Z Account

Data Protection Statement

We welcome your interest in our registration platform account.zeppelin.com (hereinafter referred to as "Z Account"). Z Account makes it possible for you to quickly and easily register on various third-party platforms (both apps and websites) that offer registration via Z Account using your Z Account, without the need for a separate registration.

The operator of Z Account and the responsible party for processing your personal data as part of Z Account usage is

Zeppelin GmbH Graf-Zeppelin-Platz 1 85748 Garching bei München Tel.: +49 89 32 000-0 E-Mail: privacy@zeppelin.com

Alongside easy, efficient operability, we consider the protection of your personal data to be a top priority. The protection of your privacy is a key concern for us when processing personal data and we take this into account in all our business processes.

We always process personal data that is collected as part of Z Account usage in accordance with the respective provisions governing data protection.

This data protection statement will tell you which of your personal data are collected and retained when you visit our Website or use our services offered through the Website. You will also receive information on how and on what legal basis your data are used, what rights you have with regard to the use of your data, and which contact methods are available to you.

1. Processing of personal data and purposes of the processing

1.1 What are personal data?

Personal data means all information relating to an identified or identifiable natural person, Article 4(1) GDPR. This includes information such as your name, address, phone number, and date of birth. Data which cannot be traced to you, such as statistical or anonymous data, are not personal data.

1.2 Which data do we collect?

If you access the website URL, personal data is only processed if you provide it to us as part of a registration or during usage of Z Account itself. The only exception to this is your IP address. Usage of Z Account is only possible after registration. The following specific personal data are collected:

1.2.1 When visiting our Website account.zeppelin.com

You can visit our Website without disclosing information regarding your identity. When you open our Website, your browser information will however be automatically sent to our Website servers, and temporarily stored in a log file. Your identity is not disclosed by this information.

The following information is recorded without your consent, and is retained until it is automatically erased after six months:

  • The IP address of the requesting computer,
  • the date and time of the visit,
  • the name and URL of the accessed file,
  • the browser that you have used and if applicable, your computer’s operating system,
  • websites from which the user’s system has reached our Website (referrer),
  • websites which are opened through our Website from the user’s system.

These data are collected and processed to enable use of our Website (connecting). These data are retained exclusively for technical reasons, and at no point are they attributed to a specific person. Use of Z Account is only possible after successful registration.

The legal basis for the processing of your personal data to this extent is point (b) of Article 6(1) GDPR. The collection of these data serves to ensure system security and stability, as well as technical administration of the network infrastructure. The legal basis to this extent is point (f) of Article 6(1) GDPR. Our legitimate interest in data processing lies in ensuring that our Website functions properly, and that communication through the Website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.

We also use cookies and web analysis services for our Website (see clause 2).

1.2.2 When creating a customer account

We provide you with the option of registering on our Website and creating a customer account.
To do so, you must provide the following mandatory information:

  • first name, surname of contact person,
  • valid email address,

The purpose of retaining your personal data in the customer account is to make it possible for you to access and use Z Account.

We process the data you provide during registration for the purpose of checking your access credentials. The legal basis for the aforementioned purpose is point (b) of Article 6(1) GDPR.

Insofar as we process your data for the purposes of providing the functions of our Website as described above, you shall be contractually obliged to provide us with these data. Without these data, we are unable to provide you with the functionality of a customer account.

You obtain access to your customer account through your email address, in combination with your chosen password.

1.2.3 Usage of Z Account

If you use Z Account and register on third-party platforms, websites or apps (hereinafter referred to as "third-party applications") using Z Account, the following data is stored:

  • third-party application

We use this data to give you an overview of which third-party applications you visited at which times and used our service for. This makes it possible for you to manage and monitor your Z Account.

If you register on a third-party application using Z Account, your registration data (name and email address) will be transmitted by us to the third-party provider for the purposes of access authorization verification as well as for assignment to a customer account by the third-party application. At the same time, the data you have stored in your customer account will be regularly transferred to the third-party application selected by you in order to keep your data always up-to-date. This fulfills the legal obligation of companies to store always the latest data.

The legal basis for the aforementioned purpose is point (b) of Article 6(1) GDPR.

In addition, we create anonymous reports to evaluate the usage of Z Account. These reports will be used in connection with our performance and to improve our services as well as provide feedback to third-party applications to the extent to which Z Account was used in connection with the third-party application.

The legal basis for use of these cookies is point (f) of Article 6(1) GDPR. Our legitimate interest in data processing lies in optimizing our services as well as the cooperation with third-party application and thus in optimizing our offers and services for the customers of Z Account.

1.2.4 Data that we receive from third-party applications

We also process data that we do not collect directly from you. In particular this includes tracking/usage data from third-party applications. This is the case if the information is provided to us by a third-party application. Usually we receive only anonymized reports. If this is not the case and your personal data are intended to be transferred, this only occurs if you have previously given your consent for this transfer.

The processing of data serves to provide you with an overview of your Z Account usage that is as comprehensive as possible and includes the third-party applications accessed. This also serves for optimal management of your Z Account and to optimize the user experience. The legal basis of this is point (a) of Article 6(1) GDPR.

2. Cookies and Google Analytics

2.1 Cookies

We use cookies on our Website. These are small files which your browser automatically creates and which are stored on your terminal (PC, laptop, tablet, smartphone, etc.) when you visit our Website.

Cookies are used to make your visit to our Website easier and more enjoyable. This is why we use session cookies to detect that you have already visited individual pages on our Website, or that you have already signed into your customer account. They are automatically deleted after you leave our Website.

We also use temporary cookies to enhance user-friendliness. These are stored on your terminal for a specific period. If you visit our site again to use our services, the system automatically detects that you have visited us previously, as well as your input and settings so that you do not need to enter them again.

The legal basis is point (f) of Article 6(1) GDPR. Our legitimate interest in using these cookies lies, as described, in optimizing Website settings for the terminal you are using, and in adapting the user interface.

We also use cookies to record statistics regarding the use of our Website, and to analyze these for the purposes of optimizing our Website to meet your needs, and to show information which is specifically tailored to your interests. If you visit our Website again, these cookies allow us to automatically see that you have visited the Website previously. These cookies are automatically deleted after a defined period. The legal basis for use of these cookies is point (f) of Article 6(1) GDPR. Our legitimate interest in data processing lies in conducting market research and disseminating personalized advertising.

Most browsers automatically accept cookies. You can configure your browser in such a way that no cookies are stored on your computer, or so that a prompt appears before a new cookie is created. Completely disabling cookies may, however, lead to some of the functions of our Website being lost.

2.2 Google Analytics

In order to tailor our Website to your needs and for continuous optimization of the site, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/contact/impressum.html). Pseudonymized user profiles are created and cookies used in this context. The information generated by the cookie through your use of the Website, e.g.

  • browser type/version,
  • operating system used,
  • referrer URL (previously visited site),
  • hostname of the accessing computer (IP address),
  • time of server request,

is transferred to a Google server in the USA and stored there. The information is used to analyze use of the Website, to compile reports on website activity, and to provide further services relating to website use and internet use for market research purposes and the customization of this Website to meet your needs. This information may also be sent to third parties, insofar as this is a statutory requirement or if third parties are contracted to process these data. Your IP address is never combined with other Google data. IP addresses are rendered anonymous to prevent attribution (IP masking).

You can prevent the installation of cookies by setting your browser software accordingly; please note, however, that in this case you may not be able to use the functions of this Website to their full extent.

Furthermore, you can prevent the acquisition of data generated by the cookie and relating to your use of the Website (including your IP address), as well as the processing of these data by Google, by downloading and installing a browser add-on from https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser add-on, in particular for browsers on mobile terminals, you can also prevent recording by Google Analytics by clicking on the link at the end of this document. This sets an opt-out cookie which prevents any future recording of your data when visiting this Website. The opt-out cookie only applies on this browser and to our Website, and is stored on your device. If you delete cookies in this browser, you must reset the opt-out cookie.

More information on data protection in relation to Google Analytics can be found in the Google Analytics guide https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics is used on the basis of our legitimate interest in tailoring the Website to your needs, statistical analysis, and the efficient advertising of our Website. The legal basis is point (f) of Article 6(1) GDPR.

3. Data security

All data sent by you personally, including your payment details, are transferred using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a reliable and proven standard which is used e.g. in online banking.

A secure SSL connection can be identified by the “s” suffixed to the http (i.e. https://...) in the address bar of your browser or by the lock icon in the lower pane of your browser.

We also take suitable technical and organizational security measures to protect your retained personal data against destruction, loss, alteration or unauthorized disclosure or access. Our security measures are continuously improved in line with technological development.

4. Validity and amendment of this data protection policy

The current data protection statement can be accessed, saved and printed at any time on our Website at {{ @route('docs.dataProtection') }} This data protection statement is currently valid, and can be amended by us at any time and updated on this Website. We therefore recommend that you visit our Website from time to time to keep abreast of any updates to our data protection statement.

5. Rights of data subjects

As a data subject in the sense of the GDPR, you are entitled to the following rights. To assert these rights, please contact us on:

Zeppelin GmbH Data Protection Officer Graf-Zeppelin-Platz 1 85748 Garching b. München Tel.: +49 89 32 000-0 E-Mail: privacy@zeppelin.de

5.1 Right of access

Pursuant to Article 15 GDPR, you have the right to obtain confirmation as to whether we process personal data concerning you. If this is the case, you can also request that we provide the further information listed in points (a) to (h) of Article 15(1) and Article 15(2) GDPR.

5.2 Right to rectification

Pursuant to Article 16 GDPR, you have the right to rectification and/or completion, provided that the processed personal data which concerns you are incorrect or incomplete.

5.3 Right to restriction of processing

Under the provisions set out in Article 18 GDPR, as the data subject you have the right to demand restriction of processing of personal data. This right shall apply in particular if the accuracy of your personal data is disputed between you and us, for a period enabling the controller to verify the accuracy thereof, and in the case that you have an existing right to erasure and you request the restriction of their use instead of erasure; furthermore in the case that the data are no longer required for our pursued purpose, but that they are required by you for the establishment, exercise or defense of legal claims, and if a successful objection to processing is still disputed between you and us.

5.4 Right to erasure

Under the provisions set out in Article 17 GDPR, as the data subject you have the right to demand the erasure of personal data without undue delay. These provisions in particular provide for the right of erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, and in cases of unlawful processing, the presence of an objection, or for compliance with a legal obligation which requires processing by Union or member state law to which we are subject.

5.5 Right to data portability

Pursuant to Article 20 GDPR, you have the right to receive personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format. Within the limits of Article 20(1) GDPR, you also have the right to transfer those data to another controller nominated by you.

5.6 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to point (e) or (f) of Article 6(1) GDPR, in accordance with Article 21 GDPR. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing assists in the establishment, exercise or defense of legal claims.

5.7 Withdrawal of consent

You also have the right at any time to withdraw the provided declaration of consent with regard to data protection with immediate effect. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.

6. Automated individual decision-making or profiling measures

We do not use automated processing methods for decision-making – including profiling.

7. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you infringes the applicable data protection law. The competent supervisory authority in our case is

Bayersisches Landesamt für Datenschutzaufsicht Promenade 27 (Schloss) 91522 Ansbach Telefon: 0981/53-1300 Telefax: 0981/53-5300

For e-mail communication please contact: poststelle@lda.bayern.de

8. Storage period for personal data/erasure of personal data

In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation.

Specifically, we retain different categories of data for the periods listed below (we will retain your data for a longer period if we are obliged to do in light of statutory retention periods).

  • The personal data we collect to create a customer account are retained for the duration of the customer account. You may demand the erasure of your customer account and the personal data saved therein at any time. You can either do this yourself in the Settings menu of your customer account, or send us an email to datenschutz@zeppelin.com with an appropriate request for erasure. After erasing your customer account, your data are blocked for further use and then automatically erased, unless you have consented to their continued storage.

9. Change of purpose

Your personal data will only be used for purposes other than those described insofar as this is permitted by law, or if you have consented to a change of data processing purpose. In the case that data are processed for purposes other than those for which the data were originally collected, we shall inform you of this different purpose prior to the processing, and shall provide you with all information relevant thereto.

10. Disclosure of data to third parties/recipients of data

The personal data that we collect and retain shall never be used by us for sale, trade or loan, and we shall not disclose your personal data to third parties unless we are have a statutory obligation to do so. Data may be disclosed e.g. to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our Website or products, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or unfair conduct). Data may also be disclosed for the enforcement of Terms and Conditions of Use or other agreements. We are also obliged to grant access to certain public bodies on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is point (f) of Article 6(1) GDPR.

If you register on a third-party application using Z Account, your registration data (name and email address) will be transmitted by us to the third-party provider for the purposes of access authorization verification as well as for assignment to a customer account by the third-party application. The legal basis for the aforementioned purpose is point (b) of Article 6(1) GDPR.

We rely on contractually bound third-party companies and external service providers (“processors”) to supply our range of products and services. In such cases, personal data are disclosed to these processors to enable further processing thereof. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the specified purposes, and are also contractually obliged to handle your data in compliance with this data protection statement and the German data protection laws.

Specifically, we use the following processors:

  • Service providers for evaluation and analysis of Website usage, some of whom are similarly based in the USA.
  • Service providers and advertisers who provide us with support for personalization of our marketing campaigns, our Website, and our services, and some of whom are based in the USA.

Data is disclosed to processors on the basis of Article 28(1) GDPR, alternatively on the basis of our legitimate interest in the economic and technical benefits provided by the use of specialized processors, and based on the fact that your rights and interests in protecting your personal data are not overridden, point (f) of Article 6(1) GDPR. If necessary, we shall obtain your consent to disclose your personal data to processors, in which case point (a) of Article 6(1) GDPR forms the legal basis.

Some of the listed recipients shall also process your data in countries outside the European Economic Area ("EEA").

For the USA, the European Commission determined in its Decision of 7.12.2016 that an adequate level of protection exists in terms of the provisions of the EU-U.S. Privacy Shield (adequacy decision, Article 45 GDPR). We use the following service providers who are certified in accordance with the EU-U.S. Privacy Shield:

  • Google LLC

Contact method/data protection officer

You can contact us through our data protection officer as follows with regard to access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data.

Zeppelin GmbH
Data Protection Officer
Graf-Zeppelin-Platz 1
85748 Garching near Munich
Tel: +49 89 32 000-0
Fax: +49 89 32 000-482
Email: privacy@zeppelin.com

Please note that access can only granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, operation, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.

As of: October 2020