Version: 1.1 | 02 April 2022
The Cloud Software or SaaS (Software as a Service) TRONITY (hereinafter "TRONITY") is provided by TRONITY GmbH, Julius-Hatry-Straße 1, 68163 Mannheim (hereinafter "we" or "us") as the controller within the meaning of the applicable data protection law.
Within the framework of the services offered via TRONITY, we enable you to store, evaluate and analyse the vehicle data provided.
When using TRONITY, we process personal data about you. By personal data is meant all information relating to an identified or identifiable natural person. Because the protection of your privacy when using TRONITY is important to us, we would like to use the following information to inform you which personal data we process when you use TRONITY and how we handle this data. In addition, we inform you about the legal basis for processing your data and, insofar as processing is necessary to protect our legitimate interests, also about our legitimate interests.
You can view this data protection declaration at any time under the menu item “Privacy” in TRONITY .
1. Information on the processing of your data
Certain data is already processed automatically as soon as you use TRONITY. In the following we have listed for you exactly which personal data is processed:
1.1 Data that is automatically collected on TRONITY
Within the scope of your use of TRONITY, we automatically collect certain data that is required for the use of TRONITY. These include:
• Name of the retrieved file
• Date and time of retrieval
• data volume transferred
• Message whether the retrieval was successful
• Description of the type of web browser used
• Operating system used
• the previously visited page
• your IP address
This data is automatically transmitted to us, but not stored, (1) to provide you with the service and related features, (2) to improve the functions and features of TRONITY, and (3) to prevent and correct misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you as the data subject and us in accordance with Art. 6 Para. 1 lit. b) GDPR for the use of TRONITY, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of TRONITY and in being able to offer a service in line with the market and interests, which in this case outweighs your rights and interests in the protection of your personal data in accordance with Art. 6 Para. 1 lit. f) GDPR.
1.2 Creation of a user account (registration) and login
When you create a user account or login, we use your name and e-mail address to grant you access to your user account and to manage it ("mandatory information"). This information is required for the conclusion of the user contract. If you do not provide this information, you will not be able to create a user account.
In addition, we require further data (hereinafter referred to as "vehicle access data") such as the vehicle manufacturer and the credentials (depending on the manufacturer, username/e-mail and password or token) which you use in the mobile application or the vehicle manufacturer's website in order to connect the vehicle to TRONITY and to provide our services.
We use the vehicle access data to connect the vehicle with TRONITY, to collect the vehicle data and to process it on TRONITY.
This data processing is justified by the fact that (1) the processing is necessary for the fulfilment of the user contract between you as data subject and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of TRONITY, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of TRONITY, which outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR.
1.3 Collection of vehicle data and use of TRONITY
With the vehicle access data provided by you, our service logs on to the interface offered by the respective vehicle manufacturer. The data of the respective vehicle are collected via the interface (hereinafter referred to as "vehicle data") and processed on TRONITY for display and evaluation by you.
Within the framework of TRONITY, various evaluations of the vehicle data and other information can be managed and processed. Vehicle data is the information made available via the interfaces, in particular:
• Vehicle master data
• Vehicle status
• Software version
• Energy Consumption
• Battery information (e.g. capacity)
The processing is carried out exclusively for the purpose of providing the service. This data processing is justified by the fact that the processing is necessary for the fulfilment of the user contract between you as a data subject and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of TRONITY.
We may process non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. This in- formation is used for corresponding functions and evaluations, which are particularly necessary for cross-user evaluations.
1.4 Optional features
We offer various optional functions on TRONITY, which can be individually activated and deactivated by you as user. Insofar as you activate a function on TRONITY, you also give your consent (Art. 6 Para. 1 letter a GDPR) to the respective data processing. The respective consent can be withdrawn at any time by deactivating the respective function.
1.5 Order our newsletter
Based on your consent (Art. 6 para. 1 a GDPR), we will be pleased to inform you about current news about TRONITY and us in our newsletter.
To receive a newsletter, you must enter your name and e-mail address and may enter and send further voluntary information. Once you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have provided, in which you must click on a confirmation link to verify the e-mail address you have provided.
Your data will only be stored by us for the purpose of sending our newsletter. In addition, we store your IP address and the date of your registration to be able to prove your news- letter registration in case of doubt.
You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the footer of the newsletter.
1.6 Use of third-party providers that use vehicle data
We offer the possibility of transmitting vehicle data to third-party provider so that they can use this data to offer you individual functionalities that are specially tailored to your vehicle.
We only transmit your data based on your consent (Art. 6 para. 1 a GDPR).
If you visit the website of a third-party provider or use their app, you will be informed via a displayed iframe that you can share vehicle data from TRONITY with this provider. You can find a list of which information is transferred to the respective third-party provider in the corresponding iframe.
You give your consent to transmit the information by clicking on "Allow" in this iframe. You can revoke your consent at any time on TRONITY or by e-mail to email@example.com or on the website or app of the third-party provider and removing the permission to share the relevant information.
2. Sharing and transmission of data
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports, to partners and customers under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data do not outweigh the protection of your personal data in the sense of Art. 6 para. 1 lit. f) GDPR.
3. Features used
3.1 Payment service
If you decide in TRONITY to book a subscribtion and you choose a payment method accordningly, the payment processing is carried out via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, SEPA mandate or card number, invoice amount, currency and term of usage) in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. You can find more information about the data protection of Stripe under the URL https://stripe.com/de/privacy#translation.
3.2 Google reCAPTCHA
On TRONITY we also use the reCAPTCHA feature of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The main purpose of this function is to distinguish whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam. In the course of using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
3.3 Web analysis via Google Analytics
On TRONITY we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses so-called cookies, e.g. text files that are stored on your computer and which enable an analysis of your use of TRONITY. The information generated by the cookie about your use of TRONITY (including the abbreviated IP address) is usually transferred to a Google server and stored there and may also be transferred to the servers of Google LLC. in the USA.
TRONITY uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes a direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google LLC. server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter f GDPR on the basis of our justified interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of TRONITY, to com- pile reports on activities on TRONITY and to provide us with further services related to the use of TRONITY and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
You can prevent the storage of cookies by adjusting your browser software accordingly however, we would like to point out that in this case you may not be able to use all the functions of TRONITY to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of TRONITY (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the "Privacy Shield" data protection agreement, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Your personal data will be deleted or anonymised after 14 months.
3.4 Newsletter and system-e-mail dispatch via Mailjet
The newsletters and system-e-mails are sent via Mailjet, a e-mail distribution platform of the company Mailjet, a simplified joint stock company under French law ("Société par actions simplifiée"), registered with the Paris Trade and Companies Register under number 524 536 992, having its registered office at 13-13bis, rue de l'Aubrac - 75012 Paris
The e-mail addresses of our e-mail recipients, as well as their other data described in this notice, are stored on the servers of Mailjet in the EU. Mailjet uses this information to send and evaluate the newsletter on our behalf. Furthermore, Mailjet may use this information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of the newsletter or for economic purposes to determine from which countries the recipients come. However, Mailjet does not use the data of our e-mail recipients to write to them itself or pass them on to third-parties.
The newsletters or system-e-mails contain a so-called "web-beacon", e.g. a pixel-sized file which is retrieved from the server of Mailjet when the newsletter is opened. In the context of this retrieval, technical information such as browser and system information, as well as your IP address and time of retrieval are collected. This information is used for technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times.
Statistical surveys also include determining whether the newsletters or system-e-mails are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter’s recipients. However, it is neither our nor Mailjet's intention to monitor individual users. The analysis serves us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
For customer care of TRONITY we use the Customer Relationship Management (CRM) service of the company Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA.
The legal basis for the use of this service is Art. 6 Abs.1 lit.f GDPR - legitimate interest. Our legitimate interest in using this service is to be able to answer user enquiries quickly and efficiently. Zendesk will only use your data to forward your requests to us. Your data will not be passed on to third-parties.
To use Zendesk, you must provide at least one correct e-mail address or send an e-mail to firstname.lastname@example.org. The service can also be used pseudonymously. In the course of processing service requests, it may be necessary to collect additional data (e.g. first name, last name, additional e-mail addresses, etc.).
The use of Zendesk is optional. If you do not agree to Zendesk collecting your data, we offer you alternative ways to contact us to submit service requests by phone or mail.
4. Period of data storage
We will delete or make anonymous your personal data as soon as it is no longer required for the purposes for which it was collected or used in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via TRONITY plus a period of 6 months, during which we keep backup copies after deletion, provided that this data is no longer required for criminal prosecution or to secure, assert or enforce legal claims.
Specific details in this data protection declaration or legal requirements for the storage and deletion of personal data, in particular those which we must store for tax reasons, remain unaffected.
5. Your rights as a data subject
5.1 Right of access
You have the right to obtain from us at any time on request information on the personal data processed by us and relating to you, within the scope of Art. 15 GDPR. To do so, you can make a request by post or by e-mail to email@example.com or to our company address (see imprint).
5.2 Right to rectification
You have the right to ask us to rectify the personal data concerning you without delay if it is incorrect. To do so, please contact us at firstname.lastname@example.org.
5.3 Right to erasure
5.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular when the accuracy of the personal data is disputed between the user and us, for the period of time required to verify its accuracy, and in the event that the user requests limited processing instead of erasure in the event of an existing right to erasure; also in the event that the data is no longer required for the purposes we pursue, but the user needs it to assert, exercise or defend legal claims, and in the event that the successful exercise of an objection is still disputed between us and the user. To exercise your right to limit the processing, please contact us at email@example.com.
5.5 Right to data portability
You have the right to receive from us the personal data concerning you that you have provided us with in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at firstname.lastname@example.org.
6. Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para 1, lit. e) or f) of the GDPR, in accordance with Art. 21 of the GDPR. We will stop processing your personal data unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise or defend legal claims.
7. Right to complain
They shall also have the right to address complaints to the competent supervisory authority. The competent authority in this case is the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information.
If you have any questions or comments regarding our handling of your personal data or if you wish to exercise the rights mentioned in points 6 and 7 as a data subject, please con- tact us at email@example.com.
9. Change of this data protection declaration