Privacy
Version: 06 December 2020
Links:
Allgemeine Geschäftsbedingungen und Datenschutz für den zusätzlichen THG-Service
Preamble
The Software-as-a-Service platform TRONITY (hereinafter "Platform") is provided by TRONITY UG (haftungsbeschränkt), Julius-Hatry-Straße 1, 68163 Mannheim (hereinafter "we" or "us") as the controller within the meaning of the applicable data protection law.
Within the framework of the services offered via the Platform, we enable you to store, evaluate and analyse the vehicle data provided.
When using the Platform, we process personal data about you. By personal data is meant all information relating to an identified or identifiable natural person. Because the protection of your privacy when using the Platform is important to us, we would like to use the following information to inform you which personal data we process when you use the Platform and how we handle this data. In addition, we inform you about the legal basis for processing your data and, insofar as processing is necessary to protect our legitimate interests, also about our legitimate interests.
You can download this data protection declaration at any time under the menu item www.tronity.io/privacy innerhalb der Plattform aufrufen.
1. Information on the processing of your data
Certain information is already processed automatically as soon as you use the Platform. In the following we have listed for you exactly which personal data is processed:
1.1 Information that is automatically collected on the Platform
Within the scope of your use of the Platform, we automatically collect certain data that is required for the use of the Platform. These include:
- Name of the retrieved file
- Date and time of retrieval
- data volume transferred
- Message whether the retrieval was successful
- Description of the type of web browser used
- Operating system used
- the previously visited page
- Provider
- your IP address
This data is automatically transmitted to us, but not stored, (1) to provide you with the service and related features; (2) to improve the functions and features of the platform; and (3) to prevent and correct misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you as the data subject and us in accordance with Art. 6 Para. 1 lit. b) GDPR for the use of the platform, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the platform and in being able to offer a service in line with the market and interests, which in this case outweighs your rights and interests in the protection of your personal data in accordance with Art. 6 Para. 1 lit. f) GDPR.
1.2 Creation of a user account (registration) and login
When you create a user account or register, we use your name and e-mail address to grant you access to your user account and to manage it ("Mandatory Information"). This information is required for the conclusion of the user contract. If you do not provide this information, you will not be able to create a user account.
In addition, we require further data (hereinafter referred to as "vehicle access data") such as the vehicle manufacturer and the access data (depending on the manufacturer, user name/email and password or token) which the user uses in the mobile application or the vehicle manufacturer's website in order to connect the vehicle to the platform and to provide our services.
We use the mandatory data to authenticate you when you log in and to respond to requests to reset your password. We process and use the data you enter in the course of registration or login (1) to verify your authorization to manage the user account; (2) to enforce the terms of use of the Platform and all rights and obligations associated with them; and (3) to contact you in order to send you technical or legal notices, updates, security messages or other messages concerning, for example, the management of the user account.
We use the vehicle access data to connect the vehicle with the platform, to collect the vehicle data and to process it on the platform.
This data processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you as data subject and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the platform, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the platform, which outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR.
1.3 Collection of vehicle data and use of the platform
With the vehicle access data provided by the user, the service logs on to the interface offered by the respective vehicle manufacturer. The data of the respective vehicle are collected via the interface (hereinafter referred to as "vehicle data") and processed on the platform for display and evaluation by the user.
Within the framework of the Platform, various evaluations of the vehicle data and other information can be managed and processed.
Vehicle data is the information made available via the interfaces, in particular
- Vehicle master data
- Vehicle status
- Software version
- Routes
- Charges
- Energy Consumption
- Battery information (e.g. capacity)
The processing is carried out exclusively for the purpose of providing the service. This data processing is justified by the fact that the processing is necessary for the fulfilment of the contract between you as a data subject and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the platform.
1.4 Optional features
We offer various optional functions on the platform (e.g. anonymous release of the battery capacity history together with the technical characteristics to allow comparison with identical batteries), which can be individually activated and deactivated by the user. Insofar as the user activates a function on the platform, he also gives his consent (Art. 6 Para. 1 letter a DS-GVO) to the respective data processing. The respective consent can be withdrawn at any time by deactivating the respective function.
1.5 Order our newsletter
Based on your consent (Art. 6 para. 1 a DS-GVO), we will be pleased to inform you about current news on our platform in our newsletter.
To receive a newsletter, you must enter your name and e-mail address and may enter and send further voluntary information. Once you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have provided, in which you must click on a confirmation link to verify the e-mail address you have provided.
Your data will only be stored by us for the purpose of sending our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove your newsletter registration in case of doubt.
You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the footer of the newsletter.
1.6 Use of third-party providers that use vehicle data
We offer the possibility of transmitting vehicle data to third-party provider so that they can use this data to offer you individual functionalities that are specially tailored to your vehicle.
We only transmit your data on the basis of your consent (Art. 6 para. 1 a DS-GVO).
If you visit the website of a third-party provider or use their app, you will be informed via a displayed iframe that you can share vehicle data from TRONITY with this provider. You can find a list of which information is transferred to the respective third party provider in the corresponding iframe.
You give your consent to transmit the information by clicking on "Allow" in this iframe. You can revoke your consent at any time in TRONITY or via email to datenschutz@tronity.io or go to the website or app of the third-party provider and remove the permission to share the relevant information.
For more information about the data processing by the third party provider, please refer to the privacy policy of the respective third party provider. A link to this can be found in the iframe, via which the data transfer can be started.
2. Sharing and transmission of data
Apart from the cases explicitly mentioned in this privacy policy, your personal data will only be shared without your express prior consent if it is legally permissible or necessary.
2.1 If it is necessary for the clarification of an illegal or abusive use of the platform or for legal prosecution, personal data will be forwarded to the law enforcement agencies or other authorities as well as, if applicable, to injured third parties or legal advisors. However, this only happens if there are indications of illegal or abusive behaviour. A transfer can also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obliged to provide information to certain public bodies on request. These are criminal prosecution authorities, authorities that pursue administrative offences that are subject to fines, and the tax authorities.
Any disclosure of personal data is justified by the fact that (1) the processing is necessary to fulfil a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) GDPR in conjunction with (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behaviour or in order to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not prevail.
2.3 In the course of the further development of our business, the structure of our company may change as a result of changes in the legal form, the establishment, purchase or sale of subsidiaries, parts of companies or components. In such transactions, customer information may be transferred together with the part of the business to be transferred. Whenever personal data is transferred to third parties to the extent described above, we ensure that this is done in accordance with this privacy policy and the applicable data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data do not outweigh the protection of your personal data in the sense of Art. 6 para. 1 lit. f) GDPR.
3. Features used
3.1 Payment services
If you decide on the platform to use a payment method of the payment service provider Stripe, the payment processing is carried out via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dub-lin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. You can find more information about the data protection of Stripe under the URL https://stripe.com/de/privacy#translation.
3.2 Google reCAPTCHA
On this platform we also use the reCAPTCHA feature of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The main purpose of this function is to distinguish whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam. In the course of using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
3.3 Web analysis via Google Analytics
On this platform we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses so-called cookies, i.e. text files that are stored on your computer and which enable an analysis of your use of the platform. The information generated by the cookie about your use of the platform (including the abbreviated IP address) is usually transferred to a Google server and stored there, and may also be transferred to the servers of Google LLC. in the USA.
This platform uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes a direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google LLC. server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter f GDPR on the basis of our justified interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the platform, to compile reports on platform activities and to provide us with further services related to the use of the platform and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this platform to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the platform (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the "Privacy Shield" data protection agreement, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on the use of data by Google, setting and objection options, you can find in the privacy policy of Google (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
The users' personal data will be deleted or anonymised after 14 months.
3.4. Newsletter dispatch via Mailjet
The newsletters are sent via "Mailjet", a newsletter distribution platform of the company Mailjet, a simplified joint stock company under French law ("Société par actions simplifiée"), registered with the Paris Trade and Companies Register under number 524 536 992, having its registered office at 13-13bis, rue de l'Aubrac - 75012 Paris
The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of Mail-Chimp in the USA. Mailjet uses this information to send and evaluate the newsletter on our behalf. Furthermore, Mailjet may use this information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of the newsletter or for economic purposes to determine from which countries the recipients come. However, Mailjet does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
The privacy policy of Mailjet can be found here: https://www.mailjet.com/security-privacy/
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from the server of Mailjet when the newsletter is opened. In the context of this retrieval, technical information such as browser and system information, as well as your IP address and time of retrieval are collected. This information is used for technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times.
Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletters recipients. However, it is neither our nor Mailjet's intention to monitor individual users. The analysis serves us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
3.5 Zendesk
On this platform we use the Customer Relationship Management (CRM) service of the company Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA.
The legal basis for the use of this service is Art. 6 Abs.1 lit.f GDPR - legitimate interest. Our legitimate interest in using this service is to be able to answer user enquiries quickly and efficiently.
Zendesk will only use your data to forward your requests to us. Your data will not be passed on to third parties.
To use Zendesk, you must provide at least one correct e-mail address. The service can also be used pseudonymously. In the course of processing service requests, it may be necessary to collect additional data (e.g. first name, last name, address, etc.).
The use of Zendesk is optional. If you do not agree to Zendesk collecting your data, we offer you alternative ways to contact us to submit service requests by phone or mail.
For more information, please refer to Zendesk's Privacy Policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.
4. Period of data storage
We will delete or make anonymous your personal data as soon as it is no longer required for the purposes for which it was collected or used in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the platform plus a period of 6 months, during which we keep backup copies after deletion, provided that this data is no longer required for criminal prosecution or to secure, assert or enforce legal claims.
Specific details in this data protection declaration or legal requirements for the storage and deletion of personal data, in particular those which we must store for tax reasons, remain unaffected.
5. Your rights as a data subject
5.1 Right of access
You have the right to obtain from us at any time on request information on the personal data processed by us and relating to you, within the scope of Art. 15 GDPR. To do so, you can make a request by post or by e-mail to the address below..
5.2 Right to rectification
You have the right to ask us to rectify the personal data concerning you without delay if it is incorrect. To do so, please contact us at the addresses below.
5.3 Right to erasure
You have the right, under the conditions described in Art. 17 GDPR, to request us to erase the personal data concerning you. In particular, these conditions provide for a right of erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, opposition or an obligation to erase them under Union law or the law of the Member State to which we are subject. For the period of data storage, see also point 5 of this privacy policy. To exercise your right of erasure, please contact us at the addresses below.
5.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular when the accuracy of the personal data is disputed between the user and us, for the period of time required to verify its accuracy, and in the event that the user requests limited processing instead of erasure in the event of an existing right to erasure; also in the event that the data is no longer required for the purposes we pursue, but the user needs it to assert, exercise or defend legal claims, and in the event that the successful exercise of an objection is still disputed between us and the user. To exercise your right to limit the processing, please contact us at the addresses below.
5.5 Right to data portability
You have the right to receive from us the personal data concerning you that you have provided us with in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the addresses below
6. Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para 1, lit. e) or f) of the GDPR, in accordance with Art. 21 of the GDPR. We will stop processing your personal data unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
7. Right to complain
They shall also have the right to address complaints to the competent supervisory authority. The competent authority in this case is the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information.
8. Contact
If you have any questions or comments regarding our handling of your personal data or if you wish to exercise the rights mentioned in points 6 and 7 as a data subject, please contact datenschutz@tronity.io.
9. Change of this data protection declaration
We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update it if changes occur in the collection, processing or use of your data. The current version of the data protection declaration is always available under "Data protection declaration" within the platform.