Tyre change and the GDPR

  • Author: Niklas Drexler
  • Last updated: 03.07.2023
  • Category: Data Security

Many drivers have probably had a similar experience in recent months. The winter was just around the corner and it was time to change your tyres. During the appointment at the garage, customers were asked to sign a data protection declaration, including consent to be contacted. So far, so good.

When asked, it was explained that without this consent, the service centre is not allowed to inform the customer by phone when their car is ready for collection. So does the GDPR prevent good and desired customer service? Or are there perhaps other legal bases for storing and using necessary personal data?

Naturally! There are six legal bases listed in Article 6(1) of the GDPR, and one of them is legitimate interest. This can be relied upon if the controller, in this case the workshop, has a legitimate interest in calling the customer. This can be expected as it is usually the wish of the customer to be informed. Therefore, at least if the customer voluntarily provides his or her telephone number, the workshop may store and use the customer's telephone number for this purpose. The fundamental rights or freedoms of the customer are not affected because it can be assumed that the workshop will not sell the contact data or use them for advertising purposes against the customer's wishes.

Of course, one can try to question the legitimate interest with many "ifs and buts" or use the principle of data minimisation as an argument when dealing with personal data. However, in our opinion, this does not correspond to the spirit of the regulation. The GDPR was not designed to make life more complicated, but ultimately to protect the individual behind the personal data. And in almost all cases, this individual has an interest in good and uncomplicated service.

3D-illustration, Car time concept
© DesignRage / shutterstock.com | #1312747031

Back to the news overview

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Privacy Policy | Privacy Policy