Looking for a quick way to edit your cookie preferences?

Privacy Policy

updated on 1 March 2021

WunderCar Mobility Solutions GmbH and its affiliated companies (“Wunder”, “we”, “us”) is committed to the protection of your (“you” or “your”) personal data. Our Privacy policy is designed to inform you of our practices concerning the collection, use and disclosure of information that you may provide to us via our website, other associated partner websites, as required by Art. 13 of the General Data Protection Regulation (GDPR). By using our website or any service that we offer, you agree to the collection, use, and disclosure of that information about you in accordance with, and are agreeing to be bound by, this Privacy Policy.

  1. Controller
  2. How we collect your data
  3. Usage data
  4. Anonymous visitor measurement
  5. Storage of IP address for security purposes
  6. Data security
  7. Cookies
  8. Third party tracking technologies for advertising purposes
  9. Google Analytics
  10. Visitor measurement
  11. Social plugins
  12. Embedded videos
  13. Newsletter Registration and Delivery
  14. Direct Marketing
  15. Contact form
  16. Your rights as a data subject
  17. Asserting your rights
  18. Other privacy policies

1. Controller

The Controller for the data processing operations described below is the office named in the imprint.

2. How we collect your data

We use different methods to collect data from and about you including through:

More details are provided in the sections: Contact us, Newsletters and Direct Marketing.

We keep your personal data only as long as necessary for fulfilment of the purposes described or as required by law.

3. Usage data

When you visit our website, our web server temporarily stores usage data for statistical purposes as a protocol in order to improve the quality of our website. This data consists of the following data categories:

The mentioned log data will only be evaluated anonymously.

4. Anonymous visitor measurement

On our web pages we make an anonymous visitor measurement. For this purpose, the protocol data of the web server as well as the abbreviated IP address are evaluated. Any conclusions about you are not possible.

5. Storage of IP address for security purposes

In addition, we store the complete IP address transmitted by your web browser for a period of 90 days in the interest of detecting, limiting and eliminating attacks on our web pages. After this period we delete or anonymize the IP address. The legal basis is Art. 6 (1) (1f) of the GDPR.

6. Data security

We take technical and organizational measures to protect your data as effectively as possible from unwanted access. We use an encryption procedure on our web pages. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

7. Cookies

(a) Required Cookies

We use cookies on our websites, which are necessary for the use of our websites.

Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these required cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information on certain settings and cannot be linked to a person. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies on the basis of Art. 6 (1) (1f) GDPR.

You can set your browser to inform you about the placement of cookies. This is in order to make the use of cookies transparent for you. You can also delete cookies at any time by using the appropriate browser setting and prevent the setting of new cookies.

Cookie Name Type More Information Expiration Period
cache-sprite-plyr HTML This cookie is necessary for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor’s browser Persistent
plyr HTML Necessary for the implementation of embedded video-content on the website Persistent
player HTM Saves the user's preferences when playing embedded videos from Vimeo 1 year
(b) Optional Cookies

Session cookies and Analytical Cookies

Cookie Name Type More information Expiration period
lang HTTP Session cookie - Remembers the user's selected language version of a website For the duration of the session
_ga HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website 2 Years
_gat HTTP Used by Google Analytics to throttle request rate 1 day
_gid HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website 1 day
sliguid HTTP Contains an visitor ID - This is used to track visitors' navigation and interaction on the website for internal website optimization 5 years
slirequested HTTP Contains an visitor ID - This is used to track visitors' navigation and interaction on the website for internal website optimization 5 years
sync_captions HTTP Statistics cookie - Used by Vimeo to track usage of their embedded video player Persistent
vuid HTTP Collects data on the user's visits to the website, such as which pages have been read 2 years
lastBlog HTTP Registers blog post views in order for us to measure success of our blog and content. Persistent
lastBlogTime HTTP Registers blog post view date in order for us to understand how engaging a blog post is when paired with contact date. Persistent
(c) Targeting cookies
Cookie name Type More information Expiration period
_gcl_au HTTP Used by Google AdSense for experimenting with advertisement efficiency across websites using their services 3 months
_uetsid HTML Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement Persistent
_uetsid_exp HTML Contains the expiry-date for the cookie with corresponding name Persistent
ads/ga-audiences Pixel Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor 's online behaviour across websites Session
bcookie HTTP Used by the social networking service, LinkedIn, for tracking the use of embedded services 2 years
bscookie HTTP Used by the social networking service, LinkedIn, for tracking the use of embedded services 2 years
lidc HTTP Used by the social networking service, LinkedIn, for tracking the use of embedded services 1 day
lissc HTTP Used by the social networking service, LinkedIn, for tracking the use of embedded services 1 year
MUID HTTP Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains. 1 year
site_identity HTTP Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant. 999 days
slireg HTTP Registers user behaviour and navigation on the website, and any interaction with active campaigns. This is used for optimizing advertisement and for efficient retargeting. 6 days
UserMatchHistory HTTP Used to track visitors on multiple websites, in order to present relevant advertisements based on the visitor 's preferences. 29 days
_uetvid HTTP This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. 16 days
_uetvid_exp HTML Contains the expiry-date for the cookie with corresponding name Persistent
utm_data HTML Registers the source of a user who has submitted our contact form. e.g. organic google search or bing ad Persistent

Analytical cookies and Targeting cookies are used on the basis of Art. 6 (1) (a) GDPR (your consent).

You can set your cookies preference at any time by following this link to make the appropriate changes.

Or, click the button below:

8. Third party tracking technologies for advertising purposes

We use cross-device tracking technologies so that based on your visit to our websites you can see advertisements tailored to your interests on other websites and we can measure how effective our advertising has been. The data processing is based on your consent in accordance with Art. 6 (1) (1a) GDPR, if you have given your consent via our website banner. Your consent is voluntary and can be revoked at any time.

(a) How does tracking work?

When you visit our websites, it is possible that those third-party providers listed below may retrieve identification characteristics of your browser or terminal device (e.g. a so-called browser fingerprint), evaluate your IP address, save or extract identification characteristics on your terminal device (e.g. cookies) or gain access to unique tracking pixels. The individual characteristics can be used by those third parties to identify your terminal device on other websites. We may commission the relevant third parties to place advertisements based on the pages visited on our website.

(b) What does cross-device tracking mean?

If you log on to the third-party provider with your user data, the respective identification characteristics of different browsers and terminal devices can be linked with each other. For example, if the third-party provider has created a separate characteristic for each laptop, desktop personal computer, smartphone or tablet you use, these individual characteristics can be assigned to each other as soon as you log in to a service of the third-party provider with your login credentials. This allows the third party to target our advertising campaigns across different devices.

(c) Which third-party providers do we use in this context?

Listed below we specify those third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you give us your consent, any transfer to a third country is based on Art. 49 (1a) GDPR.

9. Google Analytics

We use the web analysis tool “Google Analytics” to design our websites according to your needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In this way we are able to recognize returning visitors and count them as such.

Within the framework of Google Analytics, Google Ireland Limited and Google LLC support us. (USA) support us as processors according to Art. 28 of the GDPR. The data processing can therefore also take place outside the EU or EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. Please take this into account if you decide to give your consent to our use of Google Analytics.

The data processing is based on your consent in accordance with Art. 6 (1 a) of the, if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 (1a) of the GDPR.

You can withdraw your consent at any time. Please follow this link and make the appropriate changes.

10. Visitor measurement

These create usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In addition, it is possible that we call up recognition features for your browser or terminal device (e.g. a so-called browser fingerprint or your unabridged IP address). In this way we are able to recognize returning visitors and count them as such.

In addition, we use the following functions in the context of visitor measurement:

The data processing is based on your consent in accordance with Art. 6 (1a) of the GDPR, if you have given your consent via our banners.

Which third-party providers do we use in this context?

In the following, we will name the third-party providers with whom we cooperate in connection with visitor measurement. If the data is processed outside the EU or EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to a third country is based on Art. 49 (1a) of the GDPR.

Provider Adequate level of data protection Revocation of consent
Google Ireland Limited Processing within EU/EEA If you want to revoke your consent, please follow this link and make the appropriate changes.
Google LLC (USA) No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) of the GDPR. If you want to withdraw your consent, please Please follow this link and make the appropriate changes.

11. Social plugins

You can use social plugins on our website. However, for reasons of data protection, we only integrate the social plugins we use in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services.

You can, however, activate and use the social plugins integrated in our websites. For this purpose, we use a solution by which our web server provides in a first step all data and functions required to display the social plugin. Only when you decide to activate the respective social plugin and click on the corresponding preview image or icon, in a second step your browser will establish a connection to the servers of the provider of the respective social media service.

If you activate a plugin, the social media service receives in particular your IP address and, among other things, information about your visit to our websites. This happens regardless of whether you have registered an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles based on your data and use them for the purpose of personalized advertising. Furthermore, your data will be used to inform other users of the social media service about your activities on our websites.

The integration is based on your consent according to Art. 6 (1) (1a) GDPR, if you have given your consent by clicking on the preview image. Please note that the integration of many social plugins means that your data is processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you provide consent, the transfer to an unsafe third country is based on Art. 49 (1a) GDPR.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or icon of the respective Social Plugin

Third party Provider Adequate level of data protection Revocation of consent
Twitter (USA) No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. If you have clicked on a preview image, the content of the third-party provider is immediately reloaded. If you do not want such reloading on other sites, please do not click on the preview image anymore.
Facebook. (Instagram) (USA) No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. If you have clicked on a preview image, the content of the third-party provider is immediately reloaded. If you do not want such reloading on other sites, please do not click on the preview image anymore.
LinkedIn (USA) No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. If you have clicked on a preview image, the content of the third-party provider is immediately reloaded. If you do not want such reloading on other sites, please do not click on the preview image anymore.

12. Embedded videos

On our websites we embed videos that are not hosted on our servers. If you access web pages with embedded videos, content from the third-party provider who provides the videos will be downloaded. The third-party provider is thereby informed that you have accessed our website and receives the usage data that is technically required for this purpose.

We have no influence on further data processing by the third-party provider. However, when embedding the videos, we have taken care to activate the extended data protection mode offered by the third-party provider. The extended data protection mode ensures that the third-party provider does not set any cookies.

The embedding is based on Art. 6 (1) (1f) GDPR and in the interest of making our site as appealing and informative as possible.

Third party Provider Maximum retention period Adequate level of data protection Revocation of consent
YouTube / Google (USA) 90 days - No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. If you wish to object to the embedding, please stop using our site.
Vimeo (USA) 90 days - No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1a) GDPR. If you wish to object to the embedding, please stop using our site.

13. Newsletter Registration and Delivery

You may register to receive our newsletter on our website. Please note that we require certain data (your email address) to complete the newsletter registration.

We will only send you the newsletter if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. After you have completed the newsletter registration on our website, you will receive a confirmation e-mail to the e-mail address you provided (double opt-in). You may withdraw your consent at any time. An easy way to withdraw your consent is, for example, to use the unsubscribe link provided in every newsletter.

As part of the newsletter registration process, we store certain data in addition to the above-mentioned data, as far as is necessary to prove so that you have registered for our newsletter. This may include storing the complete IP address at the time of the registration or confirmation of the newsletter, as well as a copy of the confirmation mail sent by us.

The legal basis for the data processing is our legitimate interest to be able to account for the legality of the newsletter delivery according to Art. 6 (1) (a) GDPR.

14. Direct Marketing

Where we receive your email address in connection with the sale of a product or service, we will use the email address for direct marketing of our own similar goods or services, unless you have objected to the processing. When collecting the address and for each use, we clearly point out that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.

The legal basis for the data processing is our legitimate interest to be able to promote the sale of our goods or services according to Art. 6 (1) (f) GDPR. An uncomplicated method to object to this processing is provided e.g. by the cancellation link provided in every email.

15. Contact form

You are welcome to reach us via our contact form. In order to use our contact form, we first need the data marked as mandatory.

We use this data on the basis of Art. 6 (1) (1f) GDPR to respond to your requests.

Furthermore, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not required for contacting us. We process your voluntary details on the basis of your consent in accordance with Art. 6 (1) (1a) GDPR.

Your data will only be processed to answer your request. We will delete your data if they are no longer required and there are no legal obligations to retain them.

As far as your data, transmitted via contact form, is processed on the basis of Art. 6 (1) (1f) GDPR, you can object to the processing at any time. In addition, you can revoke your consent to the processing of your voluntarily stated information at any time. To do so, please use the email address provided in the section below “Asserting your rights”.

If you get in contact with us via the contact form for the “Wunder Marketplace” program, the basis of your consent is based on Art. 6.1 (a) GDPR. Our sales representatives may share your personal data (contact data provided by you in the form) with the “Wunder Marketplace” partner you are interested in. Some of those service providers are based in countries outside of the European Economic Area therefore the processing may pose a risk due to the possible absence of an adequacy decision or appropriate safeguards (Art.49.1 (a) GDPR).

As far as your data, transmitted via contact form, is processed on the basis of Art. 6 (1) (1f) GDPR, you can object to the processing at any time. Wunder may process information you make available in your social media profiles if you accept to be connected with us on the social media environment, you can object to this processing at any time. In addition, you can revoke your consent to the processing of your voluntarily stated information at any time. To do so, please use the email address provided in the section below “Asserting your rights”.

16. Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access by the data subject (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement without delay.

Right to erasure (Art. 17 GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of our examination.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that this data be transferred to a third party.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) 1 f GDPR (data processing for the purpose of our legitimate interests) or on the basis of Art. 6 (1) 1 e GDPR (data processing for the purpose of protecting public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or if data is still needed for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In terms of Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. This right may be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

17. Asserting your rights

Please contact us to assert your rights. You will find our contact details in our imprint.

WunderCar Mobility Solutions GmbH

Email address: privacy@wundermobility.com

Postal address: Hongkongstrasse 2-4, 20457, Hamburg, Germany

18. Other privacy policies

Job applicant privacy policy