposes of such data processing. We would also like to inform you about important legal aspects of data protection, such as your rights.


A: Data controller, contact details of the data protection officer

The party responsible for processing your data (controller) is Sixt SE, Zugspitzstraße 1, 82049 Pullach (hereinafter also referred to as SIXT).

If you have any questions on data protection, please contact us at dataprotection@sixt.com.

You can also contact our data protection officer at the following address: Sixt SE, Zugspitzstraße 1, 82049 Pullach.


B: Categories of personal data

The following categories of personal data can be processed by us in connection with our services:

  • Master data: These include, for example, a person’s first name, surname, address (private and/or business), date of birth.
  • Communication data: These include, for example, a person’s telephone number, email address (private and/or business), fax number if applicable, as well as communications background (e. g. media, shareholder), requested communication content (e.g., ad-hoc statements, press releases).


C: The legal basis for data processing at SIXT

Art. 6 (1) point (a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your con-sent to such processing.

Art. 6 (1) point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., SIXT, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.


D: The purposes of data processing at SIXT

1. Self-marketing, Investor Relations and Corporate Communications

Purposes of data processing 

We process your master data and communication data for the purpose of sending you investor relation related information.

You may at any time object to your email address being used without incurring more than the cost of transmission as per the applicable basic fees.

Legal basis for processing

Art. 6 (1) point a) GDPR applies to data processing for purposes of implementing direct marketing measures that require explicit advance consent.

Art. 6 (1) point f) GDPR applies to data processing for purposes of implementing direct marketing measures that do not require explicit advance consent, and of implementing the marketing measures mentioned.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data for purposes of sending investor relations communication is based on the fact that we want to acquire and hold you as an investor and inform you about our financial situation as well as products and services of our group of companies.

Categories of recipients of your data

For the purposes described in the foregoing, we disclose your data to IT service providers.

COOKIE POLICY
PURPOSES OF DATA PROCESSING
SIXT has implemented a variety of technical and organisational measures in order to protect your personal data, in particular against random or intentional manipulation, loss, destruction and access by unauthorised persons. These security measures will be continually adapted in accordance with technological developments. The transfer of personal data between your computer and our server invariably takes place by encrypted connection (Secure Socket Layer (SSL)).

Visits to our website may result in information being stored on your computer in the form of “Cookies”. Cookies are small text files that are copied from a web server onto your hard disk. Cookies contain information that can later be read by a web server within the domain in which the cookie was assigned to you. Cookies cannot execute any programmes or infect your computer with viruses. The cookies used by us neither contain personal data nor are they connected to any such data.

Most of the cookies used by us are so-called session cookies, which are required in order to maintain consistency during your visit, for example by ensuring that the preferences you entered when making your reservation request, as well as any other information entered, are remembered for the duration of your session. We also need session cookies in order to ensure that any offers (e.g., promotional offers) you click on are assigned to your request. Session cookies are automatically deleted after each session. We furthermore use cookies in order to determine, when you pay return visits to our website, whether you are interested in certain types of offers. This enables us to be more targeted about the offers we show you on our website. If you are already registered with us and have a customer account, it will be possible for us to compare the information recorded by the cookies used with the information known to us. This in turn enables us to tune our offers more finely to your needs and wishes. These cookies have a lifespan of one year, after which they are automatically deleted. We also need cookies for purposes of settling accounts with our advertising partners, because cookies are able to record the page or promotional campaign that led the customer to us. As with other data, we record this data exclusively in abstract form so as to ensure that it cannot be used to identify the data subject. A cookie of this type has a lifespan of 31 days.

You have the opportunity to accept or to reject cookies. Most web browsers accept cookies automatically. Generally, however, you will be able to adjust your browser settings so as to reject cookies. If you opt to reject cookies, you may find that you are unable to use some of the website’s functions. If you accept cookies, you can opt to delete such accepted cookies at a later point in time. You can delete cookies in Internet Explorer 8 by selecting “Tools” > “Delete Browsing History” and then clicking on the button “Delete Cookies”. If you delete the cookies, all settings controlled by these cookies, including advertising settings, will be deleted, possibly irrecoverably.

2. Press distribution list

Purposes of data processing 

We process your master data and communication data for the purpose of sending you messages via our press distribution list.  

If you register for our press distribution list, the data in the respective input mask will be transmitted to the SIXT for processing. The registration for our press distribution list takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with a third-party e-mail address. The collected data will be used exclusively for sending press releases. The subscription can be revoked by the data subject at any time. For this purpose, a corresponding link can be found in every e-mail concerning the press releases.  

Legal basis for processing 

Art. 6 (1) point a) GDPR  

Categories of recipients of your data 

For the purposes described in the foregoing, we disclose your data to IT service providers (Cision Germany GmbH, De-Saint-Exupéry-Straße 10, 60549 Frankfurt am Main, Germany). 

3. Procurement

Purposes of data processing 

We process your master data and communication data for purposes of strategic and operational procurement of products and services for SIXT. 

Legal basis for processing 

Art. 6 (1) point b) GDPR applies to the processing of data to the extent required to conclude and fulfill supplier contracts.  

Categories of recipients of your data 

For the purposes described in the foregoing we disclose your data to our service provider Coupa Software Inc. who provides us with a cloud-based procurement tool.  

For the purposes described in the foregoing we disclose your data to SIXT Group companies. 


E: Transfer to third countries 

The transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. You can request copies of the aforementioned safeguards from SIXT by writing to the address specified above (cf. → Controller). Third countries are countries outside the European Economic Area. The European Economic Area comprises all countries of the European Union as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein. 


F: Storage duration/criteria for storage duration 

SIXT stores your personal data until they are no longer necessary in relation to the purposes for which they were collected or otherwise processed (see → Purposes of data processing at SIXT). Where SIXT is under legal obligation to store personal data, it will store personal data for the preservation period stipulated by law. The preservation period for commercial documents, which include bookkeeping documents and accounting records (including invoices), is 10 years (Section 257 (4) of the German Commercial Code). During this period, your data may be subject to restricted use within day-to-day operations if its processing serves no further purposes. 


G: Automated decision-making

The aforementioned data processing does not include any automated decision-making pursuant to Art. 22 GDPR. 


H: Profiling

The aforementioned data processing does not include any profiling pursuant to Art. 4 No. 4 GDPR. 


I: Rights of data subjects  

You can assert the rights mentioned below. Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of three years and in individual cases longer for the establishment, exercise or defense of legal claims.  

Legal basis for the above processing  

Art. 6 (1) sentence 1 point f) GDPR  

Our legitimate interest is protecting against claims or fines under Art. 82, 83 GDPR and fulfilling our accountability obligations under Art. 5 GDPR. 

1. Right of access by the data subject, Art. 15 GDPR – You have the right to, at reasonable intervals, obtain information about your personal data under storage. The information you are entitled to includes information about whether or not SIXT has stored personal data concerning you, about the categories of personal data concerned, and about the purposes of the processing. Upon request, SIXT will provide you with a copy of the personal data that are processed.

2. Right to rectification, Art. 16 GDPR – You also have the right to obtain from SIXT the rectification of inaccurate personal data concerning you or to have incomplete data completed

3. Right to erasure, Art. 17 GDPR – You furthermore have the right to obtain from SIXT the erasure of personal data concerning you. We are under obligation to erase personal data in certain circumstances, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw the consent on which the processing is based, or if the personal data have been processed unlawfully.

4. Right to restriction of processing, Art. 18 GDPR – Under certain circumstances, you have the right to have the processing of your personal data restricted. These include circumstances in which you contest the accuracy of your personal data and we then have to verify such accuracy. In such cases, we must refrain from further processing your personal data, with the exception of storage, until the matter has been clarified. 

5. Right to data portability, Art. 20 GDPR – You have the right either to receive, in a machine-readable format, the data that you provided to us based on your consent or on a contractual agreement with us, or to have us transmit, also in a machine-readable format, such data to a third party of your choice. 

6. a) Right to object in certain cases – If the processing of your data by SIXT is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) sentence 1 point e) GDPR) or is based on the legitimate interests of SIXT (Art. 6 (1) sentence 1 point f) GDPR), then you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data. We will then end the processing, unless we can present compelling legitimate grounds for such processing that supersede the grounds for ending the processing.

b) Right to object against the processing of data for the purposes of direct marketing (as defined by section D, no. 1 of this privacy Policy) – In individual cases, we process your personal data for direct marketing purposes. You have the right to object to your personal data being processed for the purposes of such marketing activities, this also applies to profiling to the extent that it is associated with such direct marketing.If you object to your data being processed for direct marketing purposes, we will no longer process your personal data in this way.You may exercise your right to object without the need to adhere to a particular format and direct it to: SIXT SE, Zugspitzstr. 1, DE 82049 Pullach or the e-mail address: dataprotection@sixt.com

Right to object, Art. 21 GDPR

7. Right to withdraw, Art. 7 (3) GDPR – If data processing at SIXT is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.

8. Contact information to exercise the rights of data subjects – If you wish to exercise your rights as a data subject, please direct such requests to the e-mail address: dataprotection@sixt.com.

9. Right to lodge a complaint, Art. 77 GDPR – You have the right to lodge a complaint with a supervisory authority (Art.77 GDPR). You can exercise this right before a supervisory authority in the Member State in which you are resident, where your place of work is or the place where the suspected infringement is committed. In Bavaria, where SIXT has its headquarters, the competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
D-91522 Ansbach


General information
 

We reserve the right to amend and adapt this Privacy Policy with effect for the future. 

Current version: September 2022