We undertake to comply with the statutory provisions on data protection and endeavor to always take into account the principles of data avoidance and data minimization.

1. name and address of the controller

a) The responsible person

The data controller is:

Spectrum Mobile Ltd.
STATTAUTO Munich CarSharing
Aidenbachstraße 36
81379 Munich

Phone: 089 202057-0
E-mail: data protection [at] stattauto-muenchen [dot] de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

b) The data protection officer

The data protection officer of the controller is:

Maximilian Bründl
Aidenbachstraße 36
81379 Munich

E-mail: data protection [at] stattauto-muenchen [dot] de

2. definitions of terms

We have designed our privacy policy according to the principles of clarity and transparency. However, if there is any ambiguity regarding the use of various terms, the relevant definitions can be found here.

3. legal basis for the processing of personal data

a) Processing of personal data according to the GDPR

We process your personal data such as, for example. Your name and first name, e-mail address and IP address, etc. only if there is a legal basis for this. Here, the following regulations in particular come into consideration according to the General Data Protection Regulation:

However, at the relevant points in this data protection declaration, we will always point out once again the legal basis on which your personal data is processed.

b) Processing of information according to § 25 par.1 TTDSG

We also process information pursuant to § 25 par.1 TTDSG by storing information on your terminal equipment or accessing information already stored on your terminal equipment. This can be personal information as well as non-personal data, e.g. cookies, browser fingerprints, MAC addresses and IMEI numbers. In this context, terminal equipment is any equipment connected directly or indirectly to the interface of a public telecommunications network for the purpose of transmitting, processing or receiving messages, § 2 (2). No.6 TTDSG.

As a rule, we process this information on the basis of your consent, § 25 Abs.1 TTDSG.

As far as an exception according to § 25 Abs.2 No.1 and No.2 TTDSG is given, we do not require consent. Such an exception exists when we access or store the information solely for the purpose of transmitting a message over a public telecommunications network or when it is absolutely necessary for us to provide a telemedia service that you have specifically requested. You can revoke your consent at any time.

We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. disclosure of personal data

The transfer of personal data is also processing within the meaning of the previous section 3. However, we would like to inform you again here separately about the subject of transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful about sharing your information with third parties.

Therefore, data is only passed on to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies that act as processors for us pursuant to Art. 28 GDPR. A processor is anyone who processes personal data on our behalf – i.e. in particular in a relationship of instruction and control with us.

In accordance with the requirements of the GDPR, we conclude a contract with each of our order processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.

5. storage period and deletion

Your personal data will be deleted by us if it is no longer necessary for the purposes for which it was collected or otherwise processed, the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

6. SSL encryption

Our app uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the app provider.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

7. collection and storage of personal data as well as their type and purpose of use

a) Download the app

When you download the mobile app, the required information is transferred to the App Store or Play Store, i.e. in particular username, email address and identifier of your store account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary to download the mobile app to your mobile device.

b) Use of the app

When using the mobile app, we collect the personal data described below to enable the convenient use of the functions. If you would like to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

c) App tracking and analysis

Our service provider cantamen GmbH, Am Hohen Ufer 3A, 30159 Hannover, Germany (hereinafter cantamen) uses the analytics service Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand) to track certain clicks, views, as well as pages from which our app visitors were redirected. However, the collection of this tracking data is completely anonymized using IP anonymization, so that no personal data is collected and no conclusions can be drawn about individuals.

d) Collection of location data

The app can detect your location via GPS/Wi-Fi if you agreed to this sharing in your operating system settings when you installed the app. Here you can also decide between the one-time or permanent collection of location data by the app.

With the help of this position data, we can provide you with quick information, such as nearby car sharing stations and vehicles available there at the requested time period in your immediate vicinity.

This function already exists before logging into an already registered customer account. Insofar as you use the location function before the actual login, we process this location data on our own responsibility on the basis of the consent granted by you in accordance with. Art. 6 par.1 S.1 lit. a) GDPR.

You can deactivate and reactivate the release for the collection of location data in the operating system at any time thereafter. The processing of your personal data remains lawful until the moment we receive your revocation.

e) Login and customer account

To use the booking functions in our app, you need an existing customer account. With this customer account you can log in to our app. To log in, we process your login name (customer number, e-mail address), your freely selectable password and our provider ID.

The collected data is processed here by our service provider cantamen. There is a corresponding order processing contract between us and cantamen according to. Art. 28 par.3 GDPR.

f) Vehicle booking

Insofar as you book a vehicle via our app, we process your car sharing account data, which is necessary for the reservation and invoicing. This is your customer number, start and end of the booking time, the selected vehicle and station, the booking method, and the time and date the booking was made.

In addition, in the event of a booking, we process your trip data, such as start and end time, start and destination, duration of use, number of kilometers driven and the respective vehicle type. These data are the subject of the invoice.

The collected data is processed here by our service provider cantamen. There is a corresponding order processing contract between us and cantamen according to. Art. 28 par.3 GDPR.

g) Cross use

We also offer you the possibility to reserve and book vehicles from other car sharing organizations via our app. In this case, we process your trip data, such as start and end time, start and destination, type and duration of use, route driven as well as vehicle type, the specifically selected vehicle and its vehicle ID and license plate number. This data is provided to us by the respective car sharing organization for billing purposes. In case of cross-use with a Cambio organization, you will be redirected to Cambio’s booking platform from our app.

The collected data is processed here by our service provider cantamen. There is a corresponding order processing contract between us and cantamen according to. Art. 28 par.3 GDPR.

h) Damage report in the app

We also offer you the option of reporting damage or soiling to the booked carsharing vehicle as well as lost property via our app. You must attach at least two photos of the damage or contamination to this notification. You can take this photo directly from the app or upload a corresponding photo to the app, as long as you allow the app camera access or file access.

The collected data is processed here by our service provider cantamen. There is a corresponding order processing contract between us and cantamen according to. Art. 28 par.3 GDPR.

8. rights of the data subject

You have the following rights:

a) Information

In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us. This right to information includes information about

b) Correction

In accordance with Art. 16 DSGVO, you have the right to promptly correct any inaccurate or incomplete personal data stored by us.

c) Deletion

In accordance with Art. 17 DSGVO, you have the right to request the immediate deletion of your personal data from us, insofar as the further processing is not necessary for one of the following reasons:

d) Restriction of processing

In accordance with Art. 18 DSGVO, you may request the restriction of the processing of your personal data for one of the following reasons:

e) Information

If you request the correction or deletion of your personal data or a restriction of processing pursuant to Art. 16, Art. 17 para. 1 and Art. 18 DSGVO, we will communicate this to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You may request that we notify you of these recipients.

f) Transmission

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format.

You also have the right to request the transfer of this data to a third party, provided that the processing was carried out with the help of automated procedures and is based on consent pursuant to Art. 6 para. 1 p. 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO is based.

g) Revocation

Pursuant to Art. 7 para. 3 DSGVO the right to revoke your consent at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.

h) Complaint

In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) Contradiction

If your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying the particular situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to info [at] cantamen [dot] de.

j) Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and us
  2. is permitted on the basis of legal provisions of the European Union or the Member States to which we are subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests
  3. is done with your express consent

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases mentioned in i) and iii), we take reasonable measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from our side, to express your point of view and to contest the decision.

9. modification of the privacy policy

If we change the privacy policy, this will be indicated in the app.

Status: 27.09.2023

Contact

Information on the processing of your personal data: Spectrum Mobil GmbH is responsible for the processing of your personal data. For further information on the processing of your data, in particular on the rights to which you are entitled, please refer to our data protection declaration at https://stattauto-muenchen.de/datenschutz or contact us by any other means.

Application

Here you can optionally upload files like resume, cover letter or certificates (max. 10MB)
Notes on the processing of your personal data: Spectrum Mobil GmbH is responsible for the processing of your personal data in the context of the application. For further information on the processing of your data, in particular on the rights to which you are entitled, please refer to our data protection declaration at https://stattauto-muenchen.de/datenschutz or contact us by any other means.