I. Privacy policy website 

In this privacy policy, we inform you about the processing of personal data when using our app.

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. Statistical data that we collect, for example, during a visit to our app and that cannot be associated with your person do not fall under the concept of personal data.

Table of content

1. Contact person

2. Data processing during the use of our website 

2.1 Enter our website / access data

     2.2 Contacting us

     2.3 Newsletter

     2.4 Existing customer advertising by e-mail

     2.5 Applications

3. Use of cookies and comparable technologies

     3.1 Legal basis and withdrawal

     3.2 Necessary tools

     3.3 Functional tools

     3.4 Analysis tools

     3.5 Marketing tools

4. Online presence in social networks

5. Data disclosure

6. Data transfer to third countries

7. Storage duration

8. Your rights, especially revocation and objection

9. Changes to the privacy policy  

 

1. Contact person

The contact person and so-called controller for the processing of your personal data when using this app within the meaning of the General Data Protection Regulation (GDPR) is the

ecomove Technologies GmbH

Krausenstr. 9-10

10117 Berlin

E-Mail: datasecurity@ecomove.io

If you have any questions about data protection in connection with our products or services or the use of our app, you can also contact our data protection officer at any time. He or she can be reached at the above postal address and at the e-mail address provided above (keyword: “attn. data protection officer”). We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, we ask that you first contact us directly via this e-mail address.

2. Data processing during the use of our website

2.1 Enter our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:

  • IP address of the requesting device,
  • Date and time of the request,
  • Address of the website accessed and the requesting website,
  • Information about the browser used and the operating system,
  • online identifiers (e.g. device identifiers, session IDs).

The data processing of this access data is absolutely necessary to enable the visit of the website, to ensure the permanent operability and security of our systems as well as for the general administrative maintenance of our website. The access data is also temporarily stored in internal log files for the purposes described above, for example in order to find the cause of repeated or criminal calls that endanger the stability and security of our website and to take action against them.

The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 p. 1 lit. f DSGVO due to our legitimate interest in enabling website access and permanent functionality and security of our systems.

The log files are stored for 7 days and [[archived/deleted]] after subsequent anonymization.

2.2 Contacting us

You have the possibility to contact us via e-mail. In this context, we process data exclusively for the purpose of communicating with you.

The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 p. 1 lit. f DSGVO due to our legitimate interest that you contact us and we can answer your inquiry. We only make promotional telephone calls if you have given your consent for this. If you are not an existing customer, we will also send you promotional e-mails only on the basis of your consent. In these cases, the legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO.

The data we collect when you contact us will be automatically deleted after we have fully processed your request, unless we still need your request to fulfill contractual or legal obligations (see section “Storage period”).

2.3 Newsletter

You have the possibility to order our newsletters, in which we will inform you regularly about innovations in connection with our services.

To order our newsletters, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage serves the sole purpose of sending you the newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details provided above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. 

As a technical service provider for sending our newsletter, we use the service of the company Mailchimp. The provider of this service is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp servers in the USA. The service provider MailChimp uses this information to send and evaluate our newsletters on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize and improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties. 

The legal basis for the use of the service is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO. You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. This will simultaneously terminate your consent to its dispatch via MailChimp and the statistical analyses. A separate revocation of the dispatch via MailChimp is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. Alternatively, you can unsubscribe from the newsletter by simply sending a message to the contact details provided in this privacy policy. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 (1) p. 1 lit. a DSGVO). Please refer to the section “Data transfer to third countries” for the associated risks.

We use standard market technologies in our newsletters that can be used to measure interactions with the newsletters (e.g. opening of the email, links clicked). We use this data in pseudonymous form for general statistical evaluations and to optimize and further develop our content and customer communications. This is done with the help of small graphics embedded in the newsletters (so-called pixels). The data is collected exclusively pseudonymously and is also not linked to your other personal data. The legal basis for this is your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behavior, you can unsubscribe from the newsletters or deactivate graphics by default in your email program.

2.4 Existing customer advertising  by e-Mail

If you register with us or make a purchase from us, we will also use your contact details to send you further information relevant to you about our products and services by e-mail (“existing customer advertising”). This may include, in particular, news, promotions and offers as well as feedback and other surveys. 

The legal basis for this data processing is Art. 6 (1) lit. f DSGVO in conjunction with Section 7 (3) UWG, according to which data processing is permissible for the purpose of safeguarding legitimate interests, insofar as this relates to the storage and further use of the data for advertising purposes. You can object to the use of your data for advertising purposes at any time by using a corresponding link in the e-mails or by notifying the above contact details (e.g. by e-mail or letter), without incurring any costs other than the transmission costs according to the basic rates.

2.5 Applications

You can apply for open positions with us via our applicant management system of our order processor Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany), which you can access via our careers page. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. For the purpose of receiving and processing your application, we collect the following data in particular: First and last name, e-mail address, application documents (e.g. certificates, resume), date of earliest possible job start and salary requirement. Mandatory fields are marked with an asterisk (*). The legal basis for processing your application documents is Art. 6 (1) p. 1 lit. b and Art. 88 (1) DSGVO in conjunction with Section 26 (1) p. 1 BDSG.

3. Use of cookies and comparable technologies

This website uses cookies and similar technologies (collectively, “tools”) that are either provided by us or by third parties.

A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. Comparable technologies are in particular web storage (local / session storage), fingerprints, tags or pixels. Most browsers are set by default to accept cookies and comparable technologies. However, you can usually adjust your browser settings so that cookies or comparable technologies are rejected or only stored with your prior consent. If you reject cookies or comparable technologies, not all of our offers may function properly for you.

In the following, we list the tools we use by category, informing you in particular about the providers of the tools, the storage period of the cookies and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.

3.1 Legal basis and withdrawal
3.1.1 Legal basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO to enable you to use our website more conveniently and individually and to make use as time-saving as possible. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO.

We use all other tools, in particular those for marketing purposes, on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO and pursuant to Section 15 para. 3 p. 1 TMG, insofar as usage profiles are created for the purposes of advertising or market research. Data processing with the help of these tools only takes place if we have received your consent for this in advance.

If personal data is transferred to third countries, we refer you to the section “Data transfer to third countries”, also with regard to the possible associated risks. We will inform you if we have concluded standard contractual clauses or other guarantees with the providers of certain tools. If you have given your consent to use certain tools, we (also) transfer the data processed when using the tools to third countries on the basis of this consent.

3.1.2 Obtain your consent

For the collection and management of your consents, we use the tool Usercentrics of Usercentrics GmbH, Rosental 4, 80331 Munich (“Usercentrics”). This generates a banner that informs you about data processing on our website and gives you the option to consent to all, some or no data processing through optional tools. This banner appears the first time you visit our website and when you revisit the selection of your preferences to change them or revoke consents. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookies or information in Usercentrics’ local storage have been deleted or have expired.

Your consent or revocation, your IP address, information about your browser, your terminal device and the time of your visit are transmitted to Usercentrics during your visit to the website. In addition, Usercentrics stores necessary information on your terminal device to retain the consents and revocations you have given. If you delete your cookies or information in the local storage, we will ask you again for your consent when you visit the site at a later time.

Data processing by Usercentrics is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Usercentrics is Art. 6 para. 1 p. 1 lit. f DSGVO, justified by our interest in fulfilling the legal requirements for cookie consent management.

3.1.3 Revocation of your consent or change of your selection

You can revoke your consent for certain tools at any time. To do so, click on the following link/button: [link/button]. There you can also change the selection of the tools you wish to consent to using, as well as obtain additional information about the cookies and the respective storage period. Alternatively, you can assert your revocation for certain tools directly with the provider.

3.2 Necessary tools

We use certain tools to enable the basic functions of our website (“necessary tools”). Without these tools, we could not provide our service. Therefore, necessary tools are used without consent based on our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO or to fulfill a contract or to perform pre-contractual measures pursuant to Art. 6 (1) p. 1 lit. b DSGVO.

3.2.1 Own cookies

We use our own necessary cookies in particular 

  • for login authentication, 
  • for load balancing
  • to remember your language preferences,
  • to record that you have been shown information placed on our website – so that it is not shown again the next time you visit the website.
3.3 Functional tools

We also use tools to improve the user experience on our website and to provide you with more features (“functional tools”). While these are not strictly necessary for the basic functionality of the website, they can bring significant benefits to users, particularly in terms of user experience and the provision of additional communication, display or payment channels.

3.3.1 Stripe

We use the services of Stripe of Stipe Inc, 510 Townsend Street, San Francisco, CA 94103, USA (“Stripe”).

Stripe is an external payment service provider to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or financial information such as credit card numbers. Rather, this information (specifically contact and transaction information such as credit card details or bank account information) is passed directly to Stripe, whose use of your personal information is governed by their privacy policy. 

Stripe collects other data for its own purposes, such as abuse prevention and further development of its products, as well as for marketing purposes. The additional data collected through cookies and other technologies includes, in particular, communication data (IP address, device identifier, browser version, operating system details).

The following cookies are set by Stripe for the specified purpose with the respective storage period:

  • „__stripe_mid“ for 1 year;
  • „__stripe_sid“ for 30 minutes;
  • „m“ for 2 years (all fraud prevention and detection).

The legal basis is Art. 6 (1) p. 1 lit. b DSGVO, in order to fulfil the payment as part of a contract with you, and otherwise Art. 6 (1) p. 1 lit. f DSGVO, whereby the use of an external payment service provider is based on our legitimate interest in being able to offer you an additional payment option with Stripe.

We have concluded an order processing agreement with Stripe (https://stripe.com/dpa/legal)

Data processing by Stripe partly takes place on servers in the USA. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with Stripe pursuant to Art. 46 (2) lit. c DSGVO. For more information, please refer to the section “Data transfer to third countries”.

You can find more information in the Privacy Policy of Stripe.

3.4 Analysis tools 

In order to improve our website, we use tools for the statistical collection and analysis of general usage behaviour based on access data (“analysis tools”). We also use analytics services to evaluate the use of our various marketing channels.

The legal basis for the analysis tools is – unless otherwise stated – your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO. For revocation of your consent, see 3.1.3: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 para. 1 sentence 1 lit. a DSGVO). Please refer to the section “Data transfer to third countries” for the associated risks.

3.4.1 Google Analytics

Our website uses Google Analytics, which is provided for users from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).

Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.

We have made the following data protection settings for Google Analytics:

  • IP anonymisation (shortening of the IP address before evaluation so that no conclusions can be drawn about your identity).
  • Automatic deletion of old logs / limitation of the storage period
  • Deactivated advertising function (including target group remarketing by GA Audience)
  • Disabled personalised ads
  • Disabled measurement protocol
  • Disabled cross-site tracking (Google signals)
  • Disabled data sharing with other Google products and services

The following data is processed by Google Analytics:

  • Anonymised IP address;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, time spent);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions), if applicable;
  • Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
  • Approximate location (country and city, if applicable, based on anonymised IP address).

Google Analytics sets the following cookies for the stated purpose with the respective storage period:

  • “_ga” for 2 years and “_gid” for 24 hours (both to recognise and distinguish website visitors by a user ID);
  • “_gat” for 1 minute (to reduce requests to Google servers);
  • “_gali” for ####duration tbd#### (#####purpose tbd####)
  • if applicable, “IDE” for 13 months (third-party cookie to recognise and distinguish website visitors by a user ID, to record interaction with advertisements and in the context of playing out personalised advertisements).
  • “__utma” for 2 years (to distinguish visitors and sessions);
  • “__utmb” for 30 minutes (to distinguish new sessions and the duration of visits);
  • “__utmc” for one session (to distinguish new sessions and the duration of visits);
  • “__utmt” for 10 minutes (to throttle requests);
  • “__utmz” for 6 months (to store the campaign or source from which the visitor came);
  • where applicable, “__utmv” for 2 years (to store a custom variable).

We have concluded an order processing agreement with Google for the use of Google Analytics as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

You can find more information on this in the Privacy Policy of Google. 

3.5 Marketing tools

We also use tools for advertising purposes (“marketing tools”). Some of the access data collected when using our website is used for interest-based advertising. By analysing and evaluating this access data, we are able to present you with personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers.

The legal basis for the marketing tools is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO. For revocation of your consent, see 3.1.3: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 para. 1 sentence 1 lit. a DSGVO). Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

In the following section, we would like to explain these technologies and the providers used for this in more detail. The data collected may include in particular:

  • the IP address of the device;
  • the identification number of a cookie or information in the web storage;
  • the device identifier of mobile devices (e.g. Device ID);
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, time spent);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions), if applicable;
  • Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
  • Approximate location (country and city, if applicable).

However, the collected data is stored exclusively pseudonymously, so that no direct conclusions can be drawn about the persons.

3.5.1 Facebook-Pixel

For marketing purposes, our websites use the “Facebook Pixel” service of the social network Facebook, a service offered for users outside the USA and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and for all other users by Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (together “Facebook”).

We use Facebook Pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising (“conversion tracking”). In addition, we use Facebook pixels to play you individualised advertising messages based on your interest in our products (“retargeting”). This also involves target group remarketing through Custom Audience. For this purpose, Facebook processes data that the service collects via cookies, web beacons and comparable storage technologies on our websites.

The following cookies are set by Facebook Pixel for the specified purpose with the respective storage duration:

  • “_fbp” for 3 months (usage analysis and retargeting).
  • “fr” .

The data accruing in this context may be transferred by Facebook to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Facebook.

If you are a member of Facebook and have allowed Facebook to do so via the privacy settings of your account, Facebook may also link the information collected about your visit to us to your member account and use it for the targeted placement of Facebook ads. You can view and change the Privacy Settings of your Facebook profile at any time.

If you have not consented to the use of Facebook Pixel, Facebook will only display generic Facebook Ads that are not selected based on the information collected about you on this website.

You can find more information on this in the Privacy Policy of Facebook.

3.5.2 Google Ads-Conversion-Tracking und Ads-Remarketing (formerly AdWords)

Our websites use the “Google Ads” service, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland and by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”) for all other users.

Google Ads uses “Google Ads conversion tracking” to record and analyse customer actions defined by us (such as clicking on an ad, page views, downloads). We use “Google Ads remarketing” to show you individualised advertising messages for our products on Google partner websites. Both services use cookies and similar technologies for this purpose.

The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google.

If you use a Google account, Google may link your web and app browsing history to your Google account and use information from your Google account to personalise ads, depending on the settings stored in your Google account. If you do not wish this association with your Google account, it is necessary for you to log out of Google before accessing our website.

If you have not consented to the use of Google Ads, Google will only display general advertising that has not been selected on the basis of the information collected about you on this website. In addition to withdrawing your consent, you also have the option of disabling personalised advertising in Google’s advertising settings.

The following cookies are set by Google:

  • “_gcl_au” for 90 days
  • “_gcl_aw” for 90 days.

You can find more information on this in the notes on Data Use and the Google Privacy Policy.

3.5.3 Google Marketing Platform und Ad Manager (ehemals DoubleClick)

Our website uses the Google Marketing Platform and the Google Ad Manager, services provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”). 

These services use cookies and similar technologies to present you with advertisements that are relevant to you. The use of the services enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. 

The data generated in this context may be transferred by Google to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google.

If you have not consented to the use of Google Marketing Platform and Ad Manager, Google will only display general advertising that has not been selected on the basis of the information collected about you on this website. In addition to withdrawing your consent, you also have the option of disabling personalised advertising in the advertisting settings of Google.

In particular, Google sets the following cookies for the specified purpose with the respective storage period: 

  • “IDE” for 13 months (third-party cookie to recognise and distinguish website visitors by a user ID, to record interaction with advertising and in the context of playing out personalised advertising);
  • “1P_JAR” for 1 month (optimisation of personalised advertising, avoidance of repeated display of the same advertisement);
  • “DV” for 5 minutes (user preferences, such as language);
  • “NID” for 6 months (settings for Google services and other functions for advertising purposes).

For more information, please refer to the Privacy Policy of Google.

4. Onlinepräsenzen in sozialen Netzwerken

We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to inform them about our offerings.

The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users’ computers. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.

As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the data of the social networks that we can access as operators of the online presences.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO, based on our legitimate interest in effectively informing users and communicating with users, or Art. 6 para. 1 p. 1 lit. b DSGVO, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

For the legal basis of the data processing carried out by the social networks on their own responsibility, please refer to the data protection information of the respective social network. The links below also provide you with further information on the respective data processing and the options to object. 

We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:

5. Data disclosure 

The data we collect is only passed on if:

  • you have given your express consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO,
  • the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed,
  • we are legally obliged to disclose your data according to Art. 6 para. 1 p. 1 lit. c DSGVO or
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting companies. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

6. Data transfer to third countries 

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is provided for and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, you will also be informed of this.

7. Storage duration

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

8. Your rights, especially revocation and objection 

You are entitled to the data subject rights formulated in Art. 15 – 21, Art. 77 DSGVO at any time: 

  • Right to withdraw your consent;
  • Right to object to the processing of your personal data (Art. 21 DSGVO);
  • Right to information about your personal data processed by us (Art. 15 DSGVO);
  • Right to rectify your personal data stored by us that is incorrect (Art. 16 DSGVO);
  • Right to erasure of your personal data (Art. 17 DSGVO);
  • Right to restrict the processing of your personal data (Art. 18 GDPR);
  • Right to data portability of your personal data (Art. 20 GDPR);
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, even longer for the assertion, exercise or defence of legal claims. The legal basis is Art. 6 (1) sentence 1 lit. f DSGVO, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 DSGVO and fulfilling our accountability obligations under Art. 5 (2) DSGVO.

You have the right to revoke your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

Lastly, you have the right to complain to a data protection supervisory authority. You can exercise this right, for example, at a supervisory authority in the member state of your residence, your place of work or the place of the alleged violation. In Berlin, our headquarters, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

9. Changes to the privacy policy

Occasionally, we update this privacy policy, for example, when we customize our app or when legal or regulatory requirements change.

Version: 1.0 / Stand: September 2021

II. Privacy policy ecomove app 

In this privacy policy, we inform you about the processing of personal data when using our app.

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. Statistical data that we collect, for example, during a visit to our app and that cannot be associated with your person do not fall under the concept of personal data.

1. Contact person

The contact person and so-called controller for the processing of your personal data when using this app within the meaning of the General Data Protection Regulation (GDPR) is the

ecomove Technologies GmbH

Krausenstr. 9-10

10117 Berlin

E-Mail: datasecurity@ecomove.io 

If you have any questions about data protection in connection with our products or services or the use of our app, you can also contact our data protection officer at any time. He or she can be reached at the above postal address and at the e-mail address provided above (keyword: “attn. data protection officer”). We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, we ask that you first contact us directly via this e-mail address.

2. Data processing during the use of our app

2.1 App installation

In order to download and install our app from an app store, you must first register with the provider of the respective app store (e.g. Apple App Store or Google Play) with a user account and conclude a corresponding usage agreement with them. We have no influence on this, in particular we are not a party to such a user agreement.

When downloading and installing the app, the necessary information is transferred to the respective app store, in particular your username, email address and account number, the time of download, payment information and the individual device identification number.

We have no influence on this data collection and are not responsible for it. We process this provided data only to the extent necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). Beyond that, this data is not stored further.

For data processing, which is the sole responsibility of the app store operator, we refer to their privacy statements:

2.2 Technical access rights

When installing our app, access permissions are requested on a technical level. These concern in particular:

Apple:

  • Location 
  • Movement & Fitness (Health App): Movement types such as “standing”, “walking”, “running”, “automobile”, “bicycle”.

For use via Apple, disabling the exact location under the location settings is possible, this will only give the app access to the approximate location of the device and the function of the app may be affected.               

  • Location                              
  • Wearable sensor data/activity data

     These authorizations are not consent in the sense of data protection law. For the processing of personal data in the app that is not absolutely necessary, your consent will be obtained separately.

2.3 Automatically collected access data (log files)

Each time you use our App, we collect access data that our App automatically transmits to enable you to use our App. The access data includes in particular:

  • IP address of the requesting device;
  • Date and time of the request;
  • Technical information about the terminal device used (e.g. manufacturer, model, operating system);
  • Online identifiers (e.g. device identifier, app installation identifier).

The data processing of this access data is absolutely necessary to enable the use of our app, to ensure the permanent functionality and security of our systems, and to generally maintain our app administratively. The aforementioned data is also automatically stored temporarily in internal log files for the purposes described above, for example in order to find the cause of repeated or criminal calls that endanger the stability and security of our app and to take action against them. The log files are kept for 30 days.

In addition, your mobile device may automatically create log files on your device, which may contain various information of a technical nature (such as the type of message, date and time of the message, trigger of the message (e.g., an error, an app call), app used, information about the content of the message). This is necessary for technical reasons so that the app works properly and you can use the desired services. These log files are evaluated exclusively for the detection and handling of possible errors or crashes.

The legal basis is Art. 6 (1) p. 1 lit. b DSGVO if the app is used in the course of initiating or executing a contract, and otherwise Art. 6 (1) p. 1 lit. f DSGVO due to our legitimate interest in enabling the use of the app as well as the permanent functionality and security of our systems.

2.4 App usage

The basic data processing required for this takes place when using the app. The purpose of the app is to playfully encourage CO²-reduced mobility behavior, which is rewarded with virtual rewards when achieved. 

We process the data required for this, in particular those relating to location and travel and the associated CO² balance as well as necessary device information, and in the case of CO² account compensation, also corresponding transaction data. If the vehicle type is selected (rental vehicle or own vehicle), this data is also included in the calculation of the CO² balance.

To provide location and locomotion data, we use the services of the SDK of MotionTag GmbH, Rudolf-Breitscheid-Str. 162, 14482 Potsdam (“MotionTag SDK”). The following data is processed in the process: 

  • Credentials for logging in via the app
  • Time of localization
  • Geo coordinates and accuracy (determined by the GPS chip)
  • Acceleration values (determined via sensors in the smartphone)
  • Gyro sensor/gyroscope values (determined via sensors in the smartphone)
  • Barometer/air pressure data (determined via sensors in the smartphone)
  • Magnetometer (determined via sensors in the smartphone)
  • Motion activity from operating system
  • Detection reliability (confidence) of the motion activity
  • User agent (device type, operating system version, app version)

For more information about processing by the MotionTag SDK, please see MotionTag’s Privacy Policy: https://api.motion-tag.de/de/privacy 

To use it, you need to create an account, see the section “Registration and login”. 

The accumulated emissions can be compensated by a payment provider. For this purpose we use the services of Stripe, more information about the processing can be found in the section “Stripe”.

The legal basis is Art. 6 (1) p. 1 lit. b DSGVO, as the app is used in the course of the performance of a contract, which lies in the provision of the services described by the terms of use. The provision of this data is necessary for the provision of the functions of the app. If it is not provided, the app cannot reliably record CO² and perform the functions described above based on it.

In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses and/or this is done on the basis of Article 49, paragraph 1 (b) of the GDPR in order to enable the performance of a contract with you or the implementation of pre-contractual measures. For further information, please refer to section 6 (“Data transfer to third countries”).

The collected data is automatically deleted after 36 months or at the user’s request via the delete function in the app, unless we have to store it longer due to legal obligations. Longer storage may be necessary, for example, for accounting reasons for the transactions of a CO² offset, but the transaction data is stored without linkage to the user ID.

2.5 Push notifications

You may receive push notifications from us when using our app, even when you are not using our app. These may be notifications that we send you as part of the performance of the contract (e.g., to inform you of the current score, in the case of rewards for completing a discovery, so-called achievements). In this case, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO. You will only receive promotional information via push notification if you have consented to this. In this case, the legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. You can also deactivate push notifications at any time via the settings of your mobile device.

2.6 Contact

You have various options for contacting us, for example, via the feedback button in the app, as well as by sending an email to feedback@ecomove.io. In this context, we process data exclusively for the purpose of communicating with you.

The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 p. 1 lit. f DSGVO due to our legitimate interest that you contact us and we can answer your inquiry. We will only make promotional telephone calls if you have given your consent. If you are not an existing customer, we will also send you promotional e-mails only on the basis of your consent. In these cases, the legal basis is Art. 6 (1) p. 1 lit. a DSGVO.

The data we collect when you contact us will be automatically deleted after we have fully processed your request, unless we still need your request to fulfill contractual or legal obligations (see section “Storage period”).

2.7 Registration and Login

You have the option to log in to Google or Apple using your account. 

You can sign in with an existing account on the social networks listed below:

  • Google Sign-In: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other users). – Privacy Policy;
  • Sign in with Apple: Apple Inc. One Apple Park Way, Cupertino, Kalifornien, USA, 95014 – Data Privacy Features when “Logging in with Apple”; Whitepaper to the “Log in with Apple”; Privacy Policy.

Once you have logged in with one of your existing user accounts, additional registration is no longer required. If you want to use the function, you will first be redirected to the relevant social network. There you will be asked to log in with your username and password. Of course, we do not take any notice of these login data. The server to which a connection is established may be located in the USA or in other third countries.

Upon confirmation of the corresponding login button in our app, the corresponding social network learns that you have logged in to our app with your user account and links your user account to your customer account in our app. In addition, the following data is transmitted to us:

  • Google Sign in: email address, Google ID, name, profile picture URL;
  • Sign in with Apple: name, email address (optional), device code.

3. Use of app tools (e.g. scripts, API, SDK)

Our app uses programming codes (so-called scripts), programming interfaces (so-called API), software development kits (abbreviated SDK) and comparable technologies (collectively “tools”), which are offered either by ourselves or by third parties and can in particular access the identification numbers stored in the mobile device such as the device ID (Device ID) or the advertising ID (Advertising ID or Advertising Identifier – abbreviated Ad ID).

In the following, we list the tools we use by category, informing you in particular about the providers of the tools and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.

3.1 Legal basis and revocation
3.1.1 Legal basis

We use tools necessary for the operation of the app on the basis of our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO to enable you to use our app more conveniently and individually and to make the use as time-saving as possible. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out pursuant to Art. 6 (1) sentence 1 lit. b DSGVO.

We use all other so-called optional tools, in particular those for marketing purposes, on the basis of your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO and pursuant to Section 15 (3) p. 1 TMG, insofar as usage profiles are created for the purposes of advertising or market research. Data processing with the help of these tools only takes place if we have received your consent in advance.

If personal data is transferred to third countries, we refer you to section 6 (“Data transfer to third countries”), also with regard to the possible associated risks. We will inform you if we have concluded standard contractual clauses or other guarantees with the providers of certain tools. If you have given your consent to use certain tools, we (also) transfer the data processed when using the tools to third countries on the basis of this consent.

3.1.2 Obtain your consent

We use a Consent Management Platform to manage and store consents to data processing. This is informed about the data processing in our app and provides the possibility to consent to all, individual or no data processing through optional tools. It records whether consent has been given or not.

This page appears the first time you launch our app and when you revisit your settings selection to change them or revoke consents. The page will also reappear when you launch our app if the app data stored in your mobile device has been deleted. 

If you delete your app data on your end device, we will ask you for your consent again when you call up the app at a later time. The data processing is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis is Art. 6 (1) p. 1 lit. f DSGVO, justified by our interest in fulfilling the legal requirements for cookie consent management.

3.1.2 Revocation of your consent or change of your selection

You can revoke your consent for certain tools at any time in the settings. 

3.2 Necessary tools

We use certain tools to enable the basic functions of our App (“Necessary Tools”). Without these tools, we could not provide our service. Therefore, necessary tools are used without consent based on our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO or to fulfill a contract or to perform pre-contractual measures pursuant to Art. 6 (1) p. 1 lit. b DSGVO.

3.2.1 Storage of information on the end device

We store the following data on your terminal device to provide the basic functions of the app:

  • Language;
  • Location;
  • Health-Data.
3.2.2 Anonymized crash reports (Firebase Crashlytics)

To ensure the stability, functionality and reliability of our app and to be able to improve it, we rely on anonymized crash reports. These are enabled by default and are automatically transmitted to capture the error and crash reports in a timely manner and to fix the errors in the app.

In particular, the following anonymous information may be transmitted, which does not allow any conclusion to be drawn about you:

  • Device data: Type, manufacturer, hardware data, operating system version; 
  • Diagnostic data: Time of the crash, state of the app and position in the source code at the time of the crash, last log messages; 
  • the instance ID assigned to the app on your end device during app installation, which does not allow any conclusions to be drawn about you.

For this purpose, we also use the service Firebase Crashlytics (Firebase Crashlytics SDK), which is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The above-mentioned anonymous information is transmitted to Google in the event of a crash of the app and stored there for analysis for up to 90 days.

You can deactivate the crash reports by a setting in your operating system (Android / iOS). You can find instructions on how to do this at:

In the event that personal data is transferred to the USA, this is done on the basis of Art. 49 Para. 1 lit. b DSGVO in order to enable the fulfillment of a contract with you or the implementation of pre-contractual measures. For more information, please see section 6 (“Data transfer to third countries”).

3.3 Functional tools

We also use tools to improve the user experience in our app and to offer you more features (“functional tools”). While these are not strictly necessary for the basic functionality of our app, they can bring significant benefits to users, especially in terms of user experience and providing additional communication or payment channels.

3.3.1 Stripe

We use the services of Stripe (Stripe iOS SDK, Stripe Android SDK) of Stipe Inc, 510 Townsend Street, San Francisco, CA 94103, USA (“Stripe”). Stripe is an external payment service provider to process payments made to us. In connection with processing such payments, we do not retain personally identifiable information or financial information such as credit card numbers. We do process transaction data (specifically, contact and transaction data such as credit card information or bank account information). Only essential transaction data such as transaction amount is passed to Stripe, whose use of your personal data is governed by their privacy policy. Stripe also processes the data on its own responsibility for abuse prevention and further development of its products.

Stripe collects the following data in the app in particular:

  • Device ID (identifierForVendor (iOS), ANDROID_ID (Android)); 
  • Device model, operating system version; 
  • System language, country and time zone; 
  • Screen resolution.

The legal basis is Article 6, paragraph 1(b) of the GDPR in order to fulfill the payment under a contract with you, and otherwise Article 6, paragraph 1(f) of the GDPR, whereby the use of an external payment service provider is based on our legitimate interest in being able to offer you an additional payment option with Stripe.

We have concluded an order processing agreement(https://stripe.com/dpa/legal) with Stripe. Data processing by Stripe partly takes place on servers in the USA. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with Stripe and/or this is done on the basis of Article 49, paragraph 1 (b) of the GDPR in order to enable the performance of a contract with you or the implementation of pre-contractual measures. For more information, please refer to section 6 (“Data transfer to third countries”).

You can find more information in Stripe’s privacy policy.

3.4 Analysis Tools

To improve our app, we use tools to statistically collect and analyze general usage behavior based on access data (“analytics tools”). We also use analytics services to evaluate the use of our various marketing channels.

The legal basis for the analysis tools is – unless otherwise stated – your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. For revocation of your consent, see 4.1.3: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 (1) sentence 1 lit. a DSGVO). Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

3.4.1 Adobe Analytics

Our app uses Adobe Analytics, a usage analytics service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (“Adobe”). Adobe Analytics allows us to analyze and report on the usage patterns of our app using the instance ID of your app installation, the device ID, or the advertising ID of your mobile device. The insights gained from this help us to improve this app and thus make your user experience more pleasant.

In particular, the following information is processed during the analysis:

  • Number of users and sessions (date, time), session duration; 
  • Operating system, device type, brand, model and resolution; 
  • Region, country, language; 
  • First time launch, app version, app executions, app updates; 
  • Events (such as interactions and events), such as areas/modules accessed within the app, content viewed, buttons clicked, or similar.
  • Information about your browser and device, such as device type, browser type, ad identifier, operating system, connection speed, and display settings
  • Your partial IP address (shortened IP address), which can be used to determine your approximate location.

You can restrict the use of the advertising ID in the device settings of your end device:

  • For iOS: Settings > Privacy > Advertising > No ad tracking

Adobe Analytics may also process data on servers in the US. Data linked to the advertising ID is stored for 60 days, user conversions for 14 months. If your usage data is transferred to the USA, we have concluded standard contractual clauses with Adobe.

For more information about Adobe’s privacy policy, see:

 
3.4.2 Google Analytics

Our app uses Google Analytics for Firebase (“Google Analytics”), a usage analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Firebase allows us to analyze and evaluate the usage behavior of our app using the instance ID of your app installation, the device ID or the advertising ID of your end device. The insights gained from this help us to improve this app and thus make your user experience more pleasant.

In particular, the following information is processed during the analysis:

  • the device ID, the advertising ID, and the instance ID; 
  • Number of users and sessions (date, time), session duration; 
  • Operating system, device type, brand, model and resolution; 
  • Region, country, language; 
  • Age group, gender, interests; 
  • First time launch, app version, app executions, app updates; 
  • In-app purchases;
  • Events (such as interactions and events), such as areas/modules accessed within the app, content viewed, buttons clicked, or similar.

You can restrict the use of the advertising ID in the device settings of your end device:

  • For Android: Settings > Google > Ads > Reset Ad ID
  • For iOS: Settings > Privacy > Advertising > No ad tracking

Data processing by Google Analytics may also take place on servers in the USA. Data linked to the advertising ID is stored for 60 days, user conversions for 14 months. If your usage data is transferred to the USA, we have concluded standard contractual clauses with Google.

You can find more information about data protection at Google and Firebase at:

3.5 Marketing-Tools

WWe also use tools for advertising purposes (“marketing tools”). Some of the access data collected when using our app is used for interest-based advertising. By analyzing and evaluating this access data, we are able to show you personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and our app as well as on the websites and apps of other providers.

The legal basis for the marketing tools is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. For revocation of your consent, see 4.1.3: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 (1) sentence 1 lit. a DSGVO). Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

In the following section, we would like to explain these technologies and the providers used for this in more detail. The data collected may include in particular:

  • the device ID, the advertising ID, and the instance ID;
  • Events (such as interactions and events), such as areas/modules accessed within the app, content viewed, buttons clicked, or similar; 
  • Number of users and sessions (date, time), session duration; 
  • Achievement of specific goals (conversions); 
  • First time launch, app version, app executions, app updates; 
  • In-app purchases; 
  • Technical information: Operating system; device type, brand, model, and resolution; 
  • Region, country, language, location.

However, the data collected is only stored pseudonymously, so that no direct conclusions can be drawn about individuals.

3.5.1 Google Ads conversion tracking and Ads remarketing (formerly AdWords) as well as Google Marketing Platform and Ad Manager (formerly DoubleClick)

Our app uses Google Analytics, Google Ads conversion tracking and remarketing (formerly AdWords) using the Firebase Software Development Kit (“Firebase SDK”) as well as Google Marketing Platform and Ad Manager (formerly DoubleClick) and Google AdMob using the Firebase SDK and the Mobile Ads SDK, each services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Firebase SDK and Mobile Ads SDK enable us to analyze and evaluate the usage behavior of the users of our app using the instance ID of your app installation, the device ID or the advertising ID of your end device, and to use them to display and analyze personalized advertising in our app and with third-party providers.

Google Analytics enables us to improve our app and optimize the quality of our offers and their content. Google Ads conversion tracking is used to record and analyze customer actions defined by us (such as clicking on an ad, page views, downloads). We use Google Ads remarketing to show you individualized advertising messages for our products on partner websites and apps from Google. Google Marketing Platform and Ad Manager enables us to present relevant ads, serve relevant ads based on your app usage, and perform commission billing for ads. Google AdMob enables the placement of advertisements with third-party providers.

In particular, the following information is processed during the analysis:

  • the device ID, the advertising ID, and the instance ID; 
  • Number of users and sessions (date, time), session duration; 
  • Operating system, device type, brand, model and resolution; 
  • Region, country, language; 
  • Age group, gender, interests; 
  • First time launch, app version, app executions, app updates; 
  • In-app purchases;
  • Events (such as interactions and events), such as areas/modules accessed within the app, content and ads viewed, clicks on buttons, ads, advertisements, or similar.

Data linked to the advertising ID is stored for 60 days, user conversions for 14 months.

For more information, see the following links:

In the device settings of your mobile device, you can restrict the use of the advertising ID:

  • For Android: Settings > Google > Ads > Reset Ad ID.
  • For iOS: Settings > Privacy > Advertising > No Ad Tracking
  • For Windows: Settings > Advertising ID

If you use a Google account, Google may associate your web and app browsing history with your Google account and use information from your Google account to personalize ads, depending on your Google account settings. If you do not want this association with your Google account, it is necessary to log out of Google before using our app.

If you have not given your consent, Google will only display general advertisements that have not been selected based on the information collected about you in our app. In addition to revoking your consent, you also have the option to disable personalized advertising in the Google advertising settings: https://adssettings.google.com/.

For more information, please see Google’s data usage policy and privacy statement.: http://www.google.com/policies/technologies/ads and http://www.google.de/privacy.html.

Data processing within the scope of the Firebase SDK may also take place on servers in the USA. If your usage data is transferred to the USA, we have concluded standard contractual clauses with Google.

4. Online presence in social networks

We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services.

For information regarding our online presences, please refer to the privacy policy of our website: https://ecomove.io/datenschutzerklaerung/.  

5. Data disclosure

A passing on of the data collected by us takes place in principle only if:

  • you have given your express consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
  • we are legally obligated to disclose your data pursuant to Art. 6 Par. 1 Sentence 1 lit. c DSGVO, or
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our app and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies, and consulting companies. If we pass on data to our service providers, they may only use the data to fulfill your tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.

In addition, disclosure may occur in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

6. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions of Art. 49 DSGVO, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, we will also inform you about this.

7. Storage duration

In principle, we store personal data only for as long as is necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

8. Your rights, especially revocation and objection

You are entitled to the data subject rights formulated in Art. 15 – 21, Art. 77 DSGVO at any time:

  • Right to withdraw your consent;
  • Right to object to the processing of your personal data (Art. 21 GDPR);
  • Right to information about your personal data processed by us (Art. 15 DSGVO);
  • Right to rectify your personal data stored by us that is incorrect (Art. 16 DSGVO);
  • Right to erasure of your personal data (Art. 17 DSGVO);
  • Right to restrict the processing of your personal data (Art. 18 DSGVO);
  • Right to data portability of your personal data (Art. 20 GDPR);
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights as described here, you can contact us at any time using the contact details above. This also applies if you would like to receive copies of guarantees demonstrating an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and in individual cases for the assertion, exercise or defense of legal claims even longer. The legal basis is Art. 6 (1) p. 1 lit. f DSGVO, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 DSGVO and fulfilling our accountability obligations under Art. 5 (2) DSGVO.

You have the right to revoke your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

Lastly, you have the right to complain to a data protection supervisory authority. You can exercise this right, for example, at a supervisory authority in the member state of your residence, your place of work or the place of the alleged violation. In Berlin, our headquarters, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

9. Changes to the privacy policy

Occasionally, we update this privacy policy, for example, when we customize our app or when legal or regulatory requirements change.

Version: 1.0 / September 2021