Documentation · Privacy, Security and Compliance

GDPR / DSGVO Notes

This document summarizes how the ADP Car Market Hub plugin's features relate to the EU General Data Protection Regulation (GDPR) and its German / Austrian implementation (Datenschutz-Grundverordnung, DSGVO). It is meant as a practical reference for site operators who run a vehicle dealership website inside the EU/EEA.

This document is not legal advice and does not guarantee compliance. Final legal assessment depends on the site setup, the configured features, the consent implementation and the applicable national rules. Site operators should review their specific obligations with their own legal advisor or Data Protection Officer.

When to use this document

Use this document when you need to:

Prepare a GDPR or DSGVO record of processing activities for a site that uses the plugin.
Draft or review the privacy notice section for vehicle inquiries, search alerts and built-in analytics.
Decide whether to enable optional features (analytics, AI assistant) on an EU/EEA site.
Document data subject rights handling for inquiries and search alert subscriptions.

Overview

The plugin is a WordPress plugin that imports vehicle listings and provides visitor-facing features such as inquiries, favorites, comparison, search alerts and optional analytics. From a data protection perspective, the relevant categories of personal data handled by the plugin are:

Inquiry leads — name, email, optional phone number and message submitted through the contact or test-drive form, plus the related vehicle and the source URL.
Search alert subscriptions — email address (and optional name) together with the visitor's chosen search criteria, used for the double-opt-in matching engine.
Analytics events — when enabled, aggregated event records (event type, vehicle ID and timestamp). The analytics table does not store IP addresses, user identifiers or cookies on the server side.

Vehicle listings, vehicle images and most plugin settings are not personal data of website visitors; they are operational data of the dealership.

For a complete inventory of stored data, see Data Storage Overview.

The mapping below describes how plugin behavior relates to common GDPR / DSGVO principles. It is informational and does not replace a project specific assessment.

Lawfulness, fairness and transparency

The plugin exposes a configurable consent checkbox on the inquiry form (label and required state are configurable in the plugin settings).
A configurable Privacy page URL can be linked from the consent label; the operator is responsible for the actual privacy notice content.
The search alert subscription form uses an enforced double opt-in workflow: the subscription only becomes active after the subscriber clicks the confirmation link sent by email.
Built-in analytics are off by default. When enabled, an optional Require consent setting can gate every tracking call through the as24ci_analytics_consent_check filter, allowing integration with a consent management plugin.

Purpose limitation

Inquiry data is captured for the purpose of responding to a vehicle inquiry or test-drive request; the plugin does not transmit lead data to any third party.
Search alert data is captured for the purpose of sending notification emails about newly imported matching vehicles.
Analytics events are captured for the purpose of internal site analytics (page views and, optionally, business-intelligence events).

Data minimization

The lead form supports hiding optional fields (Phone, Message). Only Name and Email are mandatory.
The submitter's IP address is not stored with leads. A salted SHA-256 hash of the IP is used only for short-lived in-memory rate limiting through a WordPress transient (5 submissions per IP per 5 minutes).
The analytics table stores only an event type, an optional minimized payload, a vehicle ID and a timestamp. It does not store IP addresses, user identifiers or cookies on the server side.
A Filter data minimization option (on by default) strips free-text search keys (s, search, q) from the analytics filter-search payload before it is written. The blocklist can be extended using the as24ci_analytics_filter_blocked_keys filter.
Search alert criteria are validated against a fixed list of allowed keys; unknown keys are dropped during sanitization.

Accuracy

Administrators can edit search alert subscriptions (name, email, criteria, status) from the Search Alerts admin tab.
Lead data can be reviewed and updated (status field) from the Leads admin tab.

Storage limitation

Analytics events are subject to a configurable retention window (default 180 days, minimum 7 days). A daily WP-Cron event removes rows older than the cutoff. See Analytics Retention.
Leads and search alert subscriptions do not have a built-in automatic retention period. The site operator is responsible for deleting data that is no longer needed.
Browser-side favorites are stored in the visitor's localStorage only and are never persisted on the server.

Integrity and confidentiality

Admin actions are protected by WordPress capability checks (the plugin's manage_as24_imports capability) and nonces. See Access Control and Capabilities and Security Recommendations.
The plugin's logger masks token=…, client_secret=… and Authorization: Bearer … fragments before writing to the log file (defence in depth). Logs are stored in a dedicated subdirectory of the WordPress uploads folder, protected by an .htaccess and an empty index.php.

Accountability

The plugin provides administrative views (Leads admin tab, Search Alerts admin tab, analytics admin tab) that allow operators to inspect what is stored and to act on it.
A one-click purge action removes all analytics rows on demand, regardless of whether analytics is currently enabled.

Data subject rights — practical handling

The plugin does not register a WordPress personal-data exporter or eraser hook. Operators are expected to handle data subject requests manually using the built-in admin tools. Verify this behavior in the current plugin version before publishing process documentation that depends on it.

Right	How to handle with the plugin
Information / transparency	Document the categories listed in Data Storage Overview in your privacy notice. Use the consent label and Privacy page URL settings on the lead form.
Access	Search the requester's email or name in the Leads admin tab and the Search Alerts admin tab. Use the CSV export action in the Leads tab to provide a copy.
Rectification	Edit the affected lead status or search alert record from the corresponding admin tab.
Erasure	Delete the matching lead (Leads tab) and/or search alert (Search Alerts tab). Trigger the analytics purge action if applicable.
Restriction	Set a search alert subscription's status to `paused` or `inactive` to stop notifications without deleting the record.
Objection	For analytics, disable analytics tracking site-wide, or rely on the consent integration to block individual visitors.
Withdraw consent (search alerts)	The unsubscribe link in every notification email sets the subscription's status to `inactive` immediately.

Configuration reference

The settings most relevant for GDPR / DSGVO posture are:

Setting	Where	Notes
Consent checkbox enabled	Lead form settings	Shows the consent checkbox on the inquiry form.
Consent checkbox label	Lead form settings	Free-text label written by the operator.
Privacy page URL	Lead form settings (`as24ci_lead_privacy_url`)	Optional URL to the site's privacy notice.
Analytics enabled	Analytics settings	Master switch; off by default.
BI tracking enabled	Analytics settings	Enables non page-view events when analytics is on.
Require consent	Analytics settings	Gates tracking through the `as24ci_analytics_consent_check` filter.
Filter data minimization	Analytics settings	Strips free-text search keys from the analytics payload.
Privacy jurisdiction	Analytics settings (`as24ci_analytics_privacy_jurisdiction`)	Selects the privacy framework label for the admin notice (`auto`, `gdpr`, `dsgvo`, `revdsg`, `uk_gdpr`, `generic`). Informational only — does not change which data is collected.
Analytics retention (days)	Analytics settings	Default 180, minimum 7.
Delete data on uninstall	Plugin settings (`as24ci_delete_data_on_uninstall`)	When on, vehicle posts, lead posts and plugin pages are also removed on uninstall. The analytics, search agent and Content Studio tables are dropped on uninstall in any case.

Operational notes

Email transport. All plugin emails (lead notifications, customer confirmations, search alert confirmations and notifications) use WordPress's wp_mail. Email content typically contains personal data, so the configured mail transport (the site's SMTP service or hosting provider) becomes a processor for that content. Operators should ensure the transport is appropriate and, where applicable, covered by a data processing agreement.
AutoScout24 Hub API. The plugin connects to the AutoScout24 Hub API to import vehicle listings using credentials configured by the site operator. The plugin does not send personal data of website visitors to that API.
Optional AI assistant. The AI assistant feature uses the managed Google Gemini configuration in ADP Car Market Hub. No provider selection, model selection or API key entry is required in the WordPress backend; customer-specific AI provisioning is completed by AD Promotion after installation. Any prompts sent through that feature are transmitted to the managed Gemini endpoint. Disable the AI assistant if such transfers are not desired. Review the applicable data processing and contractual terms for the managed AI setup before enabling AI features in production.
Hosting and backups. Standard WordPress backups will include lead posts, analytics events and search alert subscriptions. Define backup retention with this in mind.
Multisite. On uninstall, the cleanup routine iterates over all sites in the network and removes the plugin's tables and options for each site.
Privacy jurisdiction selector. The Privacy jurisdiction setting changes only the framework label shown in the plugin's analytics notice; it does not change the data collected.

Read Data Storage Overview and identify which data categories actually apply to the site (some only appear when the corresponding feature is enabled).
Update the site's privacy notice to describe inquiry handling, search alerts and (if enabled) analytics. Reference the dealership as the controller and any processors used for email delivery.
In the lead form settings, set the Privacy page URL and configure a consent label that matches your privacy notice.
If analytics is enabled, decide on a consent strategy: - Either enable Require consent and integrate a consent management plugin via the as24ci_analytics_consent_check filter, - Or document an alternative legal basis with your legal advisor.
Set the Analytics retention (days) to a value approved by your privacy review.
Document an internal process for deleting old leads and stale pending search alert subscriptions.
Decide whether to enable Delete data on uninstall for your environment, balancing data minimization against operational risk.

Troubleshooting

Visitor asks for a copy of their inquiry data — search the Leads admin tab by email or name and use the CSV export action, optionally before deleting the lead.
Visitor asks to be removed from search alerts — they can use the unsubscribe link in any notification email; alternatively delete or set the subscription status to inactive in the Search Alerts admin tab.
Analytics row count grows beyond the configured retention window — confirm WP-Cron is running and that the daily cleanup event (as24ci_daily_cleanup) is scheduled.
Privacy jurisdiction label does not match reality — change the Privacy jurisdiction setting from auto to the correct value (gdpr, dsgvo, revdsg, uk_gdpr or generic).