Privacy
Version: 2.0 | 14 June 2024
Archive:
Privacy Version 1.1 | 02.04.2022
Privacy Version 1.0 | 06.12.2020
Links:
Allgemeine Geschäftsbedingungen und Datenschutz für den zusätzlichen THG-Service
Preamble
We, TRONITY GmbH, Julius-Hatry-Straße 1, 68163 Mannheim (hereinafter “TRONITY”), take the protection of your personal data seriously and would like to take this opportunity to inform you about data protection in our company.
When you use TRONITY, we process personal data about you through the cloud software or SaaS.
As part of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter “GDPR”) in order to ensure the protection of personal data of the person affected by processing.
Insofar as we decide either alone or jointly on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and Art. 14 GDPR). With this declaration, we inform you about the way in which your personal data is processed by us.
2. General
a. Definition
Following the example of Art. 4 GDPR, this data protection notice is based on the following definitions:
- “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person. A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity.
- “Processing” (Art. 4 No. 2 GDPR) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor” (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Third party” (Art. 4 No. 10 GDPR) means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- “Consent” (Art. 4 No. 11 GDPR) of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
b. Amendment of the data protection information
As part of the further development of data protection law as well as technological or organizational changes, our data protection information is regularly checked for the need for adjustments or additions. You will be informed of any changes. This data protection notice was last updated on June 14, 2024.
3. Information on the processing of data
a. Collection of personal data concerning you
When you use the cloud software or SaaS TRONITY, we collect personal data about you. Personal data is all data that relates to your person (see above under General)
b. Legal foundation for data processing
In principle, the processing of personal data is prohibited by law and is only permitted if one of the justifications in Art. 6 I GDPR applies. This stipulates that processing is permitted if
- the data subject has given consent to the processing (Art. 6 I S.1 lit. a GDPR),
- the processing is necessary for the performance of a contract (Art. 6 I S.1 lit. b GDPR),
- the processing is necessary for compliance with a legal obligation (Art. 6 I S.1 lit. c GDPR),
- processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 I S.1 lit. A GDPR),
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 I S.1 lit. e GDPR),
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Art. 6 I S.1 lit. f GDPR).
c. Data collected during use
We can only provide you with the benefits of our cloud software or SaaS if we collect certain personal data required for the operation of the software when you use it. We only collect this data if this is necessary for the fulfillment of the contract between you and TRONITY (ART. 6 I S. lit. b GDPR). Furthermore, we collect this data if this is necessary for the functionality of the software and your interest in the protection of your personal data does not outweigh this (Art. 6 I S.1 lit. f GDPR) or if you consent to the collection and processing (Art. 6 I S.1 lit. a GDPR).
We collect the following data from you automatically:
- Name of the retrieved file
- Date and time of access
- Amount of data transferred
- Message as to whether the retrieval was successful
- Description of the type of web browser used
- Operating system used
- The previously visited page
- Provider
- Your IP address
This data is automatically transmitted to TRONITY, but not stored, in order to provide you with the service and the associated functions, to improve the functions and performance features of TRONITY and to prevent and eliminate misuse and malfunctions. This data processing is justified in accordance with Art. 6 I lit. b GDPR for the fulfillment of the contract between you and TRONITY or in accordance with Art. 6 I lit. f GDPR to maintain the functionality and error-free operation of TRONITY in consideration of your rights and interests.
We collect the following data to create your user account, log in and use it:
- Your name
- Your e-mail address
- Password or password creation
- (optional) Referral code
We use this data to authenticate you when you log in and to follow up on password reset requests. This data is processed and used by us to verify your authorization to manage the user account, to enforce the terms of use and the associated rights and obligations and to contact you should technical or legal notices, updates, security messages or anything else be necessary.
The vehicle connection data is used by TRONITY to connect your vehicle to TRONITY and to collect and process the vehicle data. Data on the connection with the vehicle:
- Manufacturer
- VIN, if applicable
- Model and battery size
- To authenticate the active user in the vehicle and thus the legitimate recipient of the usage data (hereinafter referred to as vehicle data), the respective access data (user name/email and password) must be entered at the manufacturer (not TRONITY). Depending on the manufacturer, the connection must be confirmed and, depending on the manufacturer, can be revoked there. The data connection can also be revoked by TRONITY.
This data processing is justified in accordance with Art. 6 I lit. b GDPR for the fulfillment of the contract between you and TRONITY or in accordance with Art. 6 I lit. f GDPR to maintain the functionality and error-free operation of TRONITY in consideration of your rights and interests.
Vehicle data that TRONITY has collected and displays via the relevant interface of the respective manufacturer can be processed by you. The information collected by us is in particular (but depends on the vehicle manufacturer):
- Vehicle status
- Software version
- Raw data relating to trips (including GPS data)
- Raw data regarding charges
This data processing is justified in accordance with Art. 6 I lit. b GDPR for the fulfillment of the contract between you and TRONITY. TRONITY may process non-personal data that has been aggregated or anonymized so that it cannot be used to identify a person. This data is used for corresponding functions and evaluations, which are necessary in particular for cross-user evaluations.
Optional functions of TRONITY can be activated and deactivated by you as a user. If a function has been activated, your consent is deemed to have been given in accordance with Art. 6 I lit. a GDPR. This consent can be revoked at any time by deactivating the function. In particular, optional functions of TRONITY are the newsletter and individual additional functions offered by third-party providers.
Your data will only be forwarded to third-party providers with your explicit consent in accordance with Art. 6 I lit. a GDPR.
d. Period of data storage
We delete your personal data as soon as it is no longer required for the purposes for which we collected or used it. As a rule, we store your personal data for the duration of the usage or contractual relationship for the software. Your data is always stored on our servers in Europe.
However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings.
Third parties engaged by us will store your data on their system for as long as is necessary for us in connection with the provision of the service in accordance with the respective order.
Legal requirements for the storage and deletion of personal data remain unaffected by the above. If the statutory retention period expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
e. Data security
We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach for the data subject. Our security measures are continuously improved in line with technological developments.
f. No automated decision-making
We do not intend to use personal data collected from you for automated decision-making.
g. Change of purpose
Your personal data will only be processed for purposes other than those described if this is permitted by law or if you have consented to the changed purpose of the data processing.
4. Responsibility for their data and contacts
We are the controller responsible for the processing of your personal data in accordance with Art. 4 No. 7 GDPR:
TRONITY GmbH; Julius-Hatry-Straße 1, 68163 Mannheim; e-mail: datenschutz@tronity.io
Our company data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection. Please contact him if you have any questions or comments, in particular regarding your rights or the processing of your personal data. His contact details are:
Tim Steininger, dapex – data protection experts, SH Beratung und Beteiligung UG (haftungsbeschränkt), AG Darmstadt HRB 96327, Heinrich-Hertz- Str. 2A, 64295 Darmstadt, e-mail: steininger@dapex.eu.
All personal data that you provide in the course of contacting us will be stored by us so that we can reply.
5. Data processing by third parties
a. Order data processing
It may be the case that contracted service providers are used for individual functions of our software. Your personal data will only be passed on without your express prior consent if this is permitted or required by law. These service providers act in accordance with our instructions and are contractually obliged to comply with data protection regulations in accordance with Section 28 GDPR.
The following categories of recipients, who are regularly processors, will have access to your personal data:
- Service providers for the operation of our software and the processing of data stored by the systems (data center services, payment processing, IT security). If these are not processors, the legal basis for the transfer is Art. 6 I S.1 lit. b or lit. f GDPR.
- Government bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis is Art. 6 I S.1 lit. c GDPR.
- Persons engaged to carry out our business operations (auditors, banks, insurance companies, legal advisors, supervisory authorities). The legal basis is Art. 6 I S.1 lit. a or lit. f GDPR.
The following providers are consulted by TRONITY.
- The payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. TRONITY passes on the information provided during the ordering process to this provider, together with information about your order (name, address, SEPA direct debit mandate or credit card number, invoice amount, currency and period of use) in accordance with Art. 6 para. 1 lit. b GDPR. The data is passed on exclusively for the purpose of payment processing with the payment service provider and only insofar as this is necessary for this purpose.
- TRONITY uses the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to differentiate whether an entry is made by a natural person or is misused by machine and automated processing. The service includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual responsibility on the Internet and avoiding abuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA. In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has been certified for the US-European data protection agreement “Data Privacy Framework”.
- For TRONITY we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called cookies, which are text files that are stored on your computer and enable your use of TRONITY to be analyzed. The information generated by the cookie about your use of TRONITY (including the shortened IP address) is usually transmitted to a Google server and stored there; it may also be transmitted to the servers of Google LLC. in the USA. Google will use this information on our behalf to evaluate your use of TRONITY, to compile reports on the activities on TRONITY and to provide us with further services associated with the use of TRONITY and the use of the Internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. In the event that personal data is transmitted to Google LLC. Based in the USA, Google LLC. has been certified for the US-European data protection agreement “Data Privacy Framework”. Your personal data will be deleted or anonymized after 14 months.
- Newsletters and system e-mails are sent via Mailjet, an e-mail dispatch platform of the company Mailjet, a simplified joint-stock company under French law (“Société par actions simplifiée”), registered in the Paris Trade and Companies Register under number 524 536 992, with registered office at 13-13bis, rue de l'Aubrac - 75012 Paris. The e-mail addresses of our e-mail recipients, as well as their other data described in this notice, are stored on Mailjet's servers in the EU. Mailjet uses this information to send and analyze the newsletter on our behalf. Furthermore, Mailjet may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, Mailjet does not use the data of our e-mail recipients to write to them itself or to pass it on to third parties.
- We use the Customer Relationship Management (CRM) service of Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, USA, for customer care at TRONITY. The legal basis for the use of this service is Art. 6 para. 1 lit. f GDPR - legitimate interest. Our legitimate interest in using this service is to be able to answer user queries quickly and efficiently. Zendesk only uses your data to forward your inquiries to us. Your data will not be passed on to third parties. The use of Zendesk is optional. If you do not agree to Zendesk collecting your data, we offer you alternative contact options for submitting service requests by telephone or post.
- Weather information is added via OpenWeather, a service provided by OpenWeather Ltd30 St Mary`s Axe, The City Of London, London, Greater London, EC3A 8BF, United Kingdom. The legal basis for the use of this service is Art. 6 I lit. b GDPR for the fulfillment of the contract between you and TRONITY.
- GPS data is resolved via Mapbox, a service provided by Mapbox Inc, Washington, 750 15th St NW, USA. The legal basis for the use of this service is Art. 6 I lit. b GDPR for the fulfillment of the contract between you and TRONITY.
- If required or optional or voluntary, contact forms, surveys and registrations can be made. These data are stored by Webflow, a service provided by Webflow Inc, a Delaware corporation located at 398 11th Street, Floor 2, San Francisco, CA 94103, USA. The legal basis for the use of this service is Art. 6 I lit. a GDPR consent between you and TRONITY.
- If required or optional, social messaging services can be integrated. This integration takes place via a Unified Messaging API, a service of MessengerPeople GmbH (limited liability company), Herzog-Heinrich-Str. 9, 80336 Munich, Germany. The legal basis for the use of this service is Art. 6 I lit. a GDPR consent between you and TRONITY.
- If required or optional, the Threema social messaging service can be integrated. This integration takes place via a Threema. Gateway, a service of Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland. The legal basis for the use of this service is Art. 6 I lit. a GDPR consent between you and TRONITY.
b. Requirements for the transmission of data to third countries
As part of our business relationship, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area. Such processing takes place exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with TRONITY.
The European Commission certifies that some countries have a level of data protection comparable to the EEA standard through so-called adequacy decisions. In other third countries to which personal data may be transferred, however, there may not be a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 I, II lit. c GDPR, certificates or recognized codes of conduct.
c. Legal obligation to transmit certain data
We may be subject to a specific legal or statutory obligation to make the lawfully processed personal data available to third parties.
6. Your rights
To assert your rights, please contact our company data protection officer.
a. Right to obtain information
You have the right vis-à-vis TRONITY within the scope of Art. 15 GDPR to obtain information about the personal data concerning you.
b. Right to object to data processing and to revoke consent
In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. In this case, we will cease processing unless TRONITY can demonstrate compelling legitimate grounds for the processing.
In accordance with Art. 7 III GDPR, you have the right to revoke your consent to us at any time. In this case, data processing will no longer be continued.
c. Right to correction and erasure
If personal data concerning us is incorrect, you have the right to demand that we correct it immediately in accordance with Art. 16 GDPR.
Under the conditions specified in Art. 17 GDPR, you have the right to demand that TRONITY erase personal data concerning you.
d. Right to restriction of processing
You have the right under Art. 18 GDPR to demand that we restrict the processing of your personal data.
e. Right to data portability
According to Art. 20 GDPR, you have the right to receive from TRONITY the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the requirements.
f. Right to file a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to file a complaint with the competent supervisory authority about the collection and processing of your personal data. You can reach the responsible supervisory authority using the following contact details:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg; P.O. Box 10 29 32, 70025 Stuttgart; Tel. +49711/615541 - 0; e-mail poststelle@lfdi.bwl.de