Data protection & liability

The ZF [pro]Points-Loyalty Programme  is operated by ZF Friedrichshafen AG, ZF Aftermarket (“we”/ ”us”). ZF Friedrichshafen AG is acting as data controller with respect to the collection and the processing of personal data as described in this Privacy Policy.

We take security and protection of your personal data very seriously. When participating in the ZF [pro]Points-Loyalty Programme, we gather certain personal data from you, or you will make certain personal data available to us. This Privacy Statement explains how we use and disclose this personal data and answers specific questions that you may have regarding privacy and security.

Please therefore read the following conditions carefully to understand our views and practices concerning personal data and our treatment of it.

This Privacy Statement applies to all personal data collected by or submitted to us. "Personal data" is any information relating to a living individual which can be identified.

We may collect personal data on the following occasions:

  • Data that you submit by filling out forms on our website This includes data you send us when registering to use our website, subscribing to our services, publishing content, as well as requesting additional services. Occasionally we also ask for data if you take part in a game of chance or an advertising event sponsored by us, register to participate in marketing activities, sign up for our newsletter or have a problem concerning our website.
  • If you make contact with us, we can keep a file of our correspondence with you.
  • We also occasionally ask you to fill out questionnaires for marketing and opinion research purposes, where your answers are voluntary.
  • Details about transactions (i.e. corporate name, individual contact name, postal address, email address, telephone and/or fax address) made by you on our website as well as the fulfillment of premiums ordered by you.
  • Details of your visits to the website (especially data on communication such as date and time of your visit, your browser version, web-logs and other data, required for our own purposes to send an invoice).

When entering our website, we may also record the IP address you use to connect to the internet. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet.

We process the personal data provided by you for the following purposes:

  • to operate our websites, in particular to ensure that the content of our website is presented in the most effective way for you and your computer and to analyse possible errors,
  • to prepare information, products and services you have requested from us,
  • to fulfill our obligations resulting from agreements with you, to provide service and support in connection with the ZF [pro]Points-Loyalty Programme and to carry out the transactions you have requested;
  • to enable you to take part in interactive features of our services if you so desire,
  • to respond to your inquiries and fulfill your requests,
  • to provide you promotional materials and to inform you about products and services that may be of interest to you (but only if you have chosen to receive such promotional materials and information from us) and
  • for own security purposes.

We base the above-mentioned processing activities of your personal data on the following legal basis:

  • Where you have given consent to the processing of your personal data, we base the processing activities on Art. 6 (1) (a) GDPR.
  • Where the processing is necessary for the performance of the ZF [pro]Points-Loyalty Programmeor other contracts with you or in order to take steps at your request prior to you entering the ZF [pro]Points-Loyalty Programme or another contract, we base the processing activities on Art. 6 (1) (b) GDPR.
  • Where the processing is necessary for compliance with a legal obligation to which we are subject we base the processing activities on Art. Art. 6 (1) (c) GDPR.
  • Where the processing is based on our legitimate interest, i.e. because of technical necessity, for web analytics and statistics to monitor, to improve and protect our content, services and websites; for providing website customized experience, we base the processing activities on Art. 6 (1) f) GDPR. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.

We will share your personal data with our group company ZF Friedrichshafen AG who is assisting us to run the Programme.

Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. In particular, we use third party providers of website hosting, maintenance and marketing services. OneOne of our service providers is Loyalty Prime India Pvt. Ltd. (India) who provides hosting services to us and support in operating the Programme. Loyalty Prime is acting on our behalf as our data processor and only in accordance with our instructions (subject to strict contractual obligations as required by law).

In the event that the business is sold or integrated with another business, your details may (subject to the applicable laws) be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

Moreover your personal data can be transferred to third parties, in case we are legally obligated to reveal your personal data or to carry out or apply our terms of use (see general terms and conditions of the ZF [pro]Points-Loyalty Programme) or other terms under contract with you, or to safeguard the rights, property and security of us, and of our customers and others.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses (like in case of Loyalty Prime India Pvt. Ltd.), or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to our data protection officer (see details below).

In case we collect and process your personal data on basis of consent, we will inform you respectively in a separate document.

Wherever we rely on your consent, you will always be able to withdraw that consent (e.g. by informing us respectively by), although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us at

We collect certain information by automated means when you visit our website, using technologies such as cookies.

When you visit our website, you should be aware that we use cookies. Cookies are small text files sent to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. These text files do, for example, allow us (i) to save the country and the language settings, (ii) to help us to optimize our website and to analyse possible errors (iii) to store information about your preferences and thus adapt our website according to your individual interests and (iii) enable us to detect certain kinds of fraud. We use both session cookies (for session-tracking purposes) as well as permanent cookies (for country and language selection).

You can prevent the storage of any cookies by activating a suitable setting on your browser. If you choose this setting, you may then not be able to access certain pages on our website and/or to complete certain activities on our websites.

For more information, please see our Cookie-Policy

The security of your data is very important to us we have implemented an information and data security program that contains administrative, technical (such as industry-standard encryption technology) and physical controls that are designed to reasonably safeguard your personal data. Unfortunately, the transmitting of data over the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data submitted on our website. Everything entered is at your own risk. As soon as we receive your data, we apply strict procedures and security functions to prevent unauthorized access as much as possible.

You have the right to access your personal data (Art. 15 GDPR); to correct, delete or restrict (stop any active) processing of your personal data (Art. 16- 18 GDPR); and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller (Art. 20 GDPR).

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing - Art. 21 GDPR)).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

The easiest way to access and update the information you provided to us is to log into your account. To exercise any of the above-mentioned rights, you can get in touch with us – or our data protection officer – using the details set out below. When addressing us, please always provide your name, address and/or email address as well as detailed information about the change you require.

If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at or by writing to ZF Friedrichshafen AG, ZF Aftermarket, Garage Marketing, Obere Weiden 12, 97424 Schweinfurt, Germany. You can also get in touch with our data protection officer:

We will retain your personal data only for limited period of time needed to fulfil the purposes of processing mentioned above. After that time your personal data will be erased. If we process your personal data based on your consent, we will retain your personal data for a limited period of time needed to fulfil purposes of processing.

Where you participate in the ZF [pro]Points-Loyalty Programme, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned, technical necessities. Laws may require us to hold certain information for specific periods.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

In other cases, we may retain data for an appropriate period after any relationship with you ends to protect itself from legal claims, or to administer its business.

Any changes we make in the future to our data protection guidelines will be announced on this page and communicated to you by e-mail as necessary.

If you have any questions about the processing of your personal data, please feel free to contact us at