1. Data protection obligation
When processing your personal data, the protection of your personal privacy is of the utmost concern to TB Digital Services GmbH (“TBDS”). We process personal data collected during use of the RIO “Pocket Fleet” app (hereinafter: “the App”) solely in compliance with the data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Data Privacy Act (BDSG).
2. INTENDED PURPOSE
The purpose of the App is to provide fleet managers and materials requirement planners with important information on mobile devices for managing vehicle fleets, so as to enable them to optimise vehicle deployment. Specifically, the information is used to determine the location and status of vehicles, identify their drivers, and contact the drivers by phone or email. Data collected by the App is processed solely for the intended purpose.
3. Processing personal data within the framework of the App
Personal data means any information concerning the personal or material circumstances of an identified or identifiable natural person. Examples include information such as a person’s first name, last name, phone number, or email address, but also location data
or drivers’ behavioural data.
Legal basis for processing
Personal data is only processed by us if and to the extent that a legal regulation permits that specific piece of data to be processed, or if the data subject has expressly consented to this processing in advance.
Encrypted message communication
To protect all personal data from third-party access, all communication between the App and our server takes place within the framework of an encrypted connection (TLS 1.2 or better).
App’s access to device functions
The App accesses the memory of the users’ devices so that it can file the HERE map data and display the location of the vehicles.
Transmitting the data to third parties
Data is transmitted via Crashlytics and Google Firebase. The personal data of the user is not passed on to any other third parties by us.
Cookies are employed during usage of the App. Information such as the session ID and other data is processed within these cookies, which are necessary for a smooth registration. Google’s Crashlytics and Firebase services are used for product optimisation (cf. Points 5 and 6 below).
5. Google Crashlytics
We use the “Crashlytics” diagnostics service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter: “Google”).
Crashlytics and the error reports generated by the software are used to record and analyse errors. The resultant information is used to maintain and improve our App. Should usage of the App lead to unexpected errors or the App crashing, specific information, such as the device type, operating system version, date and time of the error, country in which the query originated, and language selected for the operating system, will be sent to Crashlytics. You can find more information about data protection at Crashlytics here: https://fabric.io/terms.
Processing is necessary to safeguard the prevailing, legitimate interests of the data controller (Art. 6, para 1 (f) GDPR). We have a legitimate interest in offering our customers a flawless product and in making its use as simple and secure as possible.
You can prevent Crashlytics from processing your data at any time by deactivating the recording and transfer of usage information and diagnostics data by Crashlytics in the settings of the App. This option is deactivated in the App’s default delivery state.
Data transfer to third countries
Personal data is transmitted to Google through the use of Crashlytics. Google acts as a service provider for us within the context of commissioned processing. Google processes personal data in the US as well, and has signed up to the EU-US Privacy Shield Framework. You can find more information on the EU-US Privacy Shield Framework at https://www.privacyshield.gov/EU-US-Framework.
6. GOOGLE FIREBASE
We use Google’s “Firebase” tracking service for our App. Firebase uses tracking technologies that allow it to record and analyse the interaction of App users with the App – for example: the frequency and length of sessions and their navigation through various menu items. Google Firebase records user activities (e.g. clicking a menu item) as well as the device type, the operating system version, the app version and date of the event, and sends them to Firebase.
The interactions of App users with the App is recorded and analysed so that the resultant information can be used to improve and refine the App and its user-friendliness.
Processing is necessary to safeguard the prevailing, legitimate interests of the data controller (Art. 6, para 1 (f) GDPR). Our legitimate interest consists in offering our customers a user-friendly product and refining this on an ongoing basis.
You can prevent Firebase from processing your data at any time by deactivating the recording and transfer of usage information and diagnostics data by Google Firebase in the settings of the App. This option is deactivated in the App’s default delivery state.
Data transfer to third countries
With Firebase, information about the App’s usage is recorded and transferred to Google in Ireland or the US, where it is stored and processed as required. Data is always collected on an anonymised basis and transferred to Firebase. It is not linked to other user data. Google will use the information to analyse your use of our App, and to provide us with other services connected with the use of apps.
Google has signed up to the EU-US Privacy Shield Framework for the personal data that is transferred to the US: www.privacyshield.gov/participant. You can find more detailed information on Google Firebase and data protection at: www.google.com/policies/privacy/ and at: firebase.google.com.
We take appropriate technical and organisational security precautions in order to protect your personal data against accidental or intentional tampering, loss, destruction or access by unauthorised persons. Our data processing and security precautions are regularly improved in line with technological developments.
No personal data is stored in the App itself. The personal data required for the operation of the App is stored in other service applications and is subject to the deletion periods applicable there. In this respect, the data is only stored for as long as is necessary for the provision of the service or the fulfilment of retention periods.
9. COMMISSIONED DATA PROCESSING
We have concluded contracts for commissioned data processing with cooperation partners that we use as commissioned processors within the framework of the App’s provision and the use of its functions.
10. Changes to our data protection provisions
We reserve the right to change our data protection and IT security measures should this become necessary as a result of statutory or technical developments. In such cases, we will amend our data protection provisions accordingly and inform you in an appropriate manner and – if required – request your consent for this.
11. Your rights
You have the following rights in relation to your personal data:
a) The right to receive information, particularly regarding the data about you that we are processing, the purposes of this processing, the categories of the personal data concerned, the categories of the recipients, and the planned storage period (Art. 15 GDPR).
b) The right to have inaccurate or incomplete personal data corrected by the data controller (Arts. 16 and 17 GDPR).
c) The right to have the data stored about you deleted or its processing limited (Art. 17 GDPR).
d) The right to data portability (Art. 20 GDPR).
e) The right to withdraw your consent at any time, without stating a reason (Art. 7, para 3 GDPR).
f) The right to file complaints with the responsible supervisory authority (Art. 77 GDPR).
12. DATA CONTROLLER AND CONTACT
If you have any questions on data protection in relation to this App or would like to assert your rights, please contact: TB Digital Services GmbH, Oskar-Schlemmer-Str. 19-21, D-80807 Munich, Germany or send an e-mail to firstname.lastname@example.org.