I. General Information
II. Data processing in our App
III. Our Third-Party Providers
IV. Miscellaneous and closing
I. General Information
What is personal data?
Personal Data is information by which you can be directly or indirectly identified ("Personal Data"). This generally includes information such as your name, address, email address and telephone number; however, it may also include other information such as your IP address, shopping habits, lifestyle habits or preferences such as interests.
What is processing?
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
What is the applicable data protection law?
As a Germany based Company, we are bound to follow the Federal Data Protection Act (“BDSG”) and the General Data Protection Regulation (“GDPR”).
Who is the supervisory authority?
The Bavarian State Office for Data Protection Supervision provides advice and information for individuals about protecting personal information. They also enforce privacy laws and are the for us relevant data protection authority. Youcan find the contact details of the Bavarian State Office for Data Protection Supervision on their website (www.lda.bayern.de).
Who is the responsible for processing personal data?
The responsible party within the meaning of the BDSG and the GDPR is:
SCHBAIO GERMANY GMBH,
Hansastr 18, 80686
(Hereinafter referred to as "we", "us" or "our")
What are the legal bases of processing personal data?
The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:
- Consent: the individual has given clear consent to process personal data for a specific purpose.
- Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
What are your rights?
You have the following rights with respect to us processing your personal data:
- Right of access
- Right to rectification
- Right to restriction of processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object
- Right of withdrawal
- Right to complain to a supervisory authority
We encourage you to contact us if you have any information requests, requests for information or objections about data processing or concerns. However, you also have the right to file a complaint with your local supervisory authority. Nonetheless, we would appreciate it if you would contact us with your concern before turning to a supervisory authority.
II.Data processing in our App
Provision of the app and creation of log files
The legal basis for the processing of your personal data in the context of the provision of the app and the creation of log files is our legitimate interest. The temporary storage of your personal data by us is necessary to enable delivery of the App's functionality. For this purpose, your personal data must be stored for the duration of the session. Data that may be collected when using the App, i.e., IP address, IP location, Geolocation, type and version of the end device used, information on the mobile network used, time zone settings, operating system and platform. The storage of your personal data in log files is done to ensure the functionality of the App. In addition, we use your personal data to optimise the App and to ensure the security of our information technology systems. Your personal data is not processed in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of your personal data for the provision of the App, this is given as soon as you close the App. In the case of storage of your personal data in log files, these are deleted after 30 days at the latest. If the data is stored beyond this period, your personal data will be anonymised so that it can no longer be assigned. The collection of your personal data for the provision of the App and the storage of your personal data in log files is absolutely necessary for the operation of the App. Consequently, there is no possibility for you to object.
Customer account registration
The legal basis for the processing of your personal data in the context of customer account registration is the performance of a contract. Your registration enables in particular the conclusion of contracts as well as the maintenance of our customer relationship. We collect data when you create or update your account, and this may depend on how you use our App.
As a user of our services (“Rider”) this will include your name, email, phone number, login name and password, address, profile picture, payment or banking information, travel information, time of booking, time of starting and completing the fare, pick up, drop off location, route taken.
As a provider of services (“Driver”) this will include your name, email, phone number, login name and password, address, profile picture, payment or banking information, driver’s license and other government identification documents, birth date, gender, and photo, vehicle or insurance information, emergency contact information, and evidence of health or fitness to provide services and driver history or criminal record, license status, known aliases and prior addresses, where applicable, time of starting and completing the fare, pick up, drop off location, route taken.
The processing of your personal data within the scope of registration is therefore necessary for the fulfilment of a contract or the implementation of pre-contractual measures as well as the successful maintenance of our relationship. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case at the latest in the event of the termination of your customer account. You have the option to cancel your customer account registration at any time. In this case, your personal data will be deleted unless legal retention periods prevent deletion.
The legal basis for the processing of your personal data transmitted in the course of you contacting us is our legitimate interest. If the contact aims at the conclusion of a contract, the performance of a contract is an additional legal basis for the processing of your personal data. The processing of your personal data in the event of a contact serves us solely to process your request.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the personal data sent in the course of contacting us when your request has been processed and legal retention periods do not prevent deletion. You have the option at any time to object to the processing of your personal data in the context of contacting us for the future. In this case, however, we will not be able to process your request any further. All personal data stored in the course of contacting you will be deleted in this case, unless legal retention periods prevent deletion.
Launching the App
Every time you start the App, your data is synchronized, and your device communicates with our server via a signed token. The transfer is automatic and is a prerequisite for the secure functioning of the App and is therefore mandatory.
General app accesses
As with every server request, information such as IP address, user agent, etc. is transmitted and stored anonymously for 30 days in the server log. The provision of personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data could result in you not being able to use our App or not being able to use it to its full extent.
Network access data
The provision of network access data is necessary if you wish to make full use of our App. However, failure to provide this data could result in you not being able to use our App or not being able to use it to its full extent. Your data will be treated confidentially by us and deleted if you revoke the rights of use, or they are no longer required for the provision of services and there is no legal obligation to retain them.
When you use the app, you will receive so-called push messages from us, even if you are not currently using the app. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your end device.
Authorizations and access
We may request access or permission from your mobile device for certain features (internet, vibration, your location, and push notifications). The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures.
The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deactivate push notifications at any time via Settings/Messages (iOS) or Settings/Notifications/ (Android).
Push notifications for advertising purposes will only be sent to you if you have given your prior consent. The legal basis for sending promotional push notifications is consent. Deactivation is also possible via Settings/Messages (iOS) or Settings/Apps/ (Android).
You can stop the collection of data by the App by uninstalling it using the standard uninstall procedure for your device.
The legal basis for the processing of your personal data in the context of direct marketing measures is either your consent or our legitimate interest in marketing and promoting our courses and services. The purpose of processing your personal data in the context of direct marketing measures is to send information, offers and, if applicable, to promote sales.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected; this is the case in particular upon receipt of the revocation or objection. You can revoke your consent at any time for the future or object to the processing of your personal data in the context of direct marketing measures at any time for the future.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defence and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.
III. Our Third-Party Providers
The App uses the Firebase tool, which is part of the Firebase platform of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to obtain statistics on how the App is used, in particular active user numbers, session length, stability rating and storage time. Answers logs the use of the app and we evaluate user behaviour and user activity in general, i.e. not on a personal basis.
For this purpose, the following data is transferred to the Analytics Engine: name and AppStore ID, build version, individual device installation key (e.g. IDFA [iOS], Advertising ID, and Android ID), timestamp, device model, device name, device operating system name and version numbers, the language and country settings of the device (iOS), the number of CPU cores on the device (iOS), whether a device has the status "jailbreak" (iOS) or "root " (Android), app lifecycle events (iOS) and app activities (Android);
The legal basis for this data processing is our legitimate interest. The data collected via Google will be deleted after 6 months at the latest. You can select in the settings under data services whether or not you want to send data to Google.
Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
IV. Miscellaneous and closing
Transfer of personal data to a third country
In the course of processing your personal data, we may transfer your personal data to trusted and specially selected service providers in third countries. Third countries are countries that are outside Germany or the European Economic Area. In doing so, we only work with service providers who can provide us with suitable guarantees for the security of your personal data and guarantee that your personal data will be processed in accordance with strict data protection standards. In the present case, it is not excluded that we transfer data to service providers in the USA.
Online Payment, Secure data transmission and Credit card information
The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us but will be encrypted and collected directly from our payment service provider via hypertext transfer protocol secure ("https").
For security reasons and to protect the transmission of content, that you send to us, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Obligation to provide personal data
You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.
Automated individual decision-making including profiling
We do not make automated decisions in individual cases, including profiling.
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address or phone records.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Our App is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
You can stop all information collection by our App by uninstalling it using the standard uninstall process for your device. If you uninstall the app from your mobile device, the unique identifier associated with your device will continue to be stored. If you re-install the application on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
If you have any questions, please do not hesitate to contact us.