Privacy policy

Alphabet International GmbH may change this Privacy Protection Notice (last update 23rd of April 2025). We recommend that you consult this Privacy Protection Notice periodically, and whenever you provide personal data to Alphabet International GmbH (again). When Alphabet International GmbH makes an important change that has consequences for the processing of personal data by Alphabet International GmbH, we will inform you of this by means of a notification on our website. We encourage you to regularly review this Notice to learn more how Alphabet International GmbH is using and protecting your information.

The Alphabet International GmbH (Alphabet) data protection notice describes in the following sections how we collect, process and use personal data of our (potential) customers and business partners.

Alphabet International GmbH (hereinafter referred to as "Alphabet" and/or "we" and/or "us"), Lilienthalallee 26, 80939 München, is responsible within the meaning of the EU General Data Protection Regulation (“GDPR”) for the processing of your personal data. 

Alphabet is part of the BMW Group, with BMW AG being its parent company. We may share your personal data within the BMW Group and Alphabet affiliates. 

Alphabet partners are responsible for processing the personal data that you make available to them in the context of your business and customer care in the areas of sales and service. 

Unless otherwise specified, Alphabet partners are legally and economically autonomous companies and not part of Alphabet. 

This data protection notice also describes some processing of your data by Alphabet partners. However, it might be that Alphabet partners acquire other personal data and have their own data protection information. In this case, you can find out from the data protection information of the respective Alphabet partner how your data are used there. 

Alphabet is responsible for any of your data that are processed via our websites “Alphabet.com”, “Fleet Reporting”, “Alphabet Carbon Manager”, 360 Fleet Portal”, or any mobile apps or your contacts with Alphabet. Alphabet also processes your data where they are passed on by Alphabet partners and to the extent that the requirements in compliance with data protection legislation necessary for this are met.

Alphabet acquires and processes your personal data in the following cases, among others: 

• When you contact us directly, for example via our websites or our mobile apps, and you are interested in our products or services or have any other requests; 
   
• When you contract products and services from us in the context of Alphabet’s International Customer Framework Agreement, including data related to the verification of your identity required for advanced (AES) or qualified (QES) e-signature as well as for know your customer (KYC) related checks like information about fraud, criminal offences, suspicious transactions, beneficial ownership, information about PEPs and sanction lists containing your data; 
   
• When you visit our websites and whether you open or forward our messages, including data collected through cookies. You can find more information about Cookies in our Cookie Notice; 
   
• When you request information regarding our products and services (for example mailing of brochures); 
   
• When you respond to our direct marketing activities, for example when you complete a reply card, participate in our customer feedback research surveys or submit your data online on one of our websites or mobile apps. 
   
• When your personal data is sent to us by Alphabet partners or third parties where and to the extent that the requirements in compliance with data protection legislation necessary for this are met, for example you have granted consent or in full awareness of your right of objection have not objected to the forwarding of your data to Alphabet for the purpose of customer care and contact in writing or as part of contractual necessity based on our International Customer Framework Agreement’s; 
   
• When other BMW Group and Alphabet companies as well as our business partners provide data about you in a manner that is permitted. 
   
• When third parties (for example certified address vendors) provide personal data about you in a manner that is permitted. 

Please help us to keep your details up to date by notifying us regarding changes to your personal data – in particular your contact data.

The following categories of personal data can be collected via the numerous services and contact channels described in this data protection notice: 

• Contact data ► first name, family name, business address, business telephone number, business e-mail address, business profession; 
   
• Interests ► Information provided by you about your areas of interest, e.g. the mobility products and services you are interested in, and other personal preferences; 
   
• Other personal data ► Information you have provided, such as date of birth, gender, education or professional situation; 
   
• Contractual data ► e.g. customer number, contract number, contracted mobility services and products, vehicle identification number (VIN), license plate, start and end date of contract, lease amount; Additional examples: mobility fleet data detailing all of your relevant local contract related data for our international customer reporting service e.g. contract number, license plate, VIN, make/model, contracted lead time and mileage, CO2 emissions, customer cost centre, IFRS 16 required data, actual mileage incl. deviations, expected contract expiration, fuel consumption (expected vs. actual), fines statistics, service & maintenance statistics); 
   
• Online account data ► user account data regarding our customer portals and apps and social media accounts; 
   
• Use of website and communication ► Information about how you use the website and whether you open or forward communications from us, including data collected through cookies and other tracking technologies. For more information, see our Cookie Notice; 
   
• Use of Alphabet apps and services ► Information about your use of Alphabet apps (on your mobile device) like e.g., Alphabet app and Fleet Reporting tool including A.I. based digital assistants. 
   
• Transaction and interaction data ► local contract maintenance data, fuel consumption (in case of a fuel card), damage data, information about purchases of products and services, interaction with our sales support (your requests and complaints) and (sales) partners, as well as participation in market surveys; 
   
• Identity information ► Data to establish your identity required for e-signatures but also information on transactions, any payments not made to us; as well as information on cases of fraud, criminal offenses, suspicious transactions, politically exposed persons and sanctions lists in which your data is included; 
   
• Third-party services ► if you use the possibility to have online services of other providers (third parties), these services are the responsibility of the respective provider and are subject to their data protection conditions and terms of use. Alphabet has no influence on the content exchanged here. You should therefore obtain information from the respective provider regarding nature, scope and purpose of the collection and use of personal data within the framework of third-party services.

Alphabet will only process your personal data if this is necessary for provisioning of our products and services. We are processing your personal data in the following cases: 

• To enter into or perform the agreement with you or your employer;  
• Because we have obtained your consent to do so;
• Because we (or a third party) have a legitimate interest for doing so; (only applicable if your interests do not outweigh ours in individual cases);
• Because we are legally obliged to do so;

 

The personal data collected to enter into or perform an agreement or to provide services are processed for the following purposes and legal grounds: 

Contractual necessity 

• To deliver mobility products and services including international fleet reporting and mobility consulting within the international framework agreement; Within the framework of these activities, the data categories stated below are processed:
  • Contact data (last name, first name, business address, business e-mail address, business role, etc.)
  • Contract data (customer ID, customer number, market partner number, contracts number, contract settlement, etc.)
  • Account data (information regarding customer and potential customer portals, social media accounts, social network links, customer profiles, etc.)
• For the correct handling of remuneration management in accordance with the agreement;
• Credit and asset risk assessment;
• Customer service: As part of customer service, we regularly process your data, for example to advise you on necessary adjustments or changes;
• Transmission to third parties in the course of contract initiation and amendments: If you use the option of legitimation via the so-called video identification procedure or digitally sign your application for a mobility service, we will transmit the personal data required for this to the operators of the platforms used for these processes. 

Consent 

• Marketing use – to promote Alphabet services and to share news and offers with you and to adjust them to your profile;
• Research and development of our products and services to provide even better services through surveys;
• All other uses for which we need your consent like e.g., sharing your contact details within BMW Group or any other third parties.

Legitimate interest 

• To prevent fraud and criminal activity: To protect our organisation and society from crime and its consequences;
• Business Intelligence & Reporting: In order to continuously improve our products and services, we carry out certain automated analyses based on contract information and create corresponding reports. On the basis of these evaluations, we derive, for example, new products or measures to improve customer processes. We generally create the aforementioned evaluations and reports in an aggregated and anonymized form;
• Research and development of our products and services to provide even better services through e.g. prompt history analyses of AI based digital assistants, ratings and surveys;
• Advertising and marketing: We use your data for the purposes of direct advertising measures that do not require your express prior consent, as well as for marketing measures. In this context, we also process your data to inform you about our offers that may be of interest to you and to contact you via various communication channels;
• Administrative tasks within the BMW Group: Alphabet is a company of the BMW Group. We process some of your data to make the administration of the various companies within the BMW Group as efficient and successful as possible. This concerns, for example, joint group accounting in accordance with international accounting standards for companies, such as the International Financial Reporting Standards (IFRS);
• Use in the course of the IT change management process: We are constantly developing our system landscape. We do this on the one hand to be able to meet new regulatory requirements and on the other hand to make the contractual relationship as convenient as possible for you by continually optimizing our systems for you. In this context, we may process your personal data in the course of cross-system integration tests in order to be able to guarantee data integrity within our application. 

Legal obligation 

• Prevention of money laundering and terrorist financing as well as defence against criminal acts: Alphabet is also legally obliged to take internal security measures to comply with the provisions of the Money Laundering Act and to carry out sanctions list checks. In this context, we process personal data and, if necessary, transmit it to authorities;
• Purposes of data security: Our legal obligations to ensure the security of your data are very important to us. If necessary, we also process your data as part of measures to check and ensure data security, for example in the context of a simulated hacker attack;
• To respond to binding requests from authorities or regulatory parties. 

An explanation of the area of application of the available legal basis can be found here. 

 

Below we indicate for each mobility solution or service which personal data is processed and which third parties may be involved: 

Operational Lease (general) 

This may concern the operational leasing of a car, but also an LCV, an Alphabet Bike (folding bike) or scooter or motorcycle. The customer pays an agreed monthly amount (which includes the lease period and the number of kilometres driven). A full operational lease includes operational costs, such as maintenance, repairs, insurance, replacement/change of tyres, etc. 

If you purchase this mobility solution, we will process the following personal data about you: 

• About the customer (employer): Name and address of the company, telephone number of the company, email address of the company, Chamber of Commerce number and bank account number, initials and last name, email address and telephone number of contact persons, board members and/or authorised signatories: Name, date of birth, address and place of residence, telephone number; we use the personal data to contact you about our agreement with you, about the underlying individual lease contracts and to verify signing authority. 
   
• About the driver of the vehicle: first and last name of the driver, Alphabet local contract number, customer cost centre, customer employee number, lease asset details (like make/model, engine, fuel type, etc.), contracted lead time and mileage, CO2 emissions, IFRS 16 required data, vehicle identification number, license plate and registration date, actual mileage incl. deviations, expected contract expiration, fuel consumption (expected versus actual), fines statistics, damage statistics, service & maintenance, repairs and tires transactions. 
   

Sharing with third parties: 

Above listed personal data of drivers for operational lease (general), may be shared with third party lease management companies, as part of contracted international fleet reporting, commissioned by our customers (your employer).
Furthermore, vehicle identification number, license plate and registration date, may be shared with vehicle OEMs for handling remuneration schemes. 
We may also transfer your data to other third parties, such as external service or IT providers, payment service providers, external consultants or cooperation partners, for the purposes of contract management and within the framework of statutory disclosure and reporting obligations. Alphabet will ensure that these third parties guarantee the confidentiality of your data. The list of Alphabet affiliates and the list of Alphabet international cooperation partners can be found here. 

Basis for processing: 
We use this personal data for the performance of our lease contract with you, to submit fleet related reports to your employer, as well as to comply with our statutory reporting obligations to the tax authorities. 
 

Customer Care 

We use your personal data for contract administration or to handle a request you have submitted (such as a request for a price quote). 

With regard to all aspects of contract management or handling a problem, we will contact you without permission, for example, in writing, by telephone, by text message or by email, depending on the preference you indicated. 

We will also contact you in carefully considered cases with promotional communication if and to the extent that the requirements in compliance with data protection legislation necessary for this are met and in full awareness of your right of objection you have not objected to the use of your data for the purpose of written communication. 

Alphabet also processes your personal data on this basis to optimize your experience with Alphabet Customer Care, e.g. to identify you correctly if you contact us. 

Basis for processing 
The basis for this processing is performance of an agreement, legitimate interest and consent. 

 

Management reports 

For the preparation of management reports, we can process personal data for statistical and scientific purposes, in order to improve the quality of our products and services. This processing takes place on an anonymous basis and cannot be traced back to individual persons. 

We also supply our customer with fleet management reports to give the customer insight into the vehicle fleet and possibly generate control information from it; in these reports we will treat privacy-sensitive personal data such as location details and nature of violations in accordance with what is stated in the section ‘How do we protect your personal data?’. 

Basis for processing 
The basis for this processing is performance of a contract and legitimate interest. 

 

Compliance with legal obligations imposed on Alphabet 

Alphabet will also process personal data if there is a legal obligation to do so. This can be the case, for example, for anti-money laundering. 

Gathered data are also processed within the framework of ensuring the operation of IT systems. Ensuring operation involves the following activities: 

• Backup and restore of data processed in IT systems;
• Logging and monitoring of transactions to check the correct function of IT systems;
• Detection and defence against unauthorized access to personal data;
• Incident and problem management to remedy malfunctions in IT systems. 

Gathered data are also processed within the framework of internal compliance management in which we, for example, check whether you have been advised to an adequate extent within the framework of concluding a contract and that the Alphabet partner has complied with all legal obligations. 

Alphabet is subject to a large number of other legal obligations. In order to fulfil these obligations, we process your data to the required extent and, if necessary, pass them on to the authorities responsible within the framework of legal obligations of notification. 

We also process your data in the event of legal conflicts if the legal conflict makes processing the data necessary. 

Basis for processing 
The basis for processing this personal data is a legal obligation. 

 

Visiting Alphabet sites - Entry check and security 

If you visit one of our sites, we may use your personal data to provide you with an access badge, for access checks and to ensure the security of our sites. 

The following personal data about you may be processed: Your name, your contact details and the name of the person you are visiting at Alphabet. 

Alphabet also relies on camera surveillance; the cameras in question have only been installed for the security of the sites in question; personal data will be used for this purpose only and images from the cameras in question will not be stored for longer than is strictly necessary and in accordance with legal regulations. 

Basis for processing 
The basis for processing this personal data is a legitimate interest. 

 

Communication via email or contact forms 

Personal data entered in contact forms, digital assistants like e.g. AI based chatbots, info e-mail address, or via messages or forms on our official social media channels, are transferred to the competent departments within Alphabet. 

 

Marketing communication and market research 

Insofar as you have separately given your consent to further use of your personal data, your personal data may be used in accordance with the scope described in the consent declarations, for example for promotional purposes (selected offers of products and services), market and customer feedback research, and with your separate consent subsidiaries of Alphabet International GmbH, selected Alphabet partners and BMW Group. Details are included in the respective declaration of consent, which you can revoke at any time. 

Contact information, for example 
Name, address, e-mail, telephone number 

Supplementary personal details / preferences, e.g. 

• Company name, your relationship with this company if you are our contact person for this company
• Interests and preferences
• Status of your data protection declaration of consent and selected and/or preferred communication channel 

Identification data, for example 
Customer number, contract number 

Customer history, for example 

• Contracted mobility products & services
• Data acquired at Alphabet partners (such as point in time of contact and contact type)
• Campaign history and resonance (customer and potential customer care program and direct marketing measures
• Participation in events
• Inquiry and complaint history at Alphabet Customer Care 

App / website / social media data 
If you have registered or logged in, your account data, for example at Fleet Reporting tool. 

Alphabet uses the sales and customer care data acquired in this way 

• To determine which information and offers are most likely to be of interest to you
• To contact you in the context of this information and these offers
• To send promotional communication (e.g. product launches or invitations to events) in line with your data protection declaration of consent.

In the data protection declaration of consent, you also lay down the communication channels (e.g. post, telephone, e-mail) we are permitted to use to contact you. 

As a rule, data processing for promotional purposes takes place in Germany; under no circumstance are personal data transferred to a country outside the EU for promotional communication or market research purposes. 

Basis for processing 
The basis for processing your personal data here is legitimate interest and consent. 

 

Social media (personalized content) 

We process your personal data (IP address, social ID and cookie ID) and browsing behaviour in order to be able to offer relevant content based on this data. We also personalize ads via social media, such as Facebook. LinkedIn and You tube. We use custom audiences within social media to do this. These audiences are built based on browsing behaviour on our website and/or interactions with certain previously shown advertisements. We do this to best serve you and provide you with relevant content that suits your interests. 
 

Social Media Fan Pages 

The content of these social media pages is the responsibility of Alphabet. 

When you visit our social media page, like Facebook or LinkedIn, as the responsible party, collects personal data from users, for example through the use of cookies. Such data collection by social media operators can also take place from visitors to this page who are not logged in or registered with social media platforms. Information about data collection and further processing by social media platform operators can be found in the respective social media platform operator's privacy policy. 

Alphabet cannot track which user data social media platform operators collects. Alphabet also does not have full access to the data collected or your profile data. Alphabet can only see the public information on your profile. 

You decide what this specifically is in your social media platform settings. 

Alphabet uses your data when you engage with digital chat functions to answer your request. The sales and customer service information collected in this way is used to contact you in order to provide you with the information and offers you require. 

Alphabet receives anonymous statistics on the use of social media pages due to legitimate interest from social media platform operators. The following information is provided: 

• Followers: Number of people who follow Alphabet - including growth and development over a defined time frame.
• Reach: Number of people who see a specific post. Number of interactions on a post. From this you can deduce, for example, which content is better received in the community than others.
• Ad performance: How many people were reached with a post or a paid ad and interacted with it?
• Demographics: Average age of visitors, gender, place of residence, language. 

We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offering on social media platforms and to better respond to the interests of our users. We cannot link the statistical data with the profile data of our fans. You can use your social media platform settings to decide in which form targeted advertising is displayed to you. 

Alphabet receives personal data via social media platforms if you actively communicate this to us via a personal message on these social media platforms. We use your data (e.g. first name, last name, contract number, etc.) to answer your request in our customer service. Your data is stored in our CRM system for this purpose. Alphabet also receives personal data via social media platforms if you use a form with pre-filled fields with data from your profile to send the data to us and actively send the data to us by clicking on a button. 

 

Transfer of personal data 

Data transfer within BMW Group Financial Services 

In principle, your personal data will remain with Alphabet wherever possible. In this respect, we also observe the principle of data minimisation. However, Alphabet is part of BMW Group Financial Services (hereinafter "BMW FS"), which has more than 50 companies worldwide. Your data may therefore be transferred to one or more subsidiaries of BMW FS or the BMW Group in individual cases. Such a transfer is particularly possible in the context of the circumstances described below: 

• If you have previously given us your express consent to share your data with other companies of BMW FS or the BMW Group for advertising or marketing purposes;
• In principle, we only report anonymized or aggregated data to BMW AG and BMW FS. However, it may happen that individual contract-related information and/or vehicle identification numbers are transferred in such an internal report (e.g. to validate internal regulatory asset and credit risk models). 

 

Data transfer within the BMW Group 

As part of BMW FS, Alphabet is also part of the BMW Group. We sometimes send your data to other BMW Group companies, which process your data entirely on our behalf and in accordance with our instructions. Such cases of order processing exist, for example, with BMW Group IT of BMW AG. If necessary, we will also transmit your data to other BMW Group companies, which further process it as their own controllers. Such data transfer can occur under the following circumstances and for the following purposes: 

• If you have previously given us your express consent to share your data with other BMW Group companies for advertising or marketing purposes;
• As part of group reporting, we may transmit data to BMW AG, e.g. in the case of leased vehicles, we transmit invoice-relevant information on the respective vehicle identification number to BMW AG as part of the assessment of the residual values;
• In some cases, it is necessary to process and store your personal data, for example because of a joint consolidated accounting in accordance with the International Financial Reporting Standards (IFRS) for companies. 

Basis for processing 
The basis for processing here is consent, legal basis and legitimate interest. 

 

Data transfer to selected third parties 

Data are forwarded to the following companies, among others, if and to the extent that the requirements in compliance with data protection legislation necessary for this are met: 

• To carefully selected and checked service providers and business partners with whom we cooperate to be able to offer you products and services. We do this for Alphabet only within the framework of the strict conditions of data processing for those products and services or on the basis of your express consent;
• In the event of the sale of a business unit or several business units of Alphabet to a company to which we assign our rights in compliance with all agreements that exist between us;
• To third party Fleet Management companies that are commissioned to manage your fleet on your behalf, for example we provide basic fleet management reports detailing only strictly fleet contract related data.
• To other third parties (for example public authorities) to the extent that we are legally obliged to do so. 

 

Sales compliance – Service and administrative processes of Alphabet 

To continuously optimise customer experience and cooperation with partners and customer service, we create assessments and reports based on contract information and share them with the responsible partners. The main purpose of these evaluations is to initiate corresponding measures (for example training courses for Sales and Service personnel) to improve sales and consultancy processes. We will create the reports described above in an aggregated and anonymized form, i.e. the recipients of the reports are unable to draw any conclusions regarding you as a person from the data they contain. 

Some specific data is also processed - if necessary - in order to comply with the service processes (including repairs, warranty and goodwill). This processing is in Alphabet’s legitimate interest to offer our customers the best possible service processes. To protect the privacy of our customers, the processing of technical data is in general vehicle specific without direct reference to the customer.   

Basis for processing 
The basis for processing here is legitimate interest.

We implement a range of security measures such as encryption and authentication tools in keeping with the latest technology to protect and maintain the security, integrity and availability of your personal information. 

While we cannot guarantee 100% protection against unauthorised access in the case of data transmission over the Internet or a website, we, along with our service providers and business partners, make every effort to protect your personal data in accordance with the applicable data protection regulations by means of physical, electronic and process-oriented security measures in accordance with the current state of the art. The facilities we use include the following: 

• Strict criteria for permission to access your personal data in accordance with the principle of ‘need-to-know’ (limitation to as few people as possible) and only for the specified purposes;
• Encrypted transmission of collected personal data only;
• Storage of strictly confidential data exclusively in encrypted form;
• Protection with an IT network firewall to protect against unauthorised access, e.g. by hackers;
• Permanent monitoring of access to IT systems to detect and prevent misuse of personal data. 

If you have received a password from us or created your own password to access certain sections of our website or other portals, apps or services operated by us, it is your responsibility to keep this password confidential and to comply with any other security procedures we may instruct you to follow. We specifically request that you do not share your password with anyone. 

 

Security measures for location data 

Some services can only be offered if you disclose your location or the location of your vehicle. We take the confidentiality of this location data extremely seriously. Your location data (including data that is accessed as part of maintenance work on the vehicle) is therefore protected by the following security measures: 

• The data will only be stored in a form that can be traced back to you or your vehicle to the extent required to fulfil the intended purpose for which storage is required;
• Personal data is only collected and accessed in this form when required to provide the requested services;
• Personal data is also collected and accessed in this form to the extent that we are legally obliged to store or transfer the personal data;
• Personal data used to locate the vehicle and personal data used to locate a mobile device/your mobile device will only be linked if necessary to provide the services requested;
• Any other use of location data for analysis takes place using data files that have been anonymised in advance. 

If it is not necessary for the implementation of our agreement with your employer, we will not transfer location data to your employer.

In accordance with Article 17 GDPR, we store your personal data for as long as required for the purposes for which we process your personal data. If we process personal data for multiple purposes, it is automatically deleted or stored in a format that prevents the personal data from being directly traced back to you as a person once the last task has been performed. To ensure that all your personal data is deleted in accordance with the principle of data minimisation and Article 17 GDPR, Alphabet has developed internal procedures for data erasure and deletion. The fundamental principles on which your personal data will be deleted are described below. 

 

Use for contractual compliance 

To comply with contractual obligations, personal data collected from you may be retained as long as the contract is in force and - depending on the nature and scope of the contract - for 6 to 10 years thereafter in order to comply with legal requirements for retention and to be able to answer any questions or resolve any complaints after the termination of the contract. 

Additionally, there are contracts for the supply of products and services that require longer retention periods; see also the section “Use for assessing claims” below. 

 

Use for assessing claims 

Personal information that we deem necessary for the assessment and prevention of claims against us, or to institute criminal proceedings or prevent claims against you, us or third parties, may be retained by us for as long as such proceedings could be instituted. 

 

Use for customer service and marketing purposes 

Personal data collected about you for customer service and marketing purposes may be retained for a period of 3 to 10 years, unless you wish to have these data deleted and there are no contractual or legal requirements for preservation that prevent this request for deletion.

Alphabet is a global company. Personal data are processed by Alphabet employees, Alphabet partners and by service providers we have commissioned, preferably within the EU. 

If personal data is processed in countries outside the EU, Alphabet uses EU standard contractual clauses, including appropriate organisational, technical and organisational measures derived from transfer impact assessments, ensuring that your personal data is processed at the same level as under European data protection law. 

In some countries outside the EU, for example Canada and Switzerland, the EU has already determined a level of data protection comparable with that in Europe. The comparable level of data protection means that data transfer into these countries does not require any special permission or agreement. 

To support the provision of the services and intended purposes listed above, Alphabet uses a number of service providers that are commissioned by BMW AG within the framework of the strict conditions of data processing in compliance with data protection legislation. 

Please contact us here if you would like to see the specific safeguards for the transfer of your data to other countries.

If you have any questions regarding the use of your personal data by us, it is best to contact Alphabet Customer Care first, either per e-mail at getintouch@alphabet.com or by telephone at the number +49 89 382-79002 (daily 08:00 – 18:00 hrs). 

Over and above this, you can contact the data protection officer responsible that can be found here. 

As the person affected by the processing of your data, the basic EU data protection regulations and other relevant data privacy protection regulations enable you to assert certain rights in relation to us. The following section contains explanations of your rights as defined by the basic EU data protection regulations. Depending on the type and scope of your inquiry, we ask you to put the inquiry in writing. 

 

Rights of persons affected 

In line with the basic EU data protection regulations, as the person affected you have the following rights in particular vis-à-vis Alphabet: 

Right to information (Article 15 of basic EU data protection regulations): You can ask us for information regarding any data of yours that we keep at any time. This information concerns, among other things, the data categories we process, for what purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data. You can obtain a copy of your data from us free of charge. If you are interested in other copies, we reserve the right to charge for the additional copies.
 

Right to correction (Article 16 of basic EU data protection regulations): You can request that we correct your data. We will initiate appropriate measures to keep the data of yours that we continuously process correct, complete, and up to date, based the latest information available to us.
 

Right to deletion (Article 17 of basic EU data protection regulations): You can request that we delete your data provided the legal requirements have been met. In accordance with Article 17 of basic EU data protection regulations, this can be the case if  

• The data are no longer required for the purposes they were acquired or otherwise processed
• You revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing
• You object to the processing of your data and there are no legitimate reasons for the processing, or you object to data processing for the purposes of direct advertising
• The data have been processed illegally 

Where the processing is not necessary

• To ensure adherence to a legal obligation that requires us to process your data
• In particular with regard to legal retention periods
• To assert, exercise or defend against legal claims
   

Right to restriction of processing (Article 18 of basic EU data protection regulations): You can request that we restrict the processing of your data if

• You dispute the correctness of the data - for the period of time we need to check the correctness of the data
• The processing is illegal, but you do not wish to have your data deleted and request a restriction of use instead
• We no longer need your data, but you need them to assert, exercise or defend against legal claims
• You have filed an objection to the processing, though it has not yet been decided whether our legitimate grounds outweigh yours.
   

Right to data transferability (Article 20 of basic EU data protection regulations): At your request, we will transfer your data – where technically possible – to another responsible entity. However, this right only applies if the data processing is based on your consent or is required to fulfil a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.
 

Right to objection (Article 21 of basic EU data protection regulations): You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party. In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.
 

Time limits for compliance with the rights the persons affected 
As a general principle, we make every effort to comply with all requests within 30 days. This time limit, however, can be extended for reasons related to the specific rights of persons affected or complexity of your request.
 

Restriction in the provision of information regarding the rights of persons affected 
In certain situations, legal specifications might require us not to provide information regarding all of your data. If we have to refuse your request for information in such a case, we will inform you of the reasons for refusal at the same time.
 

Complaints to supervisory authorities Alphabet takes your reservations and rights very seriously. However, if you are of the opinion that we have not dealt with your complaints or reservations adequately, you have the right to submit a complaint to the data privacy protection authorities responsible: https://www.lda.bayern.de/de/beschwerde.html.