fbpx

Introduction

Would you like to know how we deal with data protection? It is important to us to educate you about this. Because when you use our services and services, we process personal data from you. We do this primarily to process your orders, e.g. the matching of drivers and passengers, and to improve our offers and services. However, we do this responsibly and only to the extent permitted by the applicable data protection laws, in particular the EU General Data Protection Regulation.

We will not do this and anything else that happens with your data in secret, but with the necessary transparency. Therefore, we inform you here comprehensively about the what, how and why of such processing. We have also compiled all relevant mandatory information that we have to provide in accordance with the EU General Data Protection Regulation here for you.

This Privacy Notice applies to all online offers and services available through www.tramling.com (“SITE”) or our App (“APP”). These are hereby simply called “SERVICES”.

Commuter Services GmbH in 82057 Icking (CSG) is responsible for the protection of your personal data and compliance with the EU General Data Protection Regulation (GDPR). It operates the above offers and services. Further contact details, contact persons and mandatory information about the CSG can be found in the imprint.

If you still have questions about data protection to CSG or would like to exercise your rights in matters of data protection (see below), please contact our data protection officer. You can reach him at the e-mail address datenschutz@tramling.com .

Competent authority within the meaning of the General Data Protection Regulation (GDPR): Bavarian State Authority for Data Protection.

The most important thing in short: We do not transfer your data (sale, rental) to third parties and do not trade addresses.

I The most important things summarized at a glance

What data is collected when using our services?

We collect the customer data, visitor data and survey datadefined in detail below.

Data enrichment. We sometimes enrich your data set with our own observations, e.g. which of our subpages you have used.

No sensitive data. Data protection law particularly sensitive data (so-called special categories of data according to Article 9 GDPR – for example on health status, ethnicity, worldview, genetics, intimacy) we do not ask at any point. Similarly, there are no services or offers specifically tailored to children.

Why is this data processed?

The processing of personal data is carried out for the purposes defined in detail below. The processing of your data is carried out lawfully on the basis of the EU General Data Protection Regulation ( General Data Protection Regulation), and this is – depending on the case – specifically on the basis of your consent, a conclusion of a contract with you, for the fulfilment of legal or regulatory requirements and/or after consideration of legitimate interests in individual cases (see GDPR Article 6 paragraph 1 letters (a), b), (c) and (f)). Insofar as we process data on the basis of consent or on the basis of a balance of legitimate interests, we only do so as long as you do not object or revoke your consent. We will explain more details below.

Do data also go to third parties or to other EU countries?

CSG waives the commercial transfer of your data (sale, rental) to third parties and does not trade addresses. But there are things that others can do better than us. That’s why we’ve hired some service providers. We commission our service providers in accordance with the requirements of the EU General Data Protection Regulation and, for example, have us explain technical and organisational measures with which the service providers protect the personal data entrusted to you against misuse.

CSG operates its own servers, if necessary, exclusively in the EU. Some of the IT service providers we have commissioned do not have their registered office within the EU or the European Economic Area (EEA) or store and process personal data there. In the opinion of the EU Commission, in these areas the same level of data protection as in Germany exists anyway, we insist on the safeguards required under data protection law for such a transfer abroad. As a rule, this is the conclusion of a data protection contract (so-called EU standard contractual clauses) stipulated by the EU Commission, especially for transfers to the USA, as well as the participation of the service provider in the so-called EU-U. S. Privacy Shield.

In some cases, we also pass data to third parties, while complying with data protection regulations, who then process the data independently. This includes, for example, the services of social media providers such as Facebook, Google, Twitter or Pinterest, for example, if you share and distribute content that you have seen with us with these or similar providers. We will explain more details below.

II The individual data processing in detail

In order to give you an easier overview, we have structured the exact details of the data processing according to so-called processing activities, which each describe the purpose of the processing.

A. Order initiation and order processing

If you order us (e.g. app download, filling out web forms, etc.), we ask for data(customer data) via the corresponding forms, which are necessary or useful for fulfilling the order. Additional customer data may arise during the processing of the order, e.g. GPS data, etc.

This customer data includes e-mail address, (user) name, salutation, password, address, telephone number, date of birth, payment information, GPS data.

In some cases, personal data is also provided to us by third parties when using individual functions or services. This is the case, for example, if you use sign-in services, such as Facebook, to sign in to our service.

The purpose of this processing is to initiate and process orders.

The legal basis for collecting this data is order processing.

The customer data will be processed after the expiry of the statutory retention periods, in particular tax and commercial
usually 10 years, deleted.

We transmit parts of this data to service providers, such as payment providers, hosted software solutions and IT service providers, for order fulfillment. Service providers are almost exclusively based in the EU or only process the data in the EU. Exceptions to this are:

*Atlassian
Offer: Providing a Wiki and Ticketing Tool
Address: Atlassian Pty Ltd, Level 6, 341 George St, Sydney NSW

We also insist on the data protection required for such a transfer abroad for service providers outside the EU.

Notes on other providers

Customer account registration via Facebook

In some cases, you can also sign up for a customer account with your Facebook credentials. In doing so, CSG will transmit some of the data you have stored on Facebook, in particular your e-mail address, date of birth and gender, as well as other publicly available information. As a rule, Facebook provides more detailed information about the data that is transmitted to the site before such a registration. Using the feature with Facebook may result in further personal data being collected by Facebook, as well as possibly being transferred, stored and used outside the scope of EU data protection rules. These data collection and use are the responsibility of Facebook. We do not know how Facebook handles the data exactly. For more information about this way of connecting to Facebook and the privacy settings available there, please refer to Facebook’s privacy policy and terms of use, which are available under www.facebook.com/about/privacy. abrufbar sind.

B. Website Visitors Analysis

When you visit our website, we collect data that your web browser you use to access our website sends to us(visitor data). This visitor data includes details about the web browser, operating system, origin of the previously visited page, the IP address or the host name of the accessing computer, as well as the time of the page request. The visitor data is pseudonym data, which csG does not allow a direct inference about your person.

The purpose of this processing is to analyze website visitors.

The legal basis for processing is to safeguard our legitimate interests. In this case, these are the safe operation and the continuous optimization of our offer.

The erasure periods are based on the legal requirements. The visitor data stored at CSG will be deleted after the end of the evaluation phase (usually 6 months).

We transmit parts of this data to service providers, such as hosted software solution providers, IT service providers and tracking solutions providers. Service providers are almost exclusively based in the EU or only process the data in the EU. Exceptions to this are:

*Atlassian
Offer: Providing a Wiki and Ticketing Tool
Address: Atlassian Pty Ltd, Level 6, 341 George St, Sydney NSW

*Google
Offer: Tracking Provider (Analytics), Advertising Platform (Adwords, Retargeting),
Request Classification Tool (Recaptcha)
Address: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

We also insist on the data protection required for such a transfer abroad for service providers outside the EU.

Notes on other providers

Cookies

The site uses so-called cookies. Cookies are small text files that are also stored by your browser on your computer and contain pseudonymized data, partly in conjunction with statistical probabilities of demographicinformation such as age, gender or interests. Cookies do not cause any damage to your computer and do not contain viruses. Similarly, CSG cannot inference about you on the basis of this data. When individual areas of the site are accessed, cookies are sometimes set, which remain stored on the site beyond your current visit (so-called session).

Cookies are used by CSG on the one hand to enable certain functionalities of the site. In addition, cookies are used to increase the user-friendliness of the site and to make it as individual and as suitable as possible for each call. Such cookies are not only set by the site or CSG itself, but also by third parties, such as Google (see the corresponding notices). If you do not wish to use cookies or wish to delete existing cookies, you can switch them off and remove them via your internet browser. The following links provide help for deleting cookies for the most common browsers
*Internet Explorer (https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies).
*Mozilla Firefox (https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored).
*Safari (https://support.apple.com/kb/PH19214?viewlocale=en_US&locale=de_DE).
*Google Chrome (https://support.google.com/chrome/answer/95647?co=GENIE.Platform3DDesktop&hl=de)

Google

This website uses the web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”) to analyse the use of the website. A cookie is set for this purpose. The information generated by this cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and processed there. This allows a user’s activities to be recorded and analyzed across devices.

The collection and storage of data by Google Analytics can be objected to at any time with effect for the future. You have the option to install a browser plug-in issued by Google. This is available for different browser versions and can be downloaded from here. You can also control the ads you see when you use Google Services (retargeting) from your profile.

In order to ensure sufficient data security when submitting forms, we use the reCAPTCHA service of The Company Google Inc. in certain cases. This is primarily used to distinguish whether the input is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, any other data required by Google for the service reCAPTCHA to Google. The different privacy policy of Google applies to this.

Some pages of our offer may include links and, in rare cases, so-called embedding of videos on YouTube. YouTube is an offer from Google Inc. The purpose and scope of The Data Collection and Use by Google, as well as your rights and settings for protection as a YouTube customer, can be found in YouTube’s Privacy Policy.

To prevent Google from collecting information about you during your visit to our SERVICES, you can log out of Google before you start your visit to our SERVICES and delete a possibly existing Google cookie from your browser.

C. Email Marketing

If you order us and give us your email address as part of the assignment, then this will be saved(email marketing data).

The purpose of this processing is to use this email address for your own marketing activities.

The legal basis for processing is to safeguard our legitimate interests. In this case, this is the possibility to inform you about changes to our offers such as the opening of further stops or routes.

The stored email marketing data will be deleted if you revoke your associated assignment and no legal retention periods stand in the way of this.

We transmit parts of this data to service providers, such as providers of hosted software solutions, IT service providers and providers of email marketing solutions. Service providers are almost exclusively based in the EU or only process the data in the EU. Exceptions to this are:

*Atlassian
Offer: Providing a Wiki and Ticketing Tool
Address: Atlassian Pty Ltd, Level 6, 341 George St, Sydney NSW

*The Rocket Science Group LLC d/b/a Mailchimp
Offer: Provider of email marketing tools
Address: The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

We also insist on the data protection required for such a transfer abroad for service providers outside the EU.

You can object to this use of your email marketing data at any time by sending a message to the contact option described in the imprint or via a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.

III Your rights as a data affected

In accordance with the EU General Data Protection Regulation (See Article 15), you have the right to request information on your personal data (see Article 15), as well as a correction (see Article 16), deletion (see Article 17) or at least the restriction of processing (see Article 18) to request your personal data.

They also have the right to data portability (see Article 20). In addition, you have the right, of course, to revoke consent to the processing of personal data at any time (Article 7), as well as to object to processing based on the balance of legitimate interests (see Article 21 paragraph 4 GDPR). In addition, you have the right to complain to the relevant data protection supervisory authority.

If you have any questions about this or about data protection in general, or if you would like to exercise your rights in matters of data protection, please contact our data protection officer. You can reach him at the   e-mail address datenschutz@tramling.com.

We reserve the right to adapt this Privacy Policy and will announce any changes in good time.

As of: January 2020