1. Controller, Personal Data, Contact
1.1 The person responsible (Controller) for the collection, processing and use of your personal data in accordance with Art. 4, Section 7 Data Protection Ordinance ("GDPR") is:

High-Mobility GmbH
Managing Directors: Risto Vahtra, Kevin Valdek, Martin Lauer
Skalitzer Straße 68
10997 Berlin
Germany
Tel: 030 26565600
email: support@high-mobility.com

hereinafter referred to as "we" or "us".

1.2 Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4 (1) GDPR).

1.3 If you contact us by email or telephone we will collect and record your disclosed data (e.g. email-address, telephone number) to be able to answer your questions.
In short,
As a data controller, we have strong responsibilities according to the European Union GDPR in keeping your personal data secure.
2. Your Rights
2.1 At all times, you are entitled to claim your rights in relation to us as an affected person. Should the respective statutory requirements be met, these include the following rights:

- Right of access in accordance with Article 15 EU GDPR
- Right to rectification in accordance with Article 16 EU GDPR
- Right to erasure in accordance with Article 17 EU GDPR
- Right to restriction of processing in accordance with Article 18 EU GDPR
- Right to data portability in accordance with Article 20 EU GDPR

You can exercise these rights at any time by contacting us under the contact details listed under section 1.1

2.2 In addition you have the right to lodge a complaint with a responsible data protection authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Visitor entrance: Puttkamerstr. 16-18
Tel: +49 30 13889-0
E-Mail: mailbox@datenschutz-berlin.de
In short,
GDPR gives you full rights to your personal data and you can get in touch with us at any time to understand how we use it or to direct us on what to do with it.
3. Data Collection, Processing and Use
3.1 If you use our Car Data Service we collect the personal data transmitted by your browser.

This data is statistically evaluated by us and is only used in order to improve the attractiveness, content and functions of our website. In our server log files, we save information that your browser automatically sends to us for technical reasons. This includes:

- Browser type/version
- Operating system used
- Referrer URL (the most recently visited page)
- Host name of the accessing end device (IP address, anonymised)
- Date and time of the server access

In case of smartphones, tablets and other mobile end devices: manufacturer/model. No person-related saving of this data takes place. This data is also not combined with other data sources.

The legal basis for the processing of your IP address is Article 6 Paragraph 1 Letter f) EU GDPR. Our legitimate interest arises from the purposes of the processing listed below:

- Guaranteeing a seamless connection
- Guaranteeing comfortable use of our website
- Assessment of system security and stability

Your IP address is generally saved by us in anonymous form and no personal analysis takes place during this process. A full saving of the IP address only takes place in order to trace technical errors and hacking attempts, as well as to record consent, for example in the newsletter subscription.

3.2 If you want to have car data be transferred from the car maker via us to a third party you have to agree to such transfer during the consent flow. As part of the consent flow you will be invited to enter your account credentials of your personal account within the car maker’s platform. We will not receive or get access to such account credentials. You will enter such data within the car maker’s platform.

3.3 To transfer the car data we need the vehicle identification number (VIN) of your car to be able to assign the respective car data to your account. We will receive the car data from the car maker or you are requested to enter the VIN. We will store the VIN for the purpose to fulfil the agreement. We will not use the VIN for any other purpose and will not transfer the VIN to any third party, except as otherwise stated within the consent flow.

The legal basis for the processing of such data is Article 6 Paragraph 1 Letter b) EU GDPR. Once your account is deleted the personal data is deleted from our servers within 24 hours.

3.4 After consent by you during the consent flow we will receive the respective car data from the car maker for the purpose to transfer the data to the third party. We will not make any other use of the car data, in particular we will not store, process, change or amend the data.

The legal basis for the processing of such data is Article 6 Paragraph 1 Letter b) EU GDPR. The car data will not be stored by us.

3.5 The use of the car data by the third party is subject to the agreement between you and the third party, including the third party’s privacy policy.
In short,
We keep the amount of data that we store about you to the very minimum. Apart from the information that you enter, we gather technical information about your connection in an anonymous form. In exceptional cases we store the full IP address to track down bugs.
4. Hosting
Our service is hosted by Amazon Web Services, Inc.; 410 Terry Avenue North, Seattle WA 98109, United States (AWS). The hosting services include infrastructure and platform services, computing capacity, storage capacity, database services, security services as well as technical maintenance which are necessary to provide our developer center and services. In this context the host provider processes the data mentioned in this Privacy Policy on our behalf. We entered in to a processing agreement with the host provider in accordance with Article 28 EU GDPR.
In short,
Our platform is hosted by a leading cloud provider, Amazon Web Services.
5. Error Reporting
We use third party services for error reporting. This service is rendered by Rollbar, Inc., 221 Main St Suite 780 San Francisco, CA 94105, USA (Rollbar). Rollbar uses cookies to gather information about errors occurred during the use of our developer center. Rollbar will use such information on our behalf to identify errors which occur during the use of the developer center and the reasons for such errors. We only use Rollbar with activated anonymization of the IP address. That means that the IP address of the user will be masked or omitted to be used. Such information may be transferred to the USA. We entered in to a processing agreement with the provider in accordance with Article 28 EU GDPR. Rollbar, Inc. is certified under the privacy shield and therefore guarantees to provide adequate level of protection for personal data.

More: Privacy Shield

5.2 The legal basis for the engagement of the service provider is Article 6 Paragraph 1 Letter f) EU GDPR. Our interest in accordance with Article 6 Paragraph 1 Letter f) EU GDPR to commercially optimize our service is considered to be legitimate in the sense of the regulation referred to above.
In short,
We use a service called Rollbar for error reporting. This way we automatically get notified when something goes wrong and can solve it as quickly as possible.
6. Cookies
6.1 We use Cookies in order to provide you with a comfortable and functioning of the service. Cookies are small files which contain information to identify recurring users only while visiting our service. Cookies will be stored on your device and will not cause any damage. Cookies help to identify popular sections of our service. By using Cookies we are able to provide the contents of our service adjusted to your needs.

6.2 In addition, we use non-permanent Cookies (so called "Session Cookies") in order to identify your Browser when using the service. Such Session Cookies contain a pseudonymized ID which will be read by the server. During the session, the Session Cookies (including the pseudonymized ID) are stored on the server. After the session, the Session Cookies will be erased automatically.

6.3 You can deactivate the use of all Cookies at any time by setting your browser to not accept Cookies. You can delete Cookies stored on your device at any time. The exact instructions for how to do this can be found in the manual for your browser or device. If you deactivate the use of Cookies it might cause a functional limitation of the website or the services.

6.4 The legal basis for the use of Cookies is Art. 6, Paragraph. 1 lit. f) GDPR. Our interest in tailoring our services to your requirements as best as possible and optimizing our services in commercial and technical terms is considered to be a legitimate in compliance with Art. 6, Paragraph. 1 lit. f) GDPR. Your IP address is only recorded in shortened form.
In short,
Like all web applications, also our platform uses cookies to function properly. We never attempt to read cookies from other sites that you have visited.
Updated September 2020