1. Controller, Personal Data, Contact
1.1 The person responsible (Controller) for the collection, processing and use of your personal data in accordance with Art. 4, Section 7 Data Protection Ordinance ("GDPR") is:

High-Mobility GmbH
Managing Directors: Risto Vahtra, Kevin Valdek, Martin Lauer
Skalitzer Straße 68
10997 Berlin
Germany
Tel: 030 26565600
email: support@high-mobility.com

hereinafter referred to as "we" or "us".

1.2 Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4 (1) GDPR).

1.3 If you contact us by email or telephone we will collect and record your disclosed data (e.g. email-address, telephone number) to be able to answer your questions.
In short,
As a data controller, we have strong responsibilities according to the European Union GDPR in keeping your personal data secure.
2. Your Rights
2.1 At all times, you are entitled to claim your rights in relation to us as an affected person. Should the respective statutory requirements be met, these include the following rights:

- Right of access in accordance with Article 15 EU GDPR
- Right to rectification in accordance with Article 16 EU GDPR
- Right to erasure in accordance with Article 17 EU GDPR
- Right to restriction of processing in accordance with Article 18 EU GDPR
- Right to data portability in accordance with Article 20 EU GDPR

You can exercise these rights at any time by contacting us under the contact details listed under section 1.1

2.2 In addition you have the right to lodge a complaint with a responsible data protection authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Visitor entrance: Puttkamerstr. 16-18
Tel: +49 30 13889-0
E-Mail: mailbox@datenschutz-berlin.de
In short,
GDPR gives you full rights to your personal data and you can get in touch with us at any time to understand how we use it or to direct us on what to do with it.
3. Data Collection, Processing and Use
3.1 If you use our Car Data Service we collect the personal data transmitted by your browser.

This data is statistically evaluated by us and is only used in order to improve the attractiveness, content and functions of our website. In our server log files, we save information that your browser automatically sends to us for technical reasons. This includes:

- Browser type/version
- Operating system used
- Referrer URL (the most recently visited page)
- Host name of the accessing end device (IP address, anonymised)
- Date and time of the server access

In case of smartphones, tablets and other mobile end devices: manufacturer/model. No person-related saving of this data takes place. This data is also not combined with other data sources.

The legal basis for the processing of your IP address is Article 6 Paragraph 1 Letter f) EU GDPR. Our legitimate interest arises from the purposes of the processing listed below:

- Guaranteeing a seamless connection
- Guaranteeing comfortable use of our website
- Assessment of system security and stability

Your IP address is generally saved by us in anonymous form and no personal analysis takes place during this process. A full saving of the IP address only takes place in order to trace technical errors and hacking attempts, as well as to record consent, for example in the newsletter subscription.

3.2 If you want to have car data be transferred from the car maker via us to a third party you have to agree to such transfer during the consent flow. As part of the consent flow you may be invited to enter your account credentials of your personal account within the car maker’s platform. We will not receive or get access to such account credentials. You will enter such data within the car maker’s platform.

3.3 If you want to have car data transferred from certain car makers you might be requested to verify your identity through electronic identification and to enter your vehicle mileage. This identification service is fully managed by us independently of the car maker and no identification data is shared with the car maker. The data that is collected during the electronic identification includes:

- Identification data
- Biometric data
- Vehicle mileage data

The legal basis for the processing of the data is Article 6 Paragraph 1 Letter f) EU GDPR. Our legitimate interest arises from the purposes of the processing listed below:

- Guaranteeing valid access to the data of a vehicle

3.4 To transfer the car data we might need the vehicle identification number (VIN) of your car to be able to assign the respective car data to your account. We will receive the car data from the car maker or you are requested to enter the VIN. We will store the VIN for the purpose to fulfil the agreement. We will not use the VIN for any other purpose and will not transfer the VIN to any third party, except as otherwise stated within the consent flow.

The legal basis for the processing of such data is Article 6 Paragraph 1 Letter b) EU GDPR. Once your account is deleted the personal data is deleted from our servers within 24 hours.

3.5 After consent by you during the consent flow we will receive the respective car data from the car maker for the purpose to transfer the data to the third party. We will not make any other use of the car data, in particular we will not store, process, change or amend the data.

The legal basis for the processing of such data is Article 6 Paragraph 1 Letter b) EU GDPR. The car data is only stored by us temporarily when technically needed to deliver our service. Car data is never analysed or used for any other purpose than for delivery to the consented third party.

3.6 The use of the car data by the third party is subject to the agreement between you and the third party, including the third party’s privacy policy.
In short,
We keep the amount of data that we store about you to the very minimum. Apart from the information that you enter, we gather technical information about your connection in an anonymous form. In exceptional cases we store the full IP address to track down bugs.

We verify driver accounts for certain car brands where ownership verification can not be performed through a manufacturer owner portal.
4. Hosting
Our service is hosted by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS). The hosting services include infrastructure and platform services, computing capacity, storage capacity, database services, security services as well as technical maintenance which are necessary to provide our developer center and services. In this context the host provider processes the data mentioned in this Privacy Policy on our behalf. We entered into a processing agreement with the host provider in accordance with Article 28 EU GDPR.

5. Electronic Identification

We use a third party service for performing electronic identifications. This service is rendered by Electronic Identification, S.L., Avenida Ciudad de Barcelona 81 - 4ª planta, C.P. 28007 Madrid, Spain. Electronic Identification, S.L. is a company that provides, inter alia, management services for the Electronic Identification, S.L. API platform, which enables the electronic identification of individuals by means of remote video identification, electronic notifications and the signing of documents by means of advanced electronic signature systems. In this context the electronic identification provider processes the data mentioned in section 3.3 of this Privacy Policy on our behalf.

We entered into a processing agreement with the electronic identification provider in accordance with Article 28 EU GDPR.
In short,
Our platform is hosted by a leading cloud provider, Amazon Web Services.

We use an Electronic Identification (eID) to verify driver accounts.
6. Error Reporting
We use third party services for error reporting. This service is rendered by Rollbar, Inc., 221 Main St Suite 780 San Francisco, CA 94105, USA (Rollbar). Rollbar uses cookies to gather information about errors occurred during the use of our developer center. Rollbar will use such information on our behalf to identify errors which occur during the use of the developer center and the reasons for such errors. We only use Rollbar with activated anonymization of the IP address. That means that the IP address of the user will be masked or omitted to be used. Such information may be transferred to the USA. We entered in to a processing agreement with the provider in accordance with Article 28 EU GDPR. Rollbar guarantees to provide adequate level of protection for personal data based on Standard Contractual Clauses.

The legal basis for the engagement of the service provider is Article 6 Paragraph 1 Letter f) EU GDPR. Our interest in accordance with Article 6 Paragraph 1 Letter f) EU GDPR to commercially optimize our service is considered to be legitimate in the sense of the regulation referred to above.
In short,
We use a service called Rollbar for error reporting. This way we automatically get notified when something goes wrong and can solve it as quickly as possible.
7. Cookies
6.1 We use Cookies in order to provide you with a comfortable and functioning of the service. Cookies are small files which contain information to identify recurring users only while visiting our service. Cookies will be stored on your device and will not cause any damage. Cookies help to identify popular sections of our service. By using Cookies we are able to provide the contents of our service adjusted to your needs.

6.2 In addition, we use non-permanent Cookies (so called "Session Cookies") in order to identify your Browser when using the service. Such Session Cookies contain a pseudonymized ID which will be read by the server. During the session, the Session Cookies (including the pseudonymized ID) are stored on the server. After the session, the Session Cookies will be erased automatically.

6.3 You can deactivate the use of all Cookies at any time by setting your browser to not accept Cookies. You can delete Cookies stored on your device at any time. The exact instructions for how to do this can be found in the manual for your browser or device. If you deactivate the use of Cookies it might cause a functional limitation of the website or the services.

6.4 The legal basis for the use of Cookies is Art. 6, Paragraph. 1 lit. f) GDPR. Our interest in tailoring our services to your requirements as best as possible and optimizing our services in commercial and technical terms is considered to be a legitimate in compliance with Art. 6, Paragraph. 1 lit. f) GDPR. Your IP address is only recorded in shortened form.
In short,
Like all web applications, also our platform uses cookies to function properly. We never attempt to read cookies from other sites that you have visited.
Updated August 2021