Data Protection Notice

The joint controllers as defined by the EU General Data Protection Regulation (GDPR) are:
(in the following also referred to as “We” or “Mercedes-Benz.io”)

Mercedes Benz.io GmbH
Industriestrasse 19-21, 70565 Stuttgart, Germany

Mercedes-Benz.io Portugal Unipessoal Lda.
Avenida Dom João II, 41, 5º piso
1990-096 Lisboa
E-Mail: hello-portugal@mercedes-benz.com

Data Protection Officer:
Mercedes-Benz Group AG,
Group Chief Data Protection Officer,
HPC W079, 70546 Stuttgart, Germany
E-Mail: data.protection@mercedes-benz.com

1. Data protection

We are pleased about your visit on our web pages and your interest in our offers. The protection of your personal data is an important concern for us. In these Privacy Statement we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and which rights and claims are associated with it for you. In addition, we refer to the Mercedes-Benz Data Protection Policy: Mercedes-Benz Data Protection Policy.

Our Privacy Statement for the use of our websites and the Data Protection Policy of Mercedes-Benz Group AG do not apply to your activities on the websites of social networks or other providers that you can reach via the links on our websites. Please check the websites of these providers for their data protection regulations.

2. Collection and processing of your personal data

a. When you visit our website, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g. whether you were able to access a website or received an error message), the use of website functions, the search terms you may have entered, the frequency with which you access individual websites, the designation of files accessed, the amount of data transferred, the website from which you accessed our websites and the website which you visit from our websites, either by clicking on links on our websites or by entering a do-main directly in the input field of the same tab (or the same window) of your browser in which you opened our websites. We also store your IP address and the name of your Internet service provider for seven days for security reasons, in particular to prevent and detect attacks on our websites or attempts at fraud.

b. We only store other personal data if you provide this data, e.g. as part of a registration, a contact form, a survey, a price competition or for the execution of a contract, and even in these cases only insofar as this is permitted to us on the basis of a consent given by you or in accordance with the applicable legal provisions (further information on this can be found below in the section "Legal bases of processing").

c. You are not legally or contractually obliged to make available your personal data. However, it is possible that certain functions of our websites depend on the availability of personal data. If you do not make available personal data in these cases, this may result in functions not being available or only being available to a limited extent.

3. Purposes of use

a. We use the personal data collected when you visit our website in order to operate it in the most convenient manner for your use and to protect our IT systems from attacks and other illegal activities.

b. If you provide us with further personal data, e.g. within the scope of a registration, a contact form, a survey, a price competition or for the execution of a contract, we use this data for the purposes mentioned and - if necessary - for the purposes of processing and accounting of any business transactions, in each case to the extent required for this.

4. Transfer of personal data to third parties; social plug-ins; use of service providers

a. Our websites may also contain an offer of third parties. If you click on such an offer, we transfer data to the respective provider to the required extent (e.g., information that you have found this offer with us and, if applicable, further information that you have already provided on our websites for this purpose).

b. When we use social plug-ins on our websites from social networks such as Facebook and Twitter, we integrate them as follows:

When you visit our websites, the social plug-ins are deactivated, i.e., no data is transmitted to the operators of these networks. If you want to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.

If you have a user account on the network and are logged in when you activate the social plug-in, the network can associate your visit to our websites with your user account. If you want to avoid this, please log out of the network before activating the social plug-in. A social network cannot associate a visit to other Mercedes-Benz websites until you have activated an existing social plug-in.

When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that network.

The social plug-in remains active until you deactivate it or delete your cookies.

Our website may contain links to following Social Media plattforms:

LinkedIn Ireland Unlimited Company, Wilton Place,, Dublin 2, Irland (more information)

Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA 8 (more information)

Github Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA (more information).

By visiting the data protection information linked above you will be redirected to the respected website of the according company. The processing of your personal data which may occur during this redirection is not part of our responsibility area.

Cookie Statement

c. If you click on the link to an offer or activate a social plug-in, personal data may reach providers in countries outside the European Economic Area that, from the point of view of the European Union ("EU"), may not guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. Please remember this fact before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.

d. We also use qualified service providers (IT service providers, marketing agencies) to operate, optimize and secure our websites. We only pass on personal data to third parties if and to the extent necessary for the provision and use of the websites and their functionalities, for the pursuit of legitimate interests or if you have consented to it (see section “Legal bases of processing” below).

5. Security

We use technical and organisational security measures to protect your data managed by us against manipulation, loss, destruction and against access by unauthorised persons. We are constantly improving our security measures in line with technological developments.

HOW TO SUBMIT A VULNERABILITY

To disclose a potential vulnerability, please follow the process described here.

a. Insofar as you have given us your consent for the processing of your personal data, that consent is the legal basis for the processing (Art. 6 para. 1 letter a GDPR).

b. For the processing of personal data for the purposes of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.

c. Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g., for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 letter c GDPR.

d. In addition, we process personal data for the purposes of safeguarding our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 para. 1 letter f GDPR. Maintaining the functionality of our IT systems, (direct-) marketing our own and third-party products and services as well as documenting business contacts as required by law are such legitimate interests. As part of the consideration of interests required in each case, we take into account various aspects, in particular the type of personal information, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal information.

7. Deletion of your personal data

Your IP address and the name of your Internet service provider, which we only store for security reasons, will be deleted after seven days. Otherwise, we delete your personal data as soon as the purpose for which we have collected and processed the data ceases to apply. Beyond this time period, data storage only takes place to the extent made necessary by the legislation, regulations or other legal provisions to which we are subject in the EU or by legal provisions in third-party countries if these have an appropriate level of data protection. Should it not be possible to delete data in individual cases, the relevant personal data are flagged to restrict their further processing.

8. Rights of the data subject

a. As a data subject, you have the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data portability (Art. 20 GDPR).

b. If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The legality of processing your personal data before revocation remains unaffected. We may further process such data pursuant to another applicable legal basis, e.g., for the fulfilment of our legal obligations (see section "Legal bases of processing").

c. Right to object
You have the right to object at any time to the processing of your personal data pursuant to Art. 6 para. 1 letter e GDPR (data processing in the public interest) or Art. 6 para. 1 letter f GDPR (data processing on the basis of a balance of interests) on grounds relating to your particular situation. If you object, we will only process your personal data if we can prove compelling legitimate reasons that outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. To the extent we process your personal data for direct marketing purposes, you have the right to object thereto at any time without giving reasons.

d. We ask you to address your claims or declarations to the following contact address if possible: MBio-datacompliance@mercedes-benz.com.

e. If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

10. Central Access Service of Mercedes-Benz Group AG

With the Central Registration Service offered by Mercedes-Benz Group AG, you can sign up for every website and application belonging to the Mercedes-Benz Group and its brands that are connected to the service. The applicable terms of use contain specific data protection provisions. Those terms of use can be found on the registration pages of affiliated websites and applications.

11. Data transmission to recipients outside the European Economic Area

a. When using service providers (see section “Use of service providers”), personal data may be transferred and processed by recipients in countries outside the European Union ("EU"), Iceland, Liechtenstein and Norway (= European Economic Area), in particular the USA, India.

b. From the point of view of the EU, the following countries provide an adequate level of protection for the processing of personal data in accordance with EU standards (so-called adequacy decision): Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, South-Korea, Switzerland, United Kingdom, Uruguay. We agree with recipients in other countries to apply EU standard contractual clauses, binding company regulations or other applicable instruments (if any) in order to create an appropriate level of protection in accordance with the legal requirements. For more information, please use the contact details given in the section “Rights of the data subject” above.

12. Cookies

Information on the cookies we use and their functions can be found in our Cookie Statement.

Cookie Statement

Last update: January 2024