Data privacy

1. Overview of data privacy

 

General information

Below is a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data that can be used to identify you as a person. You can find further information on data privacy in our data privacy policy available below this data privacy statement.

 

Data collection on this website


Who is responsible for data collection on this website?

It is the website operator who handles data processing on this website. You will find their contact details in the section Information about the controller in this data privacy statement.

How do we collect your data?

First of all, we collect the data that you provide to us. This might be any data that you enter into a contact form, for example.

Other data is automatically collected by our IT systems or after you give your consent when you visit our website. These primarily include technical data, such as your web browser, operating system or time of website access. This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of your data is collected to ensure that the website is fully available without any errors. Other data may be used to analyse your user behaviour.

What are your rights with respect to your data?

You have the right to receive information on the source, recipient and intended use of your stored personal data free of charge at all times. You also have the right to request rectification or erasure of this data. If you have given your consent to process your data, you have the right to withdraw this consent for the future at any time. You also have the right to demand limited processing of your personal data under certain circumstances. Moreover, you also have a right of appeal to the competent supervisory authority.

You may contact us at any time for further information on this subject or matters related to data privacy.

Analysis tools and third-party providers’ tools

Your browsing behaviour may be subject to statistical analysis during visits to this website. What are known as analysis programs mainly perform such analyses.

You will find detailed information on these analysis programs in the data privacy statement below.

2. Hosting

 

We host the contents of our website through the following provider:

External hosting

This website is hosted externally. Personal data which is collected on this server is saved on the hosting service provider’s/providers’ servers. This may include especially IP addresses, contact enquiries, metadata, communication data, contract details, contact details, names, website visits and other data which are generated via a website.

A professional provider supplies external hosting for the purpose of fulfilling contracts for our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interests of secure, fast, efficient provision of our website (Art. 6 (1) (f) GDPR). If relevant consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) German Telecommunications Telemedia Data Protection Act (TTDSG) if the consent includes storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) as specified in TTDSG. Consent can be revoked at any time.

Our hosting service provider(s) will only process your data in the way required to fulfil their service obligations and will follow our instructions regarding this data.

We use the following hosting service provider:

jweiland.net

Echterdinger Strasse 57
70794 Filderstadt bei Stuttgart
Germany

Order processing

We have concluded an order processing agreement to use the aforementioned service. This is a contract required under data protection legislation, which ensures that the provider only processes our website visitors’ personal data in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory information

 

Data protection

The operators of these pages take the protection of your personal data very seriously. We will treat your personal data as confidential and in accordance with statutory data privacy regulations and this data privacy statement.

When you use this website, we collect a variety of personal data. Personal data refers to data that can be used to identify you as a person. This data privacy statement explains what data we collect and what we use it for. It also describes how this is carried out and why.

Please also note that data transmission over the Internet – by email, for example – may be susceptible to security vulnerabilities. It is not possible to fully protect data from unauthorised access.

Controller

The controller responsible for data processing on this website is:

IoT Venture GmbH

Hilpertstr. 31

64295 Darmstadt

Germany

Phone: +49 800 0060751

Email: info@iot-venture.com

The controller is refers to a natural person or legal entity who alone or jointly with others determines the purposes and means of personal data processing (e.g. names, email addresses and similar).

Period of storage

Unless a more specific storage period has been specified within this data privacy statement, your personal data will remain with us until the purpose for processing the data ceases to exist. If you make a justified request for deletion or revoke consent to data processing, your data will be deleted provided that we do not have any other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial legislation); in the latter case, the data will be deleted once these reasons cease to apply.

General information on the legal basis for data processing on this website

If you have given your consent for processing of your data, we will process your personal data in compliance with Art. 6 (1) (a) GDPR, or Art. 9 (2) (a) GDPR if special data categories are being processed as specified in Art. 9 (1) GDPR. In the case of express consent for the transmission of personal data to third countries, data will also be processed in compliance with Art. 49 (1) (a) GDPR. If you have given your consent to the storage of cookies or retrieval of information on your terminal device (e.g. using device fingerprinting), the data will also be processed in compliance with Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is required to fulfil a contract or take steps prior to entering into a contract, we also process your data in compliance with Art. 6 (1) (b) GDPR. Moreover, we will process your data in accordance with Art. 6 (1) (c) GDPR if they are required to comply with a legal obligation. Data may also be processed for reasons of our legitimate interest as specified in Art. 6 (1) (f) GDPR. Information on the relevant legal basis for each individual case is provided in the following paragraphs of this data protection statement.

Data Protection Officer

We have appointed a Data Protection Officer.

Email: datenschutz@iot-venture.com

Data transfer to the US and other third countries

Among other things, we use tools provided by companies based in the US or other third countries that are not secure in terms of data protection legislation. If these tools are active, your personal data may be transferred to these third countries and processed there. We’d like to point out that a level of data protection comparable to that provided in the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal steps against such action. As a result, it cannot be excluded that US authorities, such as intelligence services, will process, evaluate and permanently store your data located on US servers. We have no control over such processing activities.

Withdrawal of consent for data processing

Many data processing operations are only possible if your express consent has been obtained. You may withdraw consent that you have given at any time. Withdrawal of consent has no impact on the legality of data processing up to the point in time when consent was revoked.

Right to object to data collection in specific cases

IF DATA IS PROCESSED ON THE BASIS OF ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA DUE TO REASONS RELATED TO YOUR SPECIFIC CIRCUMSTANCES AT ANY TIME; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU WILL FIND THE RELEVANT LEGAL BASIS ON WHICH YOUR PERSONAL DATA IS PROCESSED IN THIS DATA PRIVACY STATEMENT. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE ARE ABLE TO DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR PROCESSING SERVES TO ESTABLISH, ASSERT OR DEFEND LEGAL CLAIMS (OBJECTION AS PER ART. 21 (1) GDPR).

Right of appeal to competent supervisory authority

In the event of infringements of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place where the alleged infringement took place. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process with your consent or process with the aim of fulfilling an order sent to you or to a third party in a customary machine-readable format. If you request direct transfer of data to another controller, this will only be performed if technically possible.

Information, erasure and rectification

Under the applicable provisions of the law, you have at all times the right to request access – free of charge – about your stored personal data, its source and the recipient, the purpose of its processing, and, where applicable, a right to rectification or erasure of this data. You may contact us at any time for further information on this subject or matters related to data privacy.

Right to restriction of processing

You have the right to demand limited processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

  • If you wish to dispute the accuracy of the personal data that we store on you, we generally need time to check this. You have the right to demand limited processing of your personal data while we make this check.
  • If your personal data has been/is being processed in an unlawful way, you may request that data processing is restricted instead of erasure.
  • When we no longer need your personal data but you need them to exercise, defend or assert legal claims, you have the right to require that processing of your personal data be restricted instead of erasure.
  • If you lodge an objection as per Art. 21 (1) GDPR, there needs to be a balance between your interests and ours. You have the right to demand limited processing of your personal data if it has not yet been determined whose interests predominate.

If you have restricted processing of your personal data, this personal data, irrespective of whether it is stored or not, may only be processed with your consent or to establish, assert, or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of important public interest in the European Union or a Member State.

SSL or TLS encryption

This site uses SSL and/or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries, that you send to us as the site owners. You can easily recognise an encrypted connection because the address line in the browser changes from http:// to https:// and also displays a padlock icon.

The data that you provide to us cannot be read by third parties if SSL and/or TLS encryption is active.

4. Data collection on this website

 

Cookies

Our internet pages use what are known as cookies. Cookies are small data packages and will not damage your terminal device. They are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are deleted automatically at the end of your visit. Permanent cookies remain stored on your terminal device until you yourself delete them or your web browser deletes them automatically.

Third-party cookies may be stored on your terminal device in some cases when you visit our site. These allow you or us to use specific services provided by the third-party company (e.g. cookies to process payment services).

Cookies have different functions. Numerous cookies are necessary from a technical standpoint since certain website functions will not work without them (e.g. the shopping basket function or videos). Other cookies are used to analyse user behaviour or show advertisements.

The cookies needed (necessary cookies) to carry out the electronic communication process, provide the specific functions you require (e.g. the shopping basket function) or optimise the website (e.g. cookies to quantify the website’s visitors) are stored in accordance with Art. 6 (1) (f) GDPR unless any other legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to provide an optimised, technically flawless service. If consent to store cookies and comparable recognition technologies has been requested, processing takes place solely on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG); consent can be revoked at any time.

You can set your browser to inform you that cookies are being used and only permit cookies on a case-by-case basis, accept cookies in certain cases or generally refuse them, and automatically delete them when you close your browser. Deactivating cookies may limit this website’s functions.

If third-party cookies or cookies stored for analysis purposes are used, we will inform you about them separately within this data privacy statement and, if necessary, request consent.

Server log files

The provider of the pages automatically collects and stores information in what are known as server log files, which your browser automatically transmits to us. These comprise:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the computer accessing the site
  • Time of the server request
  • IP address

This data is not combined with any other data sources.

This data is collected in accordance with Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in technically flawless display and the optimisation of their website. Server log files need to be collected for this purpose.

Contact form

If you send us an enquiry using our contact form, we will store the information you entered into the form, including contact details, to handle your enquiry and deal with any follow-up questions. We will not disclose this data without your permission.

This data is processed in accordance with Art. 6 (1) (b) GDPR provided that your enquiry is related to the fulfilment of a contract or completion of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data you enter into the contact form will remain with us until you ask us to delete it, revoke your consent to store it or the reason for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory statutory provisions, especially retention periods, remain unaffected.

Enquiry by email, telephone or fax

If you contact us by email, telephone or fax, your request, including all personal data provided in it (name, request), will be stored and processed in our systems in order to process your enquiry. We will not disclose this data without your permission.

This data is processed in accordance with Art. 6 (1) (b) GDPR provided that your enquiry is related to the fulfilment of a contract or completion of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data you transmit to us in requests for contact will remain with us until you ask us to delete it, revoke your consent to store the data or the reason for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions, especially statutory retention periods, remain unaffected.

Use of chatbots

We use chatbots to communicate with you. Chatbots are able to respond to your questions and other inputs without human intervention. In addition to your inputs, chatbots analyse data to give suitable answers (e.g. names, email addresses and other contact details, email addresses and other identifiers, orders and chat histories). Furthermore, the chatbot may collect your IP address, log files, location information and other metadata. This data is stored on the chatbot provider’s servers.

This website uses the chatbot provider MobileMonkey. The provider MobileMonkey Inc. 359 Newbury Street, 5th Floor Boston, MA, 02115, United States. Email: contact@mobilemonkey.com . The provider’s data privacy statement: https://mobilemonkey.com/privacy-policy .

User profiles can be created based on the data recorded. The data may also be used to show interest-based advertisements, provided that the other legal requirements for this usage are met, especially regarding consent. Chatbots can be linked to analysis and advertising tools for this purpose.

The collected data may also be used to improve our chatbots and their response behaviour (machine learning).

The data you enter during communication will remain with us or the chatbot operator until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions, especially retention periods, remain unaffected.

The legal basis for the use of chatbots is Art. 6 (1) (b) GDPR, provided that the chatbot is used to initiate or fulfil a contract. If relevant consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) German Telecommunications Telemedia Data Protection Act (TTDSG) if the consent includes storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) as specified in TTDSG. Consent can be revoked at any time. In all other cases, the use of data is based on our legitimate interest in the most effective customer communication possible (Art. 6 (1) (f) GDPR).

5. Analysis tools and advertising

 

Google Analytics

This website uses functions provided by the Google Analytics website analysis service. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the website visitor’s behaviour. In doing so, the website operator obtains a variety of usage data, such as site visits, visit duration, the operating systems used and the user’s origin. This data is correlated with the user’s terminal device. It is not correlated with a user ID.

Google Analytics uses technologies that make it possible to recognise the user for the purposes of analysing user behaviour (e.g. cookies or device fingerprinting). The information that the cookie generates during usage of this website is generally transferred to a Google server in the US and stored there.

This service is used based on your consent in compliance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. Consent can be revoked at any time.

Data transfer to the US is in compliance with the EU Commission’s standard contractual clauses. You will find the details here:
https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have enabled the IP anonymization function on this website. This means that Google shortens the user’s IP address within a Member State of the European Union or within another state which has signed the European Economic Area Agreement. A full IP address is transferred to a Google server in the US and shortened there in exceptional cases only. Google will use this information to evaluate your usage of the website, compiling reports on website activity for this website’s operator and providing other services relating to website activity and Internet usage to the website operator. Under no circumstances will the IP address that your browser provides for Google Analytics be linked to other Google data.

 Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You will find more information on how Google Analytics handles your user data in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic features at Google Analytics

This website uses the Google Analytics Demographic features function to show website visitors suitable online ads within the Google advertising network. This function can be used to produce reports to obtain information on website visitors’ ages, gender and interests. This data comes from interest-based advertising by Google and visitor data from third-party providers. This data cannot be correlated with a specific person. You can disable this function at any time in your Google account ad settings or prohibit collection of your data by Google Analytics in general as indicated under Objection to data collection.

Order processing

We have concluded an order processing agreement with Google and fully meet the German data protection authorities’ strict requirements when using Google Analytics.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising platform provided by Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms into Google (keyword targeting). Moreover, targeted advertisements can be shown based on the user data available from Google, such as location data and interests (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing items such as what specific search terms have resulted in our advertisements being displayed and how many times users have clicked on these advertisements.

This service is used based on your consent in compliance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. Consent can be revoked at any time.

Data transfer to the US is in compliance with the EU Commission’s standard contractual clauses. You will find the details here:
https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

6. Plugins and tools


YouTube with extended data privacy

This website incorporates videos from the YouTube website. The YouTube website operator is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in advanced data privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, disclosure of data to YouTube partners is not necessarily prevented by the advanced data privacy mode. YouTube establishes a connection to the Google DoubleClick network regardless of whether you look at a video or not.

If you start a YouTube video on this website, a connection is established to the YouTube servers. During this process, the YouTube server is informed which of our web pages you have visited. If you are logged into your YouTube account, you allow YouTube to correlate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

After you start a video, YouTube can also store cookies on your terminal device or use similar recognition technologies (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used to collect video statistics, improve the user experience and prevent fraud among other things.

If necessary, further data processing operations may be triggered after a YouTube video is started, over which we have no control.

YouTube is used to provide an appealing presentation of our online services. This represents a legitimate interest as per Art. 6 (1) (f) GDPR. If relevant consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) German Telecommunications Telemedia Data Protection Act (TTDSG) if the consent includes storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) as specified in TTDSG. Consent can be revoked at any time.

You will find more information about data privacy on YouTube in its data privacy statement at: https://policies.google.com/privacy?hl=en.

 

Status: December 2022

General information

We value your trust. This means we take the protection of your personal data very seriously. We treat your personal data with confidentiality and in accordance with the provisions of data privacy law and this data privacy statement.

When you use the IT’S MY BIKE service portal, we collect a variety of personal data. This data privacy statement explains the data that we collect and what we use them for. It also describes how this is carried out and why.

 

Who is responsible for IT’S MY BIKE data processing?

 The operator handles data processing for this app.

IoT Venture GmbH

c/o HUB 31

Hilpertstrasse 31

D-64295 Darmstadt
Germany

Phone: +49 800 0060751

Email: info(at)-venture.com

 

How can you contact the Data Protection Officer?

 Email: datenschutz@iot-venture.com

 

What data do we process?

 Mainly the following data categories are processed for the use of IT’S MY BIKE services:

  • The user’s contact and contract details
  • Bicycle data
  • The IT’S MY BIKE tracker’s/e-bike’s location data
  • Journey data
  • Payment and account details
  • IP address

 

What do we use your data for? What is the legal basis?

 Data need to be processed to use the IT’S MY BIKE services and to locate your bike if you report it missing. Data need to be processed to comply with contracts and processing has its legal basis in Art. 6 (1) (b) GDPR.

When the IT’S MY BIKE app is used, data are primarily technical data which we save as server log files for reasons of our legitimate interest (as per Art. 6 (1) lit. f GDPR):

  • The operating system used
  • IP address

Such data is not combined with other data sources.

We also use anonymised location and journey data to analyse, further develop and improve our services. The legal basis for such usage is Art. 6 (1) (f) GDPR.

 

Who receives your data?

 Within our company, the only persons and offices who receive your personal data are those who require them to fulfil our contractual or statutory obligations.

If several users are registered with a tracker number, the name that you used to register will appear alongside the other users of the same tracker.

We may also transmit your personal data to other recipients outside the company if this transmission is used to fulfil contractual and statutory obligations. These recipients may be contractual partners such as payment service providers. The data are processed due to contractual obligations according to Art. 6 (b) GDPR.

We use different service providers to fulfil our contractual and legal obligations. This is the case with data hosting, for example. The data are stored on servers within the EU. No data are transferred to any other countries outside the EU.

If, in exceptional cases, data are stored on servers in the US, we ensure that all legal requirements are met to do so and that additional security measures are taken to rule out unauthorised access to personal data.

 

What are your rights with respect to your data?

 You have the right to receive information on the source, recipient and intended use of your stored personal data free of charge at all times. You also have the right to request rectification, suspension or erasure of such data. You may contact us or our Data Protection Officer at any time for further information on this topic or matters related to data privacy. Moreover, you also have a right of appeal to the competent supervisory authority. The competent supervisory authority for matters of data privacy law is the State Data Privacy Authority in the German Federal State of Hesse, where the company has its registered office. You will find a list of data protection authorities and their contact details at: https://www.bfdi.bund.de/ZASt/EN/Home/home_node.html

 

Date: January 2023

null