Privacy policy under General Data Protection Regulation (GDPR)

1. Introduction

logiGPS GmbH, hereinafter referred to as the service provider, as a data controller and/or data processor, acknowledges the content of this legal notice in full and considers it as binding on it.

It undertakes that all data controlling and data processing related to its activities comply with the requirements set out in this regulation and the applicable legislations.

 

All data protection guidelines arising in connection with the data management and data processing activities of logiGPS GmbH are continuously accessible on the company's websites, online service interfaces and on all other online interfaces managed by it (e.g. Facebook, etc.), under the heading GDPR. However, we reserve the right to alter the content of this GDPR as necessary, in accordance with applicable legislation.

We will notify our customers and visitors of online content of the alterations, as necessary.

Should you have any questions in connection with this GDPR, please write to our e-mail address below, and we will send you a written reply.

Data Protection Officer of logiGPS GmbH: Oliver Feher

E-mail: oliver.feher@logiGPS.com

logiGPS GmbH is committed to protect the personal data of its customers, partners and employees, and considers it extremely important to respect the right to informational self-determination of the natural persons involved in data processing. logiGPS GmbH handles personal data confidentially, and ensures the security of these data by taking sufficient technical and organizational measures.

Please, read the description of our data protection and data management procedure detailed below.

 

2. Business details

Name: logiGPS GmbH

Head office: Adlerstr. 34, 90403 Nürnberg

Tax identification number: DE362065346

Company registration number: Nürnberg, HRB 41794

E-mail: info@logiGPS.com

 

3. Purpose and scope of this GDPR

The purpose of this Regulation is to lay down the data protection, data management and data processing principles applied by logiGPS GmbH, which the company - depending on its role in the case of the given system - as data controller or data processor, recognizes as mandatory for itself.

This Regulation contains the principles for the handling of personal data provided either by users, or developed and provided by logiGPS GmbH about private individuals, or recorded manually or by data import in the information systems used by it.

4. Definitions

personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

pseudonymisation:  the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

5. Use of cookies

An HTTP cookie is a piece of information that a server sends to a web browser, and then the browser sends back to the server each time a request is made on the server. Cookies are created by the web server itself using a browser on the user's computer, where they are stored in a separate directory.

A cookie is a small file that makes its way to your computer when you visit a website.

A cookie can carry any information content specified by the server, for the purpose of introducing user status into the connection between the browser and the server. In the absence of cookies, retrieving each web page would be an isolated event, so for example, if a user logged in to a username- and password-protected page, viewed content and then navigated to another subpage, his or her username/password pair would have to be re-requested.

The purpose of cookies is therefore to facilitate the use of websites and to store information about the user's session, but they are suitable also to collect other information related to the use of the website.

logiGPS GmbH uses cookies within its websites and online services for two purposes only, which are not suitable for the identification of users.

Usage-facilitating cookies:

These allow us to remember the functional language of the websites and online services, as well as other usage-related information.

Performance-facilitating cookies:

We use Google Analytics cookies to collect information about how our visitors use our website. These cookies cannot identify you personally, they collect information only about which page a visitor viewed, which part of the website they clicked on, how many pages they visited, and how long each page was viewed for.

Blocking cookies:

As previously written, cookies used on our websites and online service interfaces do not store information that would allow for the identification of a person.

However, you have the option to block the storage of cookies in your browser.

Cookies can usually be managed in the Tools/Settings menu of browsers under Privacy Settings, under the title ‘cookies’.

6. Purpose of data management and data processing

Our company sells its own - typically online - software as a service (SaaS), and our customers, using this software, agree to a monthly (or in larger units) billed fee. In addition to complying with the legislations, this software has been designed in accordance with the service needs indicated by the customers, so the data stored in them is the data deemed necessary by the customers in the given usage segment. The purpose of data management and data processing is to meet the original purpose of the online software solutions used by customers.

In our own records, we store only the personal data necessary for the conduct of business, the purpose of which is to maintain contact with customers and partners, to fulfil the contractual relationship and to settle bills in accordance with legislations.

7. The legal basis for data management

When developing this Regulation - and the underlying Data Protection Impact Assessment and Data Protection Regulations - we have taken into account the requirements of the following legal and mandatory regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as ‘GDPR’
• the agreement with customers - stipulated in a contract
• permission granted by the user for data processing, clearly stated in writing or on the online interfaces

 

8. Duration of data management and data processing

The duration of data management and processing depends on the way of participation in data management.

As data controller

As data controller, we store in our own records only the personal data necessary for maintaining communication, informing customers, maintaining the contractual relationship and settling accounts, only for the duration of the business relationship.

The duration of the business relationship is defined as the date of the request for either sale or other purposes until the existence of a contractual relationship with the customer, interpretable in any way.

As data processor

With regard to software provided as a service, we do not specify a data processing period in connection with data control. The data interfaces provided to our contracted customers in these systems are used to query, record, modify (in one word: manage) the data; the contracted customer has control over the data, thus regulating the data management activities (including requesting the data subject to issue an authorisation statement about the data management) in accordance with his or her needs, as well as the legislations applicable to his or her activity.

As data processor, we basically provide a minimum data retention period in accordance with legislations, but we can increase this period at the request of the customer, or on the basis of an agreement with him or her.

9. The scope of personal data managed

Our company sells its own - typically online - software as a service (SaaS), and our customers, using this software, agree to a monthly (or in larger units) billed fee. In addition to complying with the legislations, this software has been designed in accordance with the service needs indicated by the customers, so the scope of data stored in them is the scope of data deemed necessary by the customers in the given usage segment. The purpose of data management and data processing is to meet the original purpose of the online software solutions used by customers.

In our own records, we store only the personal data necessary for the conduct of business.

As data controller

As data controller, we store in our own records only the personal data necessary for maintaining communication, informing customers, maintaining the contractual relationship and settling accounts; namely the following:

• name
• if necessary, address; in case of an enterprise: head office, as well as postal address
• e-mail address
• other communication channels specified by the customer
• tax identification number
• bank account number

As data processor

With regard to the software provided as a service, we provide the possibility of data management through the software interfaces, as well as its technical and product support conditions. The data can be provided by our customers on these software interfaces.

In the following systems, we provide the possibility to store the data of natural persons that can be recorded by them:

logiGPS fleet management systems

• surname and first name
• place and date of birth
• citizenship
• mother tongue
• user’s contact details (e-mail address)
• device-vehicle-person binding
• current situation based on the above
• traceable past position and route
• vehicle usage habits
• events related to the person, use of the vehicle (e.g. penalties)
• SentinelProtect vehicle protection system
• vehicle data (from which the person using the vehicle can be deduced)
• position information
• condition of other peripherals.

10. Data transmission, additional data controllers and processors

We can only ensure some of our services and the security of the built-in functions and operation, by using content provided by external service providers, IT solutions or even their infrastructure.

In order to display our online content, to maintain communication with our customers and to provide online services, the following data controllers and data processors will appear in connection with the Service Provider's activities, to whom the data necessary for maintaining the service will also be transmitted.

By accepting this GDPR, the natural person also agrees to the transmission of his or her data necessary for the use of the given service, so if he or she does not agree to the transmission of his or her data, we cannot provide the service concerned:

Google Inc.

We use Google's e-mail system to communicate with customers in writing, and for office use, the document management system it provides.

Head office: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA

 

11. Data Security

logiGPS GmbH takes all necessary steps to ensure the security of the personal data provided by its users both during network communication, and during the storage and safekeeping of data.

Access to personal data is strictly limited in order to prevent unauthorized access, alteration or use.

Our servers used for data storage are redundant servers located in protected server parks, and the data stored on them is directly accessible only to the employees and companies that maintain the servers.

12. Enforcement and legal remedy

logiGPS GmbH ensures getting acquainted with, enforcement and legal remedy of the rights related to personal data as follows:

Disclosure

logiGPS GmbH provides the relevant information to the data subject. At the written request of the data subject, we provide information about the data we manage or process, their source, purpose, legal basis, duration, the name and address (registered head office) of the data controller and/or data processor and its activities related to data processing, as well as - in case of transfer of personal data of the data subject - who receives or has received the data and for what purpose.

We will provide this information in writing within 30 days of receiving the request.

Correction and/or erasure of data

It is the right of the natural person concerned to request his or her personal data be rectified, the fulfilment of this by us, respectively. logiGPS GmbH is obliged to correct personal data that does not correspond to reality.

Personal contact shall be erased if

• its handling is illegal;
• at the request of the data subject;
• it is incomplete or incorrect, and this condition cannot be legally corrected
• the purpose of data management has ceased
• the statutory term for data storage has expired
• it has been ordered by either the Court, or
• by the National Authority for Data Protection and Freedom of Information.

In addition to the above, the erasure is subject to the condition that the erasure of the data is not precluded by any law or other legislation.

Please note that the data subject's rights to information, rectification and erasure may be restricted by law 

• in the interests of the external and internal security of the German State (national defence, national security, crime prevention or law enforcement, security of penitentiary);
• in the economic or financial interest of the state or municipality;
• of significant economic or financial interest of the European Union;
• to prevent and detect breaches of Labour Law and occupational safety and health obligations.

If we are unable to comply with the data subject's request for rectification or erasure for the above reasons, we will inform the data subject in writing within 30 days.

Objection

logiGPS GmbH ensures that the data subject may object to the processing of his or her personal data if the processing and/or transmission of personal data is carried out solely for the purpose of direct business acquisition or public opinion research, necessary to enforce the interest of our company or the recipient;

An objection submitted in writing will be looked into within 15 days of its submission, and the applicant will be informed of the outcome in writing.

If the objection is justified, the processing and transfer of data shall be terminated and all persons to whom the data concerned had previously been transferred shall be notified of the objection and the related measures.

Should you have any further queries regarding data management and data processing activities of logiGPS GmbH, you can obtain information at the following contacts:

• Name: logiGPS GmbH
• Headquarters: Adlerstr. 34, 90403 Nürnberg
• Contact details: info@logiGPS.com