Information requirements according to Article 13 EU General Data Protection Regulation (DSGVO) and §13 Telemediengesetz (TMG)
This data protection declaration applies exclusively to the use of data in the relationship between you and ARI Fleet Germany GmbH.
1. Name and contact details of the controller
These information obligations apply to the processing of personal data by the responsible: ARI Fleet Germany GmbH, Liebknechtstrasse 33, D-70565 Stuttgart, (hereafter “ARI Fleet”), email: firstname.lastname@example.org. Telephone: 0049 (0) 711-6676-0, Fax: 0049 (0)711-6676-17101.
We put great importance to the protection of your personal data. According to Article 4 No. 1 DSGVO, personal data is all information relating to an identified or identifiable natural person; An identifiable person is a natural person who, directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified. For example. Your name or email address are considered personal.
2. Contact details of the company data protection officer
The company’s data protection officer is at the address given above, for the attention of Mr. Paul Elion, phone +49 (0) 6196 700 1117, or mobile +49 (0) 172 8644 893, or at the email email@example.com .
3. Purposes of data processing, legal bases, storage period
The processing of the personal data collected when using the Driver Insights® Mobile App takes place only in compliance with the applicable data protection regulations and to the extent necessary.
This data protection declaration applies exclusively to the use of data in the relationship between you and ARI Fleet.
The following explains which personal data is collected while using our mobile app and how exactly it is used.
a) Download of the mobile app from the Apple App Store
To be able to use our mobile app, you have to download it from the Apple Inc., CA, USA app store.
ARI Fleet is also not legally linked to the operators of the app store and does not represent them.
b) Download of the mobile app from the Google Play Store
To be able to use our mobile app, you have to download it from the Google Inc., CA, USA app store.
ARI Fleet is also not legally linked to the operators of the Play Store and does not represent them.
c) Data collection and processing on the end device
If you use our mobile app, you must first log in using a registration dialog and enter your access data. In the registration dialog we ask you for your email address (user name) and your password.
As a company car driver for ARI Fleet customers, you can use the mobile app to view and administer the most important information and tools relating to your company car via mobile or WLAN.
Our mobile app processes the below under §3.d. personal data mentioned only for the purposes
- To enable the functions used in each case as well as
- To prevent fraud and abuse.
The legal basis for processing in accordance with No. 1 is Article 6 (1) (b) DSGVO (performance of the contract) and in accordance with No. 2 Article 6 (1) (f) DSGVO (legitimate interests).
After exiting the mobile app, no user data is stored on the end device so that no information can get into the hands of third parties, even if the device is passed on or lost. Only at the next start / if necessary. Registration process of the mobile app and the next connection to the secure servers of ARI Fleet Germany GmbH, data is synchronized again on the end device. The remaining personal data is stored on your mobile device until the app or cache is deleted.
d) Data collection and processing on servers of ARI Fleet Germany GmbH
All data referred to in point 2. c) and mentioned below are encrypted and exchanged via SSL with the Mobile APP via our secure servers. Each access is temporarily stored in a log file on our secure servers. The following data is recorded and stored until it is automatically deleted:
- IP address of the requesting device
- Date and time of access
- Service methods used
- Name of the user
- User’s email address
- Mobile Phone Number
- Private and employer address
- location data
This data is processed for the following purposes
- Enabling the use of the mobile app
- Administration of the network infrastructure
- Appropriate technical-organizational measures for IT system and information security taking into account the state of the art
- Guarantee user-friendliness of use
- Optimization of the mobile app
- Provision of fleet management services in accordance with Framework agreement (regarding ARI Driver Insights®.
Legal bases for the above processing are:
- for processing for contact with our web servers according to numbers 1-2 Article 6 paragraph 1 letter b DSGVO (necessary for the fulfillment of the mobile app usage contract),
- for the processing according to number 3 Article 6 paragraph 1 letter c DSGVO (legal obligation to implement technical-organizational measures to ensure data processing according to Article 32 DSGVO) and Article 6 paragraph 1 letter f DSGVO (legitimate interests in data processing for network and Information security) and for
- the processing according to numbers 4-5 article 6 paragraph 1 letter f DSGVO (legitimate interests). The legitimate interests of our data processing consist in making our offer user-friendly and optimizing it.
- the processing according to number 5: Article 6 paragraph 1 letter b. DSGVO (the performance of a contract). It concerns the framework contract for fleet management between ARI Fleet and the user’s employer.
The aforementioned data will be deleted at the latest after the permissible storage period according to the case law on current law. If data is processed longer for purposes according to numbers 2-4, anonymization or deletion takes place if the storage is no longer necessary for the respective purpose.
In addition, your data will be deleted from the ARI Fleet servers as soon as your employer ends the contractual relationship with ARI Fleet and all contractual relationships have been finally processed.
e) No further processing
Beyond the above-mentioned cases, personal data will not be processed, unless you expressly consent to further processing in advance, e.g. to receive a newsletter.
you, for technical session control and to enable certain functions, e.g. the transfer of data in forms despite a click on the mobile app.
We use so-called session cookies to recognize that you have already visited individual parts of the mobile app within a session and to enable session control, e.g. to save form entries during the session.
The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Article 6 paragraph 1 letter f DSGVO.
5. Plug-ins from Google Inc.
We also show addresses on the display of the mobile app, which can be found in the browser via Google Maps. The route can also be calculated on Google Maps if desired.
Google Inc., CA, USA and companies cooperating with Google Inc. use plug-ins for Google Maps and route calculation. These are operated technically in the USA or other countries outside the EU, the European Economic Area and Germany, but some are offered through national companies. If you use such a plug-in with our mobile app, your end device / web browser / app establishes a direct connection to the servers of Google Inc. or their cooperation partners in the respective country. As a result, the recipient of the connection receives at least the information that you have visited a certain, identifiable app / website with Google Maps, and possibly also other information that your web browser or the device you are using reveals. The content of the plug-in is loaded from your end device directly by the provider and integrated. If you are registered and logged in with the provider in question, your visit to your device may also be assigned to your user account.
6. Disclosure to third parties, processors, categories of recipients
A transmission of your personal data to third parties, i.e. other natural or legal persons other than the data subject, the person responsible, the processor and the persons who are under the direct responsibility of the those responsible or the processor are authorized to process the personal data only for the purposes listed below:
- You have given your express and voluntary consent in accordance with Article 6 paragraph 1 letter a DSGVO,
- The disclosure is required in accordance with Article 6 paragraph 1 letter b DSGVO for the processing of contractual relationships with you, for example to the supplier or recipient of a product or service you have named.
- There is a legal obligation to pass it on in accordance with Article 6 paragraph 1 letter c DSGVO, e.g. to financial or law enforcement authorities.
- The disclosure is required in accordance with Article 6 paragraph 1 letter f DSGVO to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data; Such a disclosure can take place, for example, in the event of attacks on our IT systems to state institutions and law enforcement agencies.
Our websites are operated by our parent company Automotive Rentals, Inc. in New Jersey, USA (“ARI US”) as a processor on servers in the USA in accordance with Article 28 DSGVO. ARI US subcontracted the company Media Temple, Inc, 6060 Center Drive, 5th Floor, Los Angeles, CA 90045, USA for the hosting. There is no adequate level of data protection in the United States in terms of the DSGVO and there is no adequacy decision by the European Commission for the United States. However, with ARI US we have concluded the EU standard data protection clauses within the meaning of Article 46 DSGVO, which a copy can be requested at firstname.lastname@example.org.
ARI Fleet remains responsible for data protection even if contract processors are involved. We do not intend to transfer your personal data to a third country.
7. Access rights to the end device
As part of the processing purposes described above, the mobile app has the following access rights to the end device used: Internet connection, WLAN, mobile radio, web browser components, location services.
8. Rights of data subjects
You have the right:
- to request information about your personal data processed by us in accordance with Article 15 DSGVO. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period if possible, the existence of a right to correction, deletion, restriction of processing or objection that Pass one
Right to lodge a complaint, the origin of your data, unless it was collected from you, and the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details,
- to request the correction of incorrect or incomplete personal data stored by us without delay in accordance with Article 16 DSGVO,
- to request the deletion of your personal data stored by us in accordance with Article 17 DSGVO if
- these are no longer necessary for the purposes for which they were collected or otherwise processed,
- your consent, on which the processing was based in accordance with Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a, revoked and there is no other legal basis for the processing,
- you object to the processing in accordance with Article 21 paragraph 1 and there are no overriding legitimate grounds for the processing, or you object to processing for the purpose of direct advertising including associated profiling in accordance with Article 21 paragraph 2,
- the personal data has been processed unlawfully,
- the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject,
- the personal data has been collected in relation to information society services offered in accordance with Article 8 (1) DSGVO (consent of a child).
- The right to deletion does not exist if the processing is necessary
- to exercise the right to freedom of expression and information,
- to fulfill a legal obligation, for reasons of public interest in the field of public health or for archiving purposes in the public interest or
- to assert, exercise or defend legal claims.
- to request that the processing of your personal data be restricted in accordance with Article 18 DSGVO, insofar
- the accuracy of the data is disputed by you,
- the processing is unlawful, but you refuse to delete it,
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- You have objected to processing in accordance with Article 21 DSGVO.
- to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible, in accordance with Article 20 DSGVO,
- revoke your consent given to us at any time in accordance with Article 7 (3) DSGVO. As a result, we may no longer continue the data processing based on this consent in the future if there is no other legal basis for it and
- to complain to a supervisory authority in accordance with Article 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or work or our headquarters.
9. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Article 6 (1) (f) DSGVO, you have the right to object to the processing of your personal data in accordance with Article 21 DSGVO, provided there are reasons for this that arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
If you would like to exercise your right of withdrawal or objection, you can contact us using the contact details above and send us an email, for example.
10. Data security
We use the common SSL (Secure Socket Layer) method to communicate the mobile apps with our servers. in connection with the highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. You can tell whether a single page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your web browser.
In addition, we use suitable technical and organizational measures to secure data processing, in particular to protect your data against manipulation or unauthorized access. We take into account the state of the art. Our security measures are adapted in line with technological developments.
11. Links to offers from other providers
Our mobile app can contain links to offers from other providers. We would like to point out that this data protection declaration only applies to the ARI Fleet mobile app. We have no influence on this and do not control that other providers comply with the applicable data protection regulations.
12. Validity and timeliness of the data protection declaration
The data protection declaration is currently valid and dated 20.12.2019. Due to changed legal framework conditions, the further development of our mobile app, the implementation of new technologies or due to changed legal or official requirements, it may be necessary to change this data protection declaration with effect for the future. You can access and save or print out the current data protection declaration at any time.
13. Severability clause
If individual provisions of this data protection declaration are or become ineffective or impracticable in whole or in part, this does not affect the effectiveness of the remaining provisions. The same applies in the case of gaps.