Privacy

Privacy Policy Roadsurfer GmbH

Privacy policy Roadsurfer GmbH

The following notices inform you about the processing of personal data carried out by Roadsurfer GmbH, Winzererstraße 47D, 80797 Munich, Germany (hereinafter "roadsurfer" or "we") in accordance with the General Data Protection Regulation (hereinafter "DSGVO") and the Federal Data Protection Act (hereinafter "BDSG").

 

__________________________________________________________________________________

 

Table of contents

 

General notes

Section I.            Information requirements

Section II.           Responsible entity and data protection officer

Section III.          Data processing on this website

Section IV.          Your rights

Section V.           Section V Analysis Tools, Plugins/Pixels, Advertising, Support and Contact, Payment Service Provider and Trusted Shops

Section VI.          Special features of my.roadsurfer, roadsurfer spots, roadsurfer Rent, roadsurfer subscription and our online store

Section VII.        Data security and reservation of right of modification

__________________________________________________________________________________

 

 

 

 

General notes

 

As a visitor to our website, you expect a high level of quality not only from our services, but also in the processing of your personal data. Therefore, we process personal data in strict accordance with the requirements of the GDPR and national data protection laws and only if a legal provision allows it or you have given us your consent. Personal data includes all data by which you are identified or identifiable.

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

According to the GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more particular personal characteristics ("personal data"). Data that can only be attributed to a legal entity does not constitute personal data and is therefore not subject to the provisions of this Privacy Notice or the GDPR.

Below you will find information about the controller of your personal data, and the

Data Protection Officer of the Controller (Section II) and about your rights in relation to the processing of your personal data (Section IV). In addition, below you will find information about the processing of your personal data (Section III) as well as information in connection with the website and the offers provided on the website. You can see how we process the data of business partners and applicants in Section I as well as in our special data protection notices deposited there.

 

Section I.     Duty to inform

 

I)        Website visitors

 

Privacy information for the use of our website can be found below in section III-VII.

 

II)      Business partner

 

Supplementary information on how we process business partner data can be found here: https://roadsurfer.com/de-de/datenschutz/geschaeftspartner/

 

III)    Applicant

 

Supplemental information on how applicant data is processed can be found here: https://roadsurfer.com/de-de/datenschutz/bewerber/.

 

IV)    Social media services

 

The supplementary privacy policy for a data processing in relation to social media channels can be found here: https://roadsurfer.com/de-de/datenschutz/social-media/.

 

 

Section II.   Responsible entity and data protection officer

 

Who is responsible for the data collection on this website?

 

Data processing on this website is carried out by roadsurfer. The full contact details can be found in the imprint of this website.

 

Contact details of the data protection officer

 

You can contact roadsurfer's company data protection officer at

 

E-mail: datenschutz@roadsurfer.com

 

 

 

 

 

 

 

 

 

 

 

Section III.                       Data processing on this website
 

I)        How do we collect your data?

 

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.

 

II)      What do we use your data for?

 

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior (see below under Cookies and Section V).

 

III)    Newsletter

 

If you have consented, we will transfer the personal data you entered in the newsletter input mask as well as the logging data of your opt-in to roadsurfer GmbH, so that you will also receive newsletters from roadsurfer GmbH containing promotional information about their products and/or services. Data processing by roadsurfer GmbH is governed by the data protection declaration of roadsurfer GmbH, which can be found at https://roadsurfer.com/dede/datenschutz.

 

If you have expressly consented in accordance with Art. 6 Para. 1 lit. a DSGVO or § 25 Para. 1 TTDSG, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. If you subscribe to our e-mail newsletter, we will send you information about our offers on a regular basis. Mandatory information for sending the newsletter is only your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on an appropriate link.

 

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG. When you register for the newsletter, we store your IP address as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter. Alternatively, you can also send your unsubscribe request at any time by e-mail to datenschutz@roadsurfer.com. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately.

 

For the newsletter dispatch we use Mailchimp. You can find more details in section V.

 

 

 

IV)    Third-party analytics and tools

When visiting this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information on these analysis programs can be found in section V of this privacy policy.

 

V)      External hosting via Hetzner

 

We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter Hetzner).

 

For details, please refer to Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.

 

The use of Hetzner is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

 

Job processing

 

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

for the booking route:

·       Amazon AWS

 

We use the Amazon Web Services ("AWS") service of Amazon Web Services to host the database and web content,

Inc, P.O. Box 81226, Seattle, WA 98108-1226, USA.

 

The data is stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. Of course, there are strictly limited access rights on our part and the data is automatically encrypted. AWS has concluded an order processing contract with us. You can find more information about AWS and data protection at https://aws.amazon.com/de/compliance/germany-data-protection/.

 

For more information on how to use roadsurfer spots, my.roadsurfer and our online store, click here.

 

VI)    Cloudflare

 

We use the service "Cloudflare". The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

 

Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website through Cloudflare's network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. In doing so, Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

 

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f DSGVO).

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/

 

Job processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

VII)  Storage duration

 

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

 

VIII)           Note on data transfer to the USA and other third countries

 

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

 

IX)    Cookies

 

Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

 

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies).

Party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

 

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by them (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO (legitimate interest), unless another legal basis is specified. Roadsurfer has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the relevant cookies is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

 

You can revoke your consents in connection with cookies here or via the "fingerprint icon".

 

X)      Consent with Usercentrics

 

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

 

When you visit our website, the following personal data is transferred to Usercentrics:

 

·       Your consent(s) or revocation of your consent(s) Your IP address

·       Information about your browser

·       Information about your terminal device

·       Time of your visit to the website

 

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent given to you or its revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

 

 

Job processing

 

We have concluded an order processing contract with Usercentrics. This is a contract required by data protection law, which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

 

XI)    Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

 

·       browser type and browser version operating system used

·       Referrer URL

·       Host name of the accessing computer

·       Time of the server request

·       IP address

 

This data is not merged with other data sources. The collection of this data takes place on

Basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the technically error-free presentation and optimization of our website - for this purpose, the server log files must be collected. This data is generally deleted after 7 days.

 

XII)  Contact form

 

If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you enter there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.

 

We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.

 

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

 

 

 

XIII)            Request by e-mail, phone or fax

 

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

 

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

 

 

Section IV.                       Your rights

 

I)        What rights do you have regarding your data?

 

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

 

II)      Revocation of your consent to data processing

You can revoke your consent at any time by contacting us at datenschutz@roadsurfer.com or, if it concerns consent in connection with cookies, here. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

III)    Right of objection in special cases and against direct marketing (Art. 21 DSGVO)

 

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21 (1) DSGVO).

 

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) DSGVO).

TO EXERCISE YOUR RIGHT OF OBJECTION, SIMPLY SEND AN E-MAIL TO DATENSCHUTZ@ROADSURFER.COM.

 

IV)    Right of appeal to the competent supervisory authority

 

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

The data protection authority responsible for us is:

 

Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

E-mail: poststelle@lda.bayern.de

 

V)      Right to data portability

 

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

 

VI)    Information, deletion and correction

 

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

 

VII)  Right to restriction of processing

 

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may only be processed - apart from its storage - with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

 

 

 

Section V.  Section V Analysis tools, plugins/pixels, advertising, support and contact, payment service providers and Trusted Shops

 

I)        Analysis tools

 

1.       Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

 

The use of Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

 

2.       Google Analytics

 

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. An assignment to a device ID does not take place.

 

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

 

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

 

Browser plugin

 

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

3.       Google Ads

 

This website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

 

4.       Google Conversion Tracking

 

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

For more information on Google conversion tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

 

5.       Google DoubleClick

 

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").

DoubleClick is used to show you interest-based advertisements throughout the Google advertising network. The advertisements can be targeted to the interests of the respective viewer with the help of DoubleClick. For example, our ads may be displayed in Google search results or in banner ads associated with DoubleClick.

 

In order to be able to display interest-based advertising to users, DoubleClick must be able to recognize the respective viewer and associate the web pages visited, clicks and other information on user behavior with them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the relevant user.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

For further information on how to object to the advertisements displayed by Google, please refer to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

 

6.       Google Web Fonts

 

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. Through this, Google obtains knowledge that this website was accessed via your IP address. The data processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG; the consent can be revoked at any time. If your browser does not support web fonts, a standard font from your computer will be used. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de

 

7.       Google Web Fonts (local hosting)

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

 

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google's privacy policy: https://policies.google.com/privacy?hl=de.

 

 

8.       Hotjar

 

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

 

Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer on a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.

 

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

 

Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or use of device fingerprinting).

Insofar as consent has been obtained, the aforementioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f DSGVO; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

 

Disable Hotjar

If you wish to disable data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/

Please note that disabling Hotjar must be done separately for each browser or device.

 

For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

 

Job processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

9.       Matomo

 

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.

 

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

 

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

IP anonymization

We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Hosting

We host Matomo exclusively on our own servers, so all analytics data remains with us and is not shared.

 

II)      Social media pixels and plugins

 

1.       Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

 

In this way, the behavior of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

 

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

 

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at:

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

 

You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

 

You can also disable the Custom Audiences remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

 

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

2.       Pinterest Pixel

 

Our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston

House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest")), which enables us to display relevant advertising and offers on Pinterest to website visitors who are already interested in our website and content/offers and are Pinterest members. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages with your consent pursuant to Art 6 (1) lit. a DSGVO or § 25 (1) TTDSG, via which Pinterest is informed when you visit our website that you have called up our website and in which parts of our offer you were interested. You can deactivate the collection of data for the display of interest-based advertising on Pinterest at any time in your account settings on Pinterest at https://www.pinterest.de/settings or at https://help.pinterest.com/de/article/personalization-and-data#info-ad.

 

3.       TikTok Pixel

 

We use the pixel of the provider TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH ("TikTok") on our website.

 

With the help of the TikTok pixel, in the case of granting your explicit consent, in accordance with the legal basis Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG (revocable at any time), a connection is established with the TikTok servers when you visit our website, in order to track your behavior on our website and to be able to analyze your interactions on our TikTok site, so that we can capture the image of our company and our products and better understand the wishes and needs of our users, as well as enable timely communication with you.

 

Personal data such as your IP address, email address and other information such as device ID, device type and operating system may be transmitted to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account. This allows TikTok to display targeted and personalized advertising to its users and to create interest-based user profiles. The collected data is anonymous and not visible to us and is only used by us in the context of measuring the effectiveness of ad placements.

In principle, your data is processed within the EU or the EEA. For this purpose, a corresponding data protection agreement has been concluded with TikTok. The privacy policy of TikTok can be found here:

https://www.tiktok.com/legal/new-privacy-policy?lang=de-DE

 

4.       YouTube

 

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

 

Furthermore, YouTube may store various cookies on your terminal device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

 

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

 

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

 

5.       Social media plug-ins of the social media platforms

 

On our website, we have integrated so-called social media buttons (plug-ins) from the social media platforms Instagram, YouTube and Facebook, the click of which takes you directly to our respective social media profile.

You can find more information about the processing of personal data on the website of the respective social media platform and in our privacy policy for data processing in relation to social media. The respective provider is responsible for the processing of your personal data.

 

 

6.       Google Maps

 

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

 

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

 

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

 

7.       Google Photos

 

We use the online service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images embedded on our homepage.

 

Embedding is the integration of a certain foreign content (text, video or image data) that is provided by another website (Google Photos) and then appears on our own website (our website). For embedding, a so-called embedding code is used. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our web pages is visited.

 

Through the technical implementation of the embed code that enables the display of images from Google Photos, your IP address is transmitted to Google Photos. Furthermore, Google Photos collects our website, the browser type used, the browser language, the time and the length of access. In addition, Google Photos may collect information about which of our sub-pages you visited and which links were clicked, as well as other interactions you performed while visiting our site. This data can be stored and analyzed by Google Photos.

 

These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a DS-GVO.

 

You can view Google's privacy policy at: https://www.google.com/policies/privacy/

 

8.       Spotify

 

On this website, functions of the music service Spotify are integrated. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the Spotify plugins by the green logo on this website. You can find an overview of the Spotify plugins at: https://developer.spotify.com

 

This allows a direct connection between your browser and the Spotify server to be established via the plugin when you visit this website. Spotify thereby receives the information that you have visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website on your Spotify profile. This allows Spotify to associate your visit to this website with your user account.

We would like to point out that cookies from Google Analytics are used when using Spotify, so that your usage data can also be passed on to Google when using Spotify. Google Analytics is a tool of the Google Group for analyzing user behavior based in the USA. Spotify is solely responsible for this integration. We as the website operator have no influence on this processing.

 

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the appealing acoustic design of its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

 

For more information, please see Spotify's privacy policy: https://www.spotify.com/de/legal/privacy-policy/

 

If you do not want Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify user account.

 

III)    Advertising

 

1.       Microsoft Advertising Bing

 

On the website, we use technologies from Bing Ads (bingads.microsoft.com), which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"), with your consent pursuant to Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG. In the process, Microsoft sets a cookie on your terminal device if you have accessed our website via a MicrosoftBing ad. In this way, Microsoft and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a previously determined target page ("conversion site"). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user is processed.

 

2.       Mailchimp

This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on Mailchimp's servers in the USA.

 

With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (known as a web beacon) connects to Mailchimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

 

If you do not want any analysis by Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

 

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

 

For more details, please refer to Mailchimp's privacy policy at: https://mailchimp.com/legal/terms/.

 

Job processing

 

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

3.       Outbrain

 

We have integrated Outbrain on this website. The provider is Outbrain Inc, 39 West 13th Street, 3rd floor, New York, NY 10011, USA (hereinafter "Outbrain").

 

When you visit a website that includes Outbrain, Outbrain creates a pseudonymous user profile (User ID) that stores what content you have viewed or read. Subsequently, on our website or on other websites on which Outbrain is integrated, further interest-based content can be recommended to you or advertisements can be displayed. For this purpose, among other things, your device type, your IP address, your browser type, web pages visited and articles read, time of access and the device ID are stored and summarized in your User ID.

 

Insofar as consent has been obtained, the aforementioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f DSGVO; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

 

For more information, please see Outbrain's privacy policy at: https://www.outbrain.com/legal/privacy#privacy-policy.

Furthermore, you can obtain a list of all cookies used by Outbrain at the following link: https://www.outbrain.com/privacy/cookies/.

If you would like to view or customize your interest profile on Outbrain, click on the following link: https://my.outbrain.com/recommendations-settings/home.

 

4.       Piwik Pro

 

We use the web analytics software PIWIK PRO from the provider Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany, to analyze visitor flows on our website. PIWIK collects, among other things, data about the website from which a data subject came to a website, which subpages of the website were accessed or how often and for how long a subpage was viewed. We analyze the data collected with the help of PIWIK and use the insights gained for tracking our TV campaigns and optimizing our website and services. The analyses are only of a general nature. Data collected by PIWIK is stored anonymously on a server in Europe, where the IP address is shortened. This makes it impossible to draw conclusions about an individual user. Data is not passed on to third parties. The legal basis for the data processing is your consent, which can be revoked at any time, according to Art. 6 Para. 1 lit. a DSGVO or § 25 Para. 1 TTDSG.

 

The cookies used by the analysis software PIWIK PRO, are stored on the user's computer for different periods of time. The storage time of the cookies used is as follows:

 

_pk_ref: This cookie is automatically deleted after 6 months.

_pkid: This cookie is automatically deleted after one year.

_pk_ses: This cookie is deleted 30 minutes after the last action tracked.

piwik_ignore: This cookie is not automatically deleted.

 

The user can also actively remove the stored cookies through the "delete function" of the browser used. By removing the piwik_ignore cookie, the user's computer is no longer ignored by the analysis software. A renewed setting of the opt-out cookie is required.

5.       Supermetrics

The data provided by the social media network operators is transmitted to us via an interface offered by Supermetrics Oy, Kaivokatu 10 A, 001000 Helsinki Finland ("Supermetrics") and processed in the software "Google Data Studio". The use of these softwares is based on your consent, which can be revoked at any time, according to Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG. Supermetrics enables us to transmit the data provided by the social media network operators directly to Google Data Studio in order to analyze and visualize them there as a summary in the form of statistics. With the help of Google Data Studio, measures of social media appearances can be evaluated, insights into the target group can be gathered, fan engagement and the viral spread of one's own posts can be obtained. Roadsurfer has limited access to your user data. User data is essentially your publicly available profile data. In addition, we have no conclusive knowledge of the extent to which Supermetrics and Google collect your User Data and whether or to what extent Supermetrics and Google transfer your data to third parties.

 

For further guidance, please see Supermetrics' and Google's privacy policy at:

https://supermetrics.com/privacy-policy resp. https://policies.google.com/privacy

 

6.       Criteo

 

This website uses functions of Criteo. The provider is Criteo SA, 32 Rue Blanche, 75009 Paris (hereinafter "Criteo").

 

Criteo is used to show you interest-based ads within the Criteo ad network. Your interests are determined on the basis of your previous usage behavior. Here, Criteo records, for example, which products you have viewed, added to your shopping cart or purchased. You can find more details about the data collected by Criteo here: https://www.criteo.com/de/privacy/how-we-use-your-data/.

 

In order to show you interest-based advertising, we or other Criteo partners must be able to recognize you. For this purpose, a cookie is stored on your end device or a comparable identifier is used that links your user behavior with a pseudonymous user profile. For details, please refer to Criteo's privacy policy at: https://www.criteo.com/de/privacy/.

 

Your personal data and the Criteo cookies stored in your browser are stored for a maximum of 13 months from the date of collection.

Insofar as consent has been obtained, the aforementioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f DSGVO; the website operator has a legitimate interest in targeted advertising measures.

 

Criteo and we are joint controllers within the meaning of Art. 26 DSGVO. An agreement on joint processing has been concluded between Criteo and us, the main contents of which Criteo describes under the following link: https://www.criteo.com/de/privacy/how-we-use-your-data/.

 

IV)    Support and contact

 

1.       Zendesk

We use the CRM system Zendesk to process user requests. The provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA.

 

We use Zendesk to be able to process your requests quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.

 

You can send requests only with the e-mail address and without giving your name.

The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimize corporate data transfers to third countries outside the EU and EEA. Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.

 

If you are not comfortable with us processing your request through Zendesk, you may alternatively communicate with us by email, phone, or fax.

 

For more information, please see Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

 

Job processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

2.       Airtable

 

We use the database software Airtable of the provider Formagrid, Inc., 799 Market St, Floor 8 San Francisco, CA 94103, USA, to process contract data, in particular the data on purchase contracts of the users and to make it available if interested. The data processing is based on Art 6 (1) lit. b and c DSGVO. Airtable uses the users' data only for technical processing and does not pass them on to third parties. The following data is transmitted to Airtable: first name, last name, address, email, telephone number, ID card data, driver's license data, date of birth, place of birth, credit rating, SEPA information and other data voluntarily entered by the user. In the course of processing, it may be necessary for us to collect further data and also process this in the database provided by Airtable. We have concluded an order processing agreement with this company. These are standard data protection clauses in which Airtable undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. AirTable processes data on servers outside the EU. You can find more information here: https://airtable.com/privacy

 

 

 

3.       Setmore

On our website, we use the Setmore Calendar to enable you to easily book appointments. The operator of the service is Setmore, Inc, 1033 SE Main St 5 Portland, OR 97214. In addition, Setmore uses cookies on our website, which collect information about user behavior. The use of Setmore is based on your consent, which can be revoked at any time, according to Art.

 

6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG. When you visit a page with Setmore, a connection to the servers of Setmore is established. You are free at any time to make such an appointment also, for example, by telephone or e-mail. With this in mind, all input, which includes personal data, is voluntary. The data collected includes

Name, telephone number, e-mail and address and are used by us to make appointments and, if necessary, for invoicing. This information is usually transmitted to and stored on a setmore.com server in the USA. As the provider of this site, we have no influence on this data transmission. More information about the handling of user data can be found in the privacy policy of setmore.com:

https://www.setmore.com/newhomepage/jsp/privacy.jsp, https://support.setmore.com/en/articles/1784801-setmoreand-gdpr as well as in the terms of use: https://www.setmore.com/terms

 

4.       Pipedrive

 

When contacting us (via contact form or e-mail), your information will be processed for handling the contact request and its processing according to your consent. In order to be able to process and respond to your requests and messages as quickly as possible, we have connected our contact form with our customer relationship management tool Pipedrive. The data transmitted when filling out the form is transmitted to Pipedrive and stored there on Pipedrive servers. We use Pipedrive on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO or § 25 para. 1 TTDSG, which you gave us at the beginning of the communication, so that we can efficiently and quickly process user inquiries, existing customer management and new customer business. The address of Pipedrive OÜ is Mustamäe tee 3a, 10615 Tallinn, Estonia. The company is a subsidiary of Pipedrive US. For this purpose, we have concluded a contract with Pipedrive with so-called standard data protection clauses, in which Pipedrive undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. Pipedrive US is also obligated to comply with European data protection law. You can access Pipedrive's privacy policy here:

https://www.pipedrive.com/en/privacy your data will be deleted when we have processed your request and the purpose of the storage has ceased to exist and there are no other legal exceptions to the contrary.

 

5.       Zapier

We have integrated Zapier on this website. The provider is Zapier Inc, Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter Zapier).

 

Zapier allows us to link various functionalities, databases and tools to our website and synchronize them with each other. In this way, it is possible, for example, to automatically play out content that we publish on our website on our social media channels or to export content from marketing and analysis tools. Depending on the functionality, Zapier may also collect various personal data in the process.

The use of Zapier is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the most effective integration of the tools used. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zapier.com/tos

 

Job processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

Sentry

We use the Sentry service (provider Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA), within the scope of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these goals alone and does not evaluate data for advertising purposes. User data, such as details of the device or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted. For more information, please see Sentry's privacy policy: https://sentry.io/privacy/.

 

V)      Payment service provider

 

1.       Adyen

 

We use the payment service provider Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, the Netherlands ("Adyen") - a payment service provider regulated by the Dutch Central Bank (De Nederlandsche Bank NV (DNB)) - to process payments on our website. In the event of an order and accompanying order, the following data will be communicated to Adyen: Your information provided during the ordering process, together with information about your order (name, address, IBAN, BIC, invoice amount, currency and transaction number).

The legal basis for the aforementioned data processing is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b DSGVO.

 

Your data will only be passed on for the purpose of payment processing and only insofar as it is necessary for this purpose. For more information, please refer to Adyen's privacy policy (https://www.adyen.com/de_DE/richtlinien-undhaftungsausschluss/privacy-policy).

 

2.       PayPal

 

On this website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). If you select payment via PayPal, the following

Data transmitted to PayPal for payment processing: First name, last name, address, email address, IP address, phone number, cell phone number or other data necessary for payment processing (e.g. other personal data related to the order).

The transfer of your data to PayPal is based on Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). For more information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

3.       Mastercard

 

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").

 

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

 

4.       VISA

 

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").

 

The United Kingdom is considered a secure third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the European Union.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

 

For more information, see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

 

 

 

VI)    Trusted Shops Trustbadge & Trusted Shops Buyer Protection

 

We have integrated the Trusted Shops trust badge of the provider Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany, on our website in order to be able to display the Trusted Shops seal of approval and, if applicable, collected ratings as well as offers of Trusted Shops products for buyers after an order. With Trusted Shops GmbH, we are jointly responsible for data protection according to Art. 26 DSGVO. We inform you in the following about the essential contractual contents according to Art. 26 para. 2 DSGVO within the framework of this data protection notice.

 

This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1 lit. f DSGVO, which prevail in the context of a balancing of interests. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures. Further information on the data protection of Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz.

 

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.

 

After order completion, your email address, which is hashed by cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will subsequently receive the

possibility to do this for the first time. Further processing after registration is also governed by the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.

 

Within the framework of the joint responsibility existing between us and Trusted Shops GmbH, please prefer to contact Trusted Shops GmbH with data protection questions and to assert your rights using the contact options specified in the data protection information linked above. Irrespective of this, however, you can always contact the responsible person of your choice. Your inquiry will then, if necessary, be forwarded to the other responsible party for a response.

 

 

VII)  Segment

 

On the one hand, our website uses the software of Segment.com (Segment.io, Inc. 101 15th St San Francisco, CA 94103 USA). Data is collected and stored, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are evaluated to improve our offer. Cookies may be used for this purpose (see above). These are small text files that are stored locally on the end device of the site visitor and thus enable recognition when visiting our website again. The pseudonymized usage profiles are not merged with personal data about the bearer of the pseudonym without a separate, express consent to be given. You can generally inform yourself in more detail about the data protection declaration and the data protection guidelines of Segment.io and object to the anonymous analysis of your surfing behavior (opt-out) at https://segment.com/docs/legal/privacy/ as well as revoke consent via the consent management "Usercentrics" provided via our website.

 

Furthermore, we use Segment to process and send our newsletter. For this purpose, we process your e-mail address in particular and make it available to the Segment service. A processing of your personal data for sending newsletters is based exclusively on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future via the linked unsubscribe option at the end of each newsletter.

 

 

Section VI.                       Special features my.roadsurfer, roadsurfer spots, roadsurfer Rent, roadsurfer subscription and our online store

 

I)        Special features of my.roadsurfer

 

1.       Autrado

 

Our online presence uses the dealer management system "Autrado" ("DMS") of the company Matthias Mielchen Autrado, Brecherspitzenstraße 8, 81541, Germany, for marketing and managing vehicles at my.roadsurfer as well as for processing inquiries.

Munich, Germany. Within the scope of use, the provider processes the data as the responsible party. The notes and provisions on data protection can be found in the provider's data protection statement for the DMS, which you can view at any time at www.autrado.de/datenschutz.

 

The legal basis for this is Art. 6 para. 1 lit. b DSGVO (fulfillment of contract). The data transfer is necessary for the fulfillment of the contract between us and you in relation to my.roadsurfer.

 

2.       Host subdomain

 

In connection with my.roadsurfer, we use Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, as host of the subdomain https://my.roadsurfer.com/. This company processes the personal data as described here.

 

II)      Special features of roadsurfer spots

 

1.       Data processing during the use of roadsurfer spots

 

If you use the Roadsurfer Spots platform (spots.roadsurfer.com) ("Platform") and have concluded a usage agreement ("Usage Agreement") for this purpose with roadsurfer or roadsurfer GmbH, Winzererstraße 47d, 80797 Munich, Germany ("roadsurfer Spots GmbH") - a subsidiary of roadsurfer GmbH - in accordance with the Terms of Use, roadsurfer will process the following personal data in this context on the basis of Art. 6 para. 1 lit. b. DSGVO, in order to fulfill the usage contract with you and to comply with legal obligations:

 

·       Data in connection with the creation of a user account, in particular title, first and last name, contact person if applicable, address, contact details (e.g. e-mail address, telephone number), profile photo if applicable and personal description as well as other personal data voluntarily provided by you and - if you register as a landlord - payment information as well as - if you operate a business - VAT ID ("user data");

·       Data in connection with the valuation of tenancies, in particular the content of the respective valuation submitted ("Valuation Data");

·       Data in connection with communication with landlords/tenants of the platform, in particular the content of the respective communication ("Communication Data");

·       Login data of users regarding the platform, i.e. login and hash value of the password ("login data");

·       Technical analytics data; i.e., the (pseudonymous) technical communication data (e.g., IP addresses, browser settings) required to use the Platform and the (pseudonymous) data we collect about the use of the Platform (e.g., IP, cookie or device ID-based website and app usage data) to analyze and improve the Platform ("Technical Analytics Data"). For more information on cookies and tracking and analytics data, please refer to the specific sections above- in particular Section V.

·       Support Data of Users within the scope of the Services; i.e., the data and error messages ("Support Data") generated within the scope of the support, the administration of the data and the fulfillment of the rights of the Data Subjects (e.g., when processing requests for information, correction and deletion).

 

2.       Purpose and legal basis of processing user, login and support data

 

In order for roadsurfer Spots GmbH to offer and process the services described in the terms of use of the platform, for the lessee/lessor to use the platform and for the contractual relationship to be managed by roadsurfer Spots GmbH, roadsurfer Spots GmbH processes the following data: User data, login data and support data. The legal basis for the aforementioned data transfer is Art. 6 para. 1 lit. b DSGVO. The data transfer is necessary for the fulfillment of the usage contract.

 

3.       Purpose and legal basis of the processing Communication and evaluation data

 

In order to be able to assess the quality of the rental offers and to enable communication between the tenant and the landlord, roadsurfer Spots GmbH processes the following data: Evaluation data and communication data.

The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of personal data within the framework of the legitimate interests of roadsurfer Spots GmbH and the legitimate interests of the users, unless the fundamental rights, freedoms or interests of the data subject are overridden. The legitimate interests consist in the

quality analysis and provision of a communication option via the platform. For more information on the user's right to object in this context, see Section IV.

 

 

 

 

4.       Purpose and legal basis of the processing of the technical analysis data

 

Technical analysis data is collected and processed for the purpose of analyzing and improving the use or usability of the platform and the services provided on it.

 

The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of personal data within the framework of the legitimate interest of roadsurfer Spots GmbH, unless the fundamental rights, freedoms, or interests of the data subject are overridden. The legitimate interest consists in the measurement, analysis and improvement of our own offers. For more information on the user's right to object in this context, see section IV.

 

5.       Publication of data on the platform

 

The user data of the landlord - with the exception of contact data, payment data and, if collected, the VAT ID - and the rating data are published within the framework of the platform in order to publicly advertise the rental offers of the landlord and to create clarity between the parties about their identity and reliability.

 

6.       Disclosure of data to third parties

The salutation, first and last name as well as telephone number or e-mail address of the renter will be transmitted by roadsurfer Spots GmbH as contractual partner to the respective landlord of the booked rental offer in order to enable the corresponding booking of the renter via the platform. Furthermore, payment data will be transmitted to the payment service provider Adyen or PayPal as follows:

 

Adyen

Roadsurfer Spots uses the contracted external payment service provider Adyen (for more information on Adyen, the underlying legal basis, the purpose of the data transfer as well as the privacy policy of Adyen itself, see above under section V number 5).

If you book a spot via the platform as a guest, the corresponding rental fee is managed via Adyen until the end of the rental relationship, secured and subsequently distributed to the landlord after deduction of the service fee agreed with the landlord. For this purpose, the following data is transmitted to Adyen in encrypted form: the data entered by the guest

Payment data, the currency, order number or booking number, period of stay, total amount of rental fee, service fee of roadsurfer Spots GmbH and rental fee without service fee. The roadsurfer Spots GmbH does not receive your payment data. The rental fee will be collected via the means of payment selected by you as a guest (e.g. credit card).

 

If you as a lessor offer a spot on the platform, Adyen will be used for the administration of the rental fees in order to guarantee you the most secure and smooth process possible. For this purpose, a separate registration with Adyen is necessary after registration on the platform, which also requires, among other things, a photo authentication and the provision of your bank details. The personal data you provide when registering with Adyen will neither be forwarded to nor processed by roadsurfer Spots GmbH. Only the following data on your part will be transmitted to Adyen: Name, address, title, e-mail; optionally, if provided by you as host, also the date of birth and telephone number. If you as the host are a company in the sense of § 14 BGB (German Civil Code), the company name, the tax number and the currency in which the rental fee is to be paid will also be transmitted to Adyen.

 

PayPal

As already shown above, the payment services of PayPal are used within the scope of roadsurfer spots. For more information about PayPal, the underlying legal basis, the purpose of the data transfer and the privacy policy of PayPal itself, see above under section V number 5).

 

7.       Joint responsibility roadsurfer GmbH and roadsurfer Spots & Travel GmbH

We work closely with roadsurfer Spots GmbH within the group. This also concerns the processing of your personal data in connection with roadsurfer Spots. We are therefore jointly responsible with roadsurfer Spots GmbH for the protection of your personal data (so-called "joint controllers" according to Art. 26 DSGVO). In this context, we have clearly defined in a contract who fulfills which obligations under the DSGVO. This relates in particular to the exercise of data subject rights and the fulfillment of information obligations. You can request the essential contents of the underlying contract from us by sending an e-mail to datenschutz@roadsurfer.com.

 

Your data in connection with roadsurfer Spots will be processed by roadsurfer GmbH in particular for the central administration of your customer account, for the joint processing of communications, for marketing purposes and for customer support.

 

To exercise your data protection rights, please send us an e-mail to datenschutz@roadsurfer.com. Of course, you can also contact roadsurfer Spots GmbH directly. This will not result in any disadvantages for you.

 

8.       Host subdomain roadsurfer spots

Host of the subdomain https://spots.roadsurfer.com/ is Bradler & Krantz GmbH & Co. KG, Kurt-Schumacher-Platz 8, 44787 Bochum. This processes the personal data as described here.

 

9.       Mobile roadsurfer spots App: OneSignal

We use the service of OneSignal, 2194 Esperanca Avenue, Santa Clara, CA 95054 (hereinafter "OneSignal") as part of the mobile app "roadsurfer spots" to send you push messages if you have consented to receive them. OneSignal receives, if you have activated push messages, information about the installed app and its use when you call up the app. You can find out what information this currently is via OneSignal's privacy information. OneSignal's privacy policy can be found here: https://onesignal.com/privacy_policy.  On 13.04.2018, an update from OneSignal disabled the storage of the IP address of users in the EU.

 

 

 

 

III)    Special features of roadsurfer Subscription and roadsurfer Rent

 

1.       Ident procedure for the rental of vehicles

 

Purpose of the data processing

The rental of vehicles as part of a camper subscription at https://roadsurfer.com/de-de/camper-abo/ and via roadsurfer Rent at https://roadsurfer. com/en/ requires the validation and legitimation of your person by means of an identification procedure. For this purpose, you will send us a copy of your driver's license and an identification document (ID card or passport) via a secure connection. To identify identity fraud, we store these images for a maximum of 30 days after validation and then delete them in accordance with data protection regulations. The information that you have a driver's license is stored for a maximum of 2 years and checked regularly so that we can comply with our statutory

We need to be able to verify that you have a valid driver's license. We store the ID card or passport number to protect us against property crimes or to recover our property in the event of embezzlement.

The aforementioned data processing operations serve the purpose of contract preparation as well as contract execution.

 

The obligation to check whether you have a driver's license is imposed on us by law. The legal basis for the aforementioned processing is found in Art. 6 (1) (b) (performance of contract), Art. 6 (1) (c) (legal obligation) and Art. 6 (1) (f) DSGVO (legitimate interest).

 

Furthermore, we ask you as the person concerned to note that you are responsible without limitation for all violations of traffic and regulatory rules and other regulations and roadsurfer may be obliged to name the person concerned to the competent authority so that they can issue a warning fine.

If you are accused of having committed a misdemeanor or criminal offense with one of our vehicles, we will process your data stored with us (surname, first name, address, date of birth and all other contractual data) in accordance with our legal obligations and at the request of the competent authority, as well as the data transmitted by the competent authority from the respective country. Our legitimate interest is to avert sanctions from our company.

 

Involvement of third parties for data processing: IDnow GmbH

 

Video identification and driver's license verification is also carried out by the service provider IDnow GmbH, Auenstraße 100, 80469 Munich. For this purpose, we transmit the user's personal data (first and last name) to IDnow. IDnow assigns a transaction number to this data, which is communicated to you and with which you can start the video identification.

 

The identification is done by accessing the smartphone camera and captures the machine-readable part of the ID document/driving license as well as non-machine-readable parts, such as the address field. In the next step, other security features of the ID documents, such as holograms, are checked. The identification process is completed with a subsequent, brief "liveness detection" via the camera.

 

As part of the video identification process, a secure video connection is established between IDnow and your terminal device, as direct visual contact is required for identity confirmation. During the video identification process, either IDnow's systems automatically and/or an IDnow employee verify your identity based on the identification document.

 

Screenshots or photos of you and the complete front and back of your ID card or the front of your passport must be taken and stored by the IDnow employee to prove that the video identity confirmation has been carried out properly. In addition, IDnow will also record and store the conversation conducted between you and the IDnow employee in parallel with the video transmission. There will be no recording of the video image transmission. At the beginning of the video identification, the IDnow employee will ask you for your explicit consent to take screenshots or photos and to record the conversation. The data will be transmitted to us by IDnow and deleted from the IDnow servers after 3 days at the latest. If you do not wish to have screenshots or recordings made, you also have the option of having our support staff identify you by calling back.

 

IDnow has to assure the authenticity of the identity card or passport you present. For this purpose, the IDnow employee must visually check the integrity and the presence of the optical security features of the respective ID document in accordance with the regulations. For this purpose, please follow the IDnow employee's instructions to place the ID card or passport in certain positions in front of the camera. In addition, the IDnow employee will ask you to read out the complete serial number of your ID document.

The applicable privacy policy can be found at https://www.idnow.io/de/regularien/datensicherheit/.

 

The legal basis for the aforementioned processing operations can be found in Art. 6 (1) (c) (legal obligation) and Art. 6 (1) (f) DSGVO (legitimate interest).

 

For more information on the right to object in this context with our legitimate interest, see Section IV.

 

2.       Data processing when renting a vehicle

We process the following data when a rental contract is concluded via roadsurfer Rent or roadsurfer Abo:

 

·       Customer data: Salutation, first name, surname, address. Contact details (e-mail, phone number), age, data related to your driver's license (date of issue) ("Rental Customer Data");

·       Vehicle Location Data: Location information about the Vehicle ("Location Data");

·       Technical vehicle data: data collected by means of a vehicle data system, in particular with regard to opening or locking the vehicle via a remote control, collision information, information on vehicle operation (e.g. oil level, tire pressure and fuel level as well as other diagnostic and performance data), and, if applicable, recording of minor damage to the vehicle ("technical vehicle data").

 

The rented vehicles may contain a so-called vehicle data system that records the aforementioned location data as well as technical vehicle data and thus the vehicle condition and performance (so-called telematics).

 

Furthermore, vehicles in the European Union must be equipped with the so-called eCall technology. This is activated when you are involved in an accident. With the help of eCall, emergency services are automatically called and information about the accident is passed on. Telematics data is released to emergency services and other parties providing assistance in the event of an accident, as well as to telematics service providers or parties to whom we are legally or contractually obligated to provide this data.

 

Please note that we are not responsible for any data left in the vehicle as a result of your use. We cannot guarantee the privacy or confidentiality of such information and therefore ask you to delete the data before returning the vehicle.

 

 

3.       Purpose and legal basis of the processing of rental customer data

We process the rental customer data in order to process the rental agreement between you and us, to manage the contractual relationship and to comply with our legal obligations in this context.

 

The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b DSGVO (fulfillment of the rental contract) and Art. 6 para. 1 lit. c DSGVO (fulfillment of legal requirements).

 

 

4.       Purpose and legal basis of processing vehicle data

 

We process the Location Data and Vehicle Technical Data as follows:

 

·       Collecting data about the condition and performance of the vehicle during the rental (including vehicle damage, mileage, fuel consumption, and other operational data) to improve the accuracy of our billing processes when the vehicle is returned.

The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f DSGVO) during the rental to correctly account for the use of the vehicle, including fuel consumption and damage.

 

·       Collecting data related to the driver's operation of the vehicle during the rental for safety and claims management reasons, including contacting the renter of the vehicle if the data indicates that there is a safety or operational problem that we need to bring to your attention.

The legal basis for this is our legitimate interest (Art. 6(1)(f) DSGVO) to defend and manage claims in the event of accidents involving the co-car; to ensure that we comply with our safety obligations in relation to the vehicle and any rental.

 

·       Collecting location data during the rental period if the driver violates the rental agreement (if he fails to return the vehicle on time or if he drives to unauthorized areas) or to defend and manage claims in case of accidents with the rental vehicle.

The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f DSGVO) to protect our assets, enforce our terms and conditions and defend and manage claims.

 

·       Location data is also processed in anonymized and aggregated form to improve roadsurfer's service in the areas of spots, rental stations and service. Anonymous location data does not allow us to infer your identity, but only to determine the location of the vehicle itself.

 

The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f DSGVO) to improve the service and the offer for our customers.

 

The aforementioned processing does not serve the purpose of creating a user profile. All data will be deleted after the execution of the rental contract, unless you need to continue to be processed for the assertion of legal claims.

For more information on the right to object in connection with our legitimate interest, see Section IV.

If you have given your prior consent in accordance with Art. 6 Para. 1 lit. a DSGVO or § 25 Para. 1 TTDSG, we will process the location data in order to direct you to the nearest workshop if necessary or to help you with other location-related problems (e.g. organizing a towing service).

 

5.       Processing of your location data for product improvement and sending of local offers

 

Product improvement and sending of local offers means the processing of the GPS data of the rented vehicle in connection with your personal customer data record in order to better tailor our offer to your personal needs and based on your location and to increase the relevance of our actions for you and to send personalized content and offers in your vicinity. We use email addresses to deliver this content.

 

This processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time.

 

We only use this data if we have received your express consent to do so. You can revoke your consent at any time with effect for the future, e.g. by e-mail or after booking a vehicle in the customer area provided by deactivating the corresponding checkbox.

 

6.       Credit check roadsurfer subscription

 

If you book a camper subscription with us via roadsurfer Abo, we perform a credit check with Schufa Holding AG in advance to reduce the risk of non-payment. Whether we can grant you the subscription is decided by our staff based on a forecast based on the value provided by Schufa Holding AG.

 

The legal basis for this is Article 6 (1) (b) (performance of contract) and Article 6 (1) (f) DSGVO (legitimate interest). The legitimate interest of us is to be able to assess all payments involving a credit risk as well as possible before granting a subscription and to verify whether you can meet the payment obligations. For more information on the right to object in this context, see Section IV. Please note, however, that we cannot offer you a Camper Subscription in this case.

 

7.       Transmission of data to third parties

 

In principle, data is not transferred to third parties, with the exception of Schufa Holding AG. However, we may be required to release this data in individual cases due to requests from government agencies or private service providers (e.g. parking lot operators, tolls).

 

 

 

 

IV)    Special features of our online store

 

1.       Data processing

 

If you use our online store at https://shop.roadsurfer.com/ ("Online Shop") and purchase products through it, we process the following personal data in this context:

 

·       Customer data in connection with the purchase via the online store: Title, first and last name, address, e-mail address and other data voluntarily provided by you (e.g. telephone number) ("Customer Data Online Shop");

·       Data in connection with the purchase of a voucher via the online store: Date of issue, amount of the voucher, voucher number, if communicated by you in the context of a personalization, name of the person entitled to the voucher, time of redemption and name of the redeemer ("voucher data");

                            Login data of customers of the online store, i.e. login and hash value of the password.

 

2.       Purpose and legal basis of processing

We process the customer data online store and the voucher data to process the purchase contract between you and us, to manage the contractual relationship and to comply with our legal obligations in this context.

 

Your login data and the customer data online store are also processed within the framework of your customer account and stored for you, if you create one. The data in the customer account will be stored by us as long as there is an active customer relationship. If no activity can be detected for a period of three years, the status of the customer relationship is set to inactive. Deletion of your customer account is possible at any time. To do so, send a message to datenschutz@roadsurfer.com.

 

The legal basis for the aforementioned data transfer is Art. 6 para. 1 lit. b DSGVO. The data processing is necessary for the fulfillment of the purchase contract between you and us. Furthermore, the customer and voucher data is also processed/stored by us for the prevention of fraud in accordance with Art. 6 (1) lit. f DSGVO (legitimate interest). For more information on the user's right to object in this context, see section IV.

Unless you have expressly consented to a further use of your data or there is a legally permitted further use of data, we will delete your data after complete fulfillment of your order or deletion of your customer account, provided that no tax and commercial retention periods are opposed.

 

3.       Disclosure of data to third parties

 

With the exception of the transfer of payment data to the payment service providers - see section V number 5 - and regarding the shipment of the order to Sendcloud GmbH and logistics companies - see below - your data will not be disclosed to third parties.

For the shipment of your order (including returns) we use the services of Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich. For this purpose, your customer data online store as well as the purchased goods (for the calculation of the package size and weight) are transmitted by us to Sendcloud GmbH for the performance of the contract (Art. 6 para. 1 lit. b DSGVO).

Sendcloud GmbH, for its part, organizes the shipment of the order and transmits the data required for shipment (title, first and last name, address) to the logistics company selected by you accordingly (e.g. DPD, DHL).

 

Further information on data processing by Sendcloud GmbH can be found at https://www.sendcloud.de/datenschutz/ and at https://support.sendcloud.com/hc/de/sections/360003884512Datenschutz.

 

4.       Host subdomain online store

The host of our online store is RAIDBOXES GmbH, Hafenstrasse 32, 48153 Münster. This processes the personal data as described here. RAIDBOXES GmbH automatically collects and stores server log files with information that your browser transmits to us. These are:

 

·       Browser type

·       Operating system

·       Referrer URL (previously visited page) Hostname (IP address).

 

RAIDBOXES GmbH cannot assign this data to specific persons. A combination of this data with other data sources is not made. The data will be deleted after a statistical evaluation after 7 days at the latest. More details about the data processing by RAIDBOXES GmbH can be found under the following link: https://raidboxes.io/datenschutzerklaerung/.

 

 

Section VII.                    Data security and reservation of right of modification

 

1.       SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

2.       Change of the privacy policy

We reserve the right to amend this data protection declaration at any time with effect for the future in compliance with the statutory provisions. You will find the current version on our website.

 

3.       Status of the privacy policy

 

 January 2023