The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

MB GTC GmbH (“We”)

Mercedes-Benz Gebrauchtteile Center

Mörikestraße 60-70

D-73765 Neuhausen a.d.F.



Data protection officer:

Mercedes-Benz Group AG

Chief Officer Corporate Date Protection

HPC E600

D-70546 Stuttgart



  1. Data protection 

    Thank you for visiting our website and for your interest in our offers. The protection of your personal data is an important concern for us. In this privacy policy, we explain how we collect your personal data, what we do with it, for which purposes and on which legal basis this is done, and which rights and claims are associated with it for you. In addition, we refer to the Mercedes-Benz Data Protection Policy:

    Mercedes-Benz-Data Protection Policy

    Our privacy statement relating to the use of our websites nor the Mercedes-Benz Group AG data protection policy do not apply to your activities on social network websites or websites belonging to other providers that you can access via links available on our websites. Please refer to the websites belonging to these providers for information about their data protection policies.

  2. Collecting and processing your personal data

    1. Whenever you visit our websites, we store certain information about the browser and operating system you are using, the date and time of your visit, the access status (e.g. whether you were able to access a website or whether you received an error message), the use of the various features of the website, any search terms you may have entered, how often you access individual websites, the names of files that you access, the volume of data transferred, the website from which you accessed our websites, and the website that you next visit from our websites, whether by clicking on links on our websites or entering a domain directly into the input field of the same tab (or the same window) of your browser that you used to open our websites. In addition, we store your IP address and the name of your internet service provider for a period of seven days for security reasons, in particular in order to prevent and detect attacks on our websites and attempted fraud.

    2. Other personal data will only be processed if you provide this data, for example, as part of a registration, a contact form, a chat, a survey, a competition or for the performance of a contract, and even in these cases only to the extent permitted by the consent you have given or in accordance with the applicable legal provisions (see clause 7).

    3. You are not legally or contractually obliged to provide your personal data. However, certain features of our websites may depend on us being able to access your personal data. If you do not provide personal data in these cases, certain features may not be available to you or will only be available to a limited extent.

  3. Purposes of use

    1. We use the personal data that we collect when you visit our websites in order to operate them as conveniently as possible for you and to protect our IT systems from attacks and other illegal activities.

    2. If you share further personal data with us, e.g. if you register with us, complete a contact form or a survey, enter a competition or enter into a contract with us, we shall use this data for the aforementioned purposes, for customer management purposes and – where necessary – for the purposes of processing and invoicing any business transactions; in each case to the extent required for this purpose.

    3. We and, if applicable, selected third parties will use your data for other purposes (such as the display of personalized content or advertising based on your usage behavior), provided that you give your agreement (= consent) to do so within the framework of our Consent Management System. For further information and decision-making options, please see “Cookie settings” in the footer at the very bottom of the website.

    4. In addition, we use personal data if we are legally obliged to do so (for example, storage for the fulfilment of commercial or tax law retention obligations, release according to official or court orders, e.g. to law enforcement agency).

  4. Transferring personal data to third parties; social plugins; use of service providers

    1. Our websites may also contain third-party offers. If you click on one of these offers, we shall transfer data to the respective provider to the extent necessary (e.g. the information that you came across this offer on our website and, if applicable, further information that you have already entered on one of our websites for this purpose).

    2. If we use so-called “social plugins” of social networks such as Facebook, Twitter, and Google+ on our websites, we embed these as follows:
      When you visit our websites, the social plugins are deactivated, i.e. no data whatsoever is transferred to the operators of these networks. If you would like to use one of the networks, click on the relevant social plugin and you will be connected directly to the server of the network in question.
      If you have a user account for the network and are logged in there at the time the social plugin is activated, the network can assign your visit to our websites to your user account. If you wish to prevent this, please log out of the network before activating the social plugin. A social network cannot assign a visit to other Mercedes-Benz Group AG websites until you have also activated a social plugin available there.
      When you activate a social plugin, the network transfers the content that becomes available as a result directly to your browser, which then embeds this content in our websites. In this situation, data transmission may also take place that is initiated and controlled by the respective social network. It is exclusively the data protection policy of the respective network that is applicable to your connection to a social network, the transmission of data between the network and your system, and your interactions on this platform.
      The social plugin will remain active until you deactivate it or delete your cookies (See Clause 5. d).

    3. When you click on a link to an offer or activate a social plugin, it may be that personal data is transferred to providers in countries outside the European Economic Area, which, from the perspective the European Union (“EU”), do not ensure an “adequate level of data protection” that meets EU standards for the processing of personal data. Please take this into consideration before clicking on a link or activating a social plugin, thereby initiating the transfer of your data.

    4. We also use qualified service providers (such as IT service providers, marketing agencies) in order to operate, optimize and secure our websites. We only pass on personal data to them insofar as this is necessary for the provision and use of the websites and their functionalities, for the pursuit of legitimate interests, for the fulfilment of legal obligations, or insofar as you have consented to this (see Clause 7). You can find more details about the recipients in our Consent Management System under “Cookie settings” in the footer at the very bottom of the website.

  5. Cookies

    1. Cookies may be used when you visit our websites. Technically, these are so-called HTML cookies and similar software tools such as web/DOM storage or local shared objects (so-called “flash cookies”), which we refer to collectively as cookies.

    2. Cookies are small files that are stored on your desktop, notebook or mobile device while you are visiting a website and are read later. From this, it is possible, for example, to determine whether there has already been a connection between the device and the websites, to take into account your preferred language or other settings, to offer you certain functionalities (e.g. online store, vehicle configurator), or to identify your interests based on usage. Cookies may also contain personal data.

    3. Whether and which cookies are used when you visit our websites depends on which areas and functions of our websites you use and whether you consent to the use of cookies that are not technically necessary in our Consent Management System. For further information and decision-making options, please see “Cookie settings” in the footer at the very bottom of the website.

    4. The use of cookies also depends on the settings of the web browser you use (for example Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies. However, you can usually change this setting. You can delete existing cookies at any time. You can delete Web/DOM storage and local shared objects separately. To find out how this works in the browser or device you are using, please refer to the manufacturer's instructions.

    5. The agreement (= consent) to accept, reject, or delete cookies is bound to both the device you're using and the respective web browser. If you use several devices or web browsers, you can configure the decisions or settings differently for each.

    6. If you choose to opt out of using cookies or delete them, you might not have access to all the functions on our websites, or individual functions may only be available to a limited extent.

  6. Security

    We use technical and organizational security measures in order to protect the data managed by us against manipulation, loss, destruction and against access by unauthorized individuals. We continuously improve our security measures in line with technological developments.

  7. Legal basis for processing

    1. Insofar as you have given us your consent to the processing of your personal data, this constitutes the legal basis for processing (Article 6 (1) (a) GDPR).

    2. For a processing personal data for the purpose of initiating or fulfilling of a contract with you is Article 6 (1) (b) GDPR.

    3. Insofar as the processing of your personal data is necessary for the fulfillment of our legal obligations (e.g. for data retention), we are authorized to do so pursuant to Article 6 (1) (c) GDPR.

    4. In addition, we process personal data for the purposes of pursuing our legitimate interests as well as the legitimate interests of third parties pursuant to Article 6 (1) (f) GDPR. Maintaining the functionality of our IT systems, the (direct) marketing of both our own and third-party products and services, and the legally required documentation of business contracts are such legitimate interests. Within the framework of the necessary balancing of interests in each case, we particularly take into account the type of personal data, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal data.

    5. The storage and retrieval of cookies in accordance with Clause 5 c. is based on § 25 TTDSG (Telecommunications Telemedia Data Protection Act) (in Germany) and § 165 (3) TKG (Telecommunications Act) (in Austria).

  8. Deleting your personal data

    We delete your IP address and the name of your internet service provider, which we only store for security reasons, after seven days. Otherwise, we delete your personal data as soon as the purpose for which we collected and processed it no longer applies. After this point in time, your data will only be stored insofar as this is required by the laws, regulations or other legal provisions to which we are subject in the EU or in accordance with legal provisions in third countries, if an appropriate level of data protection is provided there in each case. Insofar as deletion is not possible in individual cases, the corresponding personal data will be marked with the aim of restricting its future processing.

  9. Rights of the data subject

    1. As a data subject, you have a right of access (Article 15 GDPR), a right to rectification (Article 16 GDPR), a right to data erasure (Article 17 GDPR), a right to restriction of processing (Article 18 GDPR) and a right to data portability (Article 20 GDPR).

    2. If you consented to the processing of your personal data by us, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of the processing of your personal data based on consent before its withdrawal. Moreover, your withdrawal of consent will not affect the further processing of this data on a different legal basis, e.g. in order to fulfil legal obligations (see “Legal basis for processing” section).

    3. Right to object
      You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6, paragraph 1, point e GDPR (data processing carried out in the public interest) or Article 6, paragraph 1, point f GDPR (data processing on the basis of a balance of interests). If you object, we shall only continue to process your personal data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing to protect legitimate interests on the basis of a balance of interests, you also have the right to object to this at any time without stating reasons.

    4. If possible, we ask you to send your claims or declarations to the following contact address:

    5. If you consider that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR).

  10. Newsletter

    If you subscribe to a newsletter offered on our website, the data provided during the newsletter registration will only be used for sending the newsletter, unless agree to further use. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.

  11. Central Access Service of Mercedes-Benz Group AG

    With the central access service of Mercedes-Benz Group AG, you can log in to all of the websites and applications of the Mercedes-Benz Group AG and its brands associated with this service. The terms of use applicable to this service contain special data protection regulations. You can view these terms of use on the respective login pages of the associated websites and applications.

  12. Data transfer to recipients outside the European Economic Area

    1. When using service providers (see Clause 4. d) and passing on data with your agreement (= consent) to third parties (see Clause 3. c), personal data may be transferred to recipients in countries outside the European Union ("EU"), Iceland, Liechtenstein and Norway (= European Economic Area) and processed there, in particular USA, India. You can identify these countries in our Consent Management System, which you can find under “Cookie settings” in the footer at the very bottom of the website.

    2. The following countries are considered by the EU to have an adequate level of protection for the processing of personal data in line with EU standards (so-called adequacy decision): Andorra, Argentina, Canada (restricted), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, South Korea, Uruguay, United Kingdom (UK), United States of America (USA, restricted). With other recipients, we agree to use EU standard contractual clauses, binding corporate rules, or other permissible mechanisms to provide an “adequate level of protection” in accordance with legal requirements. We will be happy to provide your with information in this regard via the contact details provided in Section 9.d.

    3. Last amended: April 2023