1. We take data protection seriously
Protecting your privacy while processing personal data is important to us.
Below, we inform about the collection of personal data. Personal data includes all data that is personally available to you, e.g. name, address, e-mail addresses, user behaviour.
We shall store the information you provide, your e-mail address, and your name and telephone number, when you contact us by e-mail or via a contact form, to answer your questions. We delete the data that arises in this context after storage is no longer required, or limit the processing if there are statutory retention requirements. Your data shall be treated confidentially. Nothing is passed on to third parties.
If we must rely on contracted service providers for individual functions in our offer, or if you wish to use your data for advertising purposes, we shall inform you about the respective transactions in detail below. With contract data processors (s 28 GDPR), we have concluded contracts which correspond to this data protection declaration.
We have made technical and administrative security provisions to protect your personal data from loss, destruction, manipulation and unauthorised access. All of our colleagues as well as all service providers working for us are obliged to follow the applicable data protection laws. Whenever we collect and process personal data, the data is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security provisions are therefore subject to a continual improvement process and our data protection declaration is continually revised. Please ensure that you possess the most current version available.
2. Persons Responsible
Responsible according to Art. 26 s 1of the EU General Data Protection Regulation (GDPR) is:
EMobG Services Germany GmbH
Tel.: +49 203-3485-555
3. Data Protection Officer
You can reach our internal data protection officer either under the mail address: firstname.lastname@example.org or by post under our postal address EMobG Services Germany GmbH Anckelmannsplatz 1 20537 Hamburg with the addition "the data protection officer".
4. Informational Website Usage
For merely informative use of our websites, i.e. if you do not register or otherwise provide us with information, we will only collect the data that your browser transmits to our server. If you wish to view our websites, we collect the following data, which is technically required for us to display our website and to ensure stability and security (the legal basis is Art. 6s 1(f)GDPR):
- IP Address
- Date and time of the request
- Time Zone Difference with Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access Status / HTTP status code
- Respective amount of data transmitted
- The website from which the request originates
- Operating system and its interface
- Browser software language and version.
You are not required to disclose any other personal information in order to visit our websites. These data are anonymised and used only for statistical purposes, or to improve our internet and online services. These anonymised data are stored separately from personal data on secure systems and cannot be assigned to individuals. This means that your personal information remains protected at all times. A personalised evaluation of this data does not occur.When you use one of our services, we usually only collect the data required to provide our service. We may ask you for more information, which is on a voluntary basis. Whenever we process personal information, we do so to provide you with our service or to pursue our commercial goals. The same applies in the event that we provide you with information material on request, or if we reply to your enquiries. In these cases, we will always make you aware of this. Additionally, we only store the data that you have sent to us automatically or voluntarily.
5. Categories of Personal Data
The following categories of personal data can be processed by us in connection with our services:
- Basic Data: This includes, for example, first name, last name, address (private and/or business) and date of birth.
- Communication Data: This includes, for example, telephone number, e-mail address (private and/or business), telefax number if necessary and communication content (for example: e-mails, letters and telefaxes).
- Contract Data: This includes, for example, rental information (vehicle category, pick-up and return date, pick-up and return station, booked extras/services), rental contract number, reservation number, driver’s licence data, driver’s licence photo, licence plate of the vehicle you rented, and information on customer loyalty and partner programs.
- Financial data such as credit card data.
- Optional Data: This includes data that you provided to us on a voluntary basis without us explicitly requesting it such as, for example, requests for vehicle equipment or data on preferred vehicle classes.
- Special Data Categories: In the event of an accident, vehicle damage or similar incident, we process data to determine the course of events as well as the damage. This data can be provided by customers, passengers or injured parties. In these cases, health data can also be processed, including data on injuries, blood alcohol levels, instances of driving under the influence of narcotics or similar.
- Data on Third Parties: Insofar as you provide us with the personal data of third parties in the scope of this rental relationship (such as relations, second driver or passengers), we process this data as well.
6. For What Purposes Do We Use The Collected Personal Data
6.1. Reservation and Rental of vehicles
We process your basic data, communication data, contract data, financial data as well as potential voluntary data for the purpose of reserving as well as concluding and fulfilling a rental contract.
We also use basic data, communication data and contract data for the purpose of customer service in the event that you contact us, for example for complaints, rebookings or similar.
If you reserve your vehicle via travel agencies, online travel agents or other intermediaries, your basic data, communication data, rental information and, if necessary,financial information will be transferred to us from our partners.
We also use your basic data and contract data for the purpose of settlement of commissions and sales processing, for example with travel agencies, agents, franchises and cooperation partners.
Additionally, we are also legally obligated to compare your basic and communication data with an officially prescribed list of offenders for the purposes of prevention and declaration of offences. This comparison also serves the emergency response and the facilitation of law enforcement.
We also use your data for your security and ours, for example for the avoidance of payment defaults as well as for prevention of property crimes (especially fraud, theft, and misappropriation). Insofar as you desire to invoice a rental, we process your basic and financial data to check your credit rating by obtaining disclosures from credit agencies.
After the mutual fulfilment of the rental contract, your basic, financial, and contract data remains stored until the expiration of the legal retention period.
Legal bases of the processes mentioned above.
Art. 6 s 1(b) GDPR for data processing for the purpose of the reserving, concluding and fulfilling of rental contracts as well as for customer service.
Art. 6 s 1(f) GDPR for data processing for the purpose of the invoicing of third parties, for the enforcement of their own claims as well as for risk prevention and the avoidance of fraud.
Art. 6 s 1(c) GDPR for data processing for the purpose of detection, prevention and declaration of crimes, review and storage of driver’s licence data and commercial and fiscal storage obligations.
Legitimate interest so long as the processing is based on Art. 6 s 1(f) GDPR. Our legitimate interest in using your personal data isto improve our services and use customer support to offer you the best possible services and sustainably improve customer satisfaction.
Insofar as the processing of data affects the purposes of preventing damage to our company or to our vehicles through corresponding analyses, our legitimate interest consists of guaranteeing cost security and avoiding economic disadvantages, for example payment defaults or the loss of one of our vehicles.
We disclose your data for the purposes mentioned above to the following recipients: IT-service providers, debt collection agencies, financial service providers, credit agencies, cooperation and agency partners as well as franchise partners.
6.2. Damage to Vehicles and Criminal/Administrative Offence Proceedings as well as Legally Prescribed Data Storage and Transfer
In the event that you find damages to our vehicles or damages which were caused by you or another person, or you or another person were involved in an accident with one of our vehicles, we process your basic, communication, contract and financial data and, if necessary, health data for the following purposes:
-Receipt and processing of complaints,
-Customer service in case of damage,
-Regulation of damages as well as
-Processing of accident damages (processing on the basis of your data and the data from third parties such as police, future renters, or witnesses, etc.).
This also includes the processing of the stated data categories for the purposes of damage liquidation, against insurance companies for example.
In connection with damages and accidents, we also process your basic, communication and contract data for the purpose of assistance services.
Additionally, we process your basic, communication and contract data for the purposes of fulfilling legal obligations, (such as disclosures to investigative authorities, for example).
If you are suspected by the relevant authorities of having committed a misdemeanour or offenceusing one of our vehicles, we also process the data transmitted to us by the relevant authorities in addition to the basic data stored by us.
We additionally process your basic, communication, and contract data and, if necessary,health data for the purpose of ensuring and implementing our own legal claims against you such as for payment defaults or damage to our vehicles.
We process your basic, communication, contract data and financial data for the purposes of fulfilling legal obligations which we are subject to. This includes the processing of data in the scope of disclosure obligations to authorities and the processing according to fiscal and commercial provisions (for example, storage obligation for commercial trading accounts and vouchers according to § 257, Section 4 of the Commercial Code).
Legal Basis for Processing
Art. 6 s 1(b) GDPR for data processing for the purposes of complaint management, customer service in the event of damages and the processing of accident damages.
Art. 6 s 1(c) GDPR for data processing for the purposes of processing accident damages.
Art. 6 s 1(f)GDPR for data processing for the purposes of damage liquidation, the implementation of our own claims against you as well as those in connection with criminal offences.
Art. 9 s 2(f) GDPR for processing of health data for the purposes of assertion, exercise, or protection of legal claims.
Legitimate interest so long as the processing is based on Art. 6 s 1(f) GDPR. Our legitimate interest in processing your personal data for the purposes of damage liquidation and the implementation of our own claims against you consists of preventing damage to our company and allowing us to provide undamaged vehicles to our customers. Additionally, we are legally obligated to process your data for the purposes of damage liquidation on the basis of contractual relationships with third parties (for example insurance agencies). Our legitimate interest in this respect consists of contract compliance.
For the purposes mentioned above, we disclose your data to the following recipients: authorities (investigative authorities, regulatory authorities, police authorities), debt collection agencies, appraisers, assistance service providers, attorneys and insurance agencies.
In the scope of our fraud prevention measures, we transmit your personal data in cases of determined or threatened fraud to third parties who are actual or threatened victims.
In cases of damage and/or accidents in a third country, we transmit your data to the relevant authorities and to the insurance agencies in that third country. A transmission to a third country takes place on the basis of an adequacy decision from the European Commission. If the respective third country does not have an adequacy decisionfrom the European Commission available, the transfer to the third country occurs on the basis of appropriate guarantees within the conditionsof Art. 46 s 2 GDPR. Furthermore, we can transmit your data to a third country under the requirements of Art. 49 GDPR. Third countries are all countries outside the European Economic Area. The European Economic Area includes all countries that belong to the European Union as well as countries of the so-called European Free-Trade Zone. These are Norway, Iceland and Liechtenstein.
6.3. Customer Care and Acquisition / Marketing
Where necessary, we also process your basic data and communication data to inform you about special rates in the scope of customer care and customer loyalty.
We process your basic data, communication data and contract data as well as voluntary data for the purposes of process and offer optimisation.
This includes the creation and evaluation of reports on rentals, capacity planning for the purpose of improved vehicle allocation as well as the analysis and removal of sources of error. Additionally, we process your basic data and the contract data for optimising our online appearance.
Furthermore, we process your basic data, communication data and contract data in the scope of cooperation with our cooperation partners and agency partners for the optimisation of relevant processes and offers.
We use your e-mail address to offer you similar services (see also “Newsletter”). You may object to this use of your e-mail address at any time without incurring other costs other than the transmission costs according to basic tariffs.
Legal Basis for the Processes Mentioned Above
Art. 6 s 1(f) GDPR for data processing for the purpose of customer acquisition or customer consolidation and the care of business clients as well as direct advertising measures.
Art 6 s 1(a) GDPR insofar as consent for measures of process and offer optimisation or marketing measures is necessary.
Legitimate interest insofar as the processing is based on Art. 6 s 1(f) GDPR.
Our legitimate interest in processing your data in the scope of customer care and customer loyalty consists of offering you the best possible services, on the one hand, andsustainably improving customer satisfaction on the other.
We disclose the data of the contact person of our business client for the purposes mentioned above to the following recipients: IT service providers, cooperation and agency partners.
7. How long do we keep your personal data?
The storage period of your personal datadepends on several factors.
We store your data until the purpose on which the processing is based has expired. Insofar as we are legally obligated to store personal data, the storage occurs for the duration of the legal obligation. For commercial documents including trading books and receipts (invoices, among others), these are stored for 10 years (§257, Section 4 of the Commercial Code). Where necessary, your data will be stored for the ongoing business during this time so long as there exists no additional purpose for processing.
8. Cookies, Plug-ins and Analysis Tools
Our websites use the following types of cookies, the scope and operation of which are explained below:
- Transient Cookies,
- Persistent Cookies.
Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. They store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or when you close the browser.
Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
The Flash cookies used are not detected by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of the browser you are using, and do not have an automatic expiration date. If you do not want to process the Flash cookies, you will need to install an add-on, such as: "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.
8.1. Google Analytics with anonymisation function
We use Google Analytics on our websites, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter "Google". Google Analytics uses so-called "Cookies", text files which are stored on your computer, thereby allowing an analysis of your use of the website. The legal basis for the use of Google Analytics is Art. 6 s 1(f) GDPR.
The information generated by these cookies, such as the time, location and frequency of your website visit, including your IP address, is transmitted to Google in the United States and stored there.
We use Google Analytics with the add-on "_gat. anonymizeIp". In this case, your IP address will already be abbreviated and, thus, anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area Only in exceptional cases will the full IP address be sent to a Google server in the US and abbreviated there. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework for these exceptional cases where personal information is transferred to the US.
Google will use this information to evaluate your use of our site, to compile reports on our website activity and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties, if the law requires it, or as far as third parties process this data on behalf of Google.
Google does not claim to link your IP address to any other data provided by Google. You can prevent installation of cookies by setting your browser software accordingly; however, we state that in this case you may not be able to fully use all our website’s functions.
If you visit our site via a mobile device (smartphone or tablet), you must click this link instead to prevent future tracking by Google Analytics within our websites. This is also possible as an alternative to the browser add-on mentioned above. Clicking on the link puts an opt-out cookie in your browser which is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again.
If you have consented to Google linking your web and app browsing history to your Google Account, and to using information from your Google Account to personalise your ads, Google will use your data with Google Analytics data to provide audience lists to create cross-device remarketing. In order to do this, Google Analytics will initially track your Google-authenticated ID associated with your Google Account (that is, personally identifiable information) on our website. Google Analytics will then temporarily link your ID with your Google Analytics data to optimise our audiences. If you do not agree, you may optout of this through the "My Account" section of your Google Account.
8.2. DoubleClick Ad Exchange
Your browser may store a cookie sent by Google Inc. or a third party, to the extent that DoubleClick Ad Exchange, a web advertising service of Google Inc., USA ("Google"), advertises (text messages, banners, etc.) on this website. The information stored in the cookie can be recorded, collected and evaluated by Google Inc. or third parties. In addition, the DoubleClick Ad Exchange also uses so-called "Web Beacons" (small invisible graphics) for collecting information, through the use of which simple actions, such as visitor traffic on the website, can be recorded, collected and evaluated. The information generated by the cookie and/or Web Beacon about your use of this website is transmitted to and stored by Google on servers in the United States. Google uses the information so obtained to evaluate your usage behaviour regarding DoubleClick Ad Exchange advertisements. Google may also transfer this information to third parties, if the law requires it, or as far as third parties process this data on behalf of Google. This is done only to combat and filter spam/fraud (ad impressions spam and click spam), as far as IP addresses are transmitted and stored in this context. These data are strictly accessible only to anti-abuse teams. Google does not associate the IP address with other data stored by Google. You can prevent the storage of cookies on your hard disk and the display of Web Beacons. To do this, you must select "Do not accept cookies" in your browser settings. You can find more information here: http://www.google.com/intl/en/policies/privacy/ads/
Alternatively, you can disable the DoubleClick Cookies with this optout.
8.3. Google Remarketing
8.4. Google Maps
Our websites use Google Maps to display maps and generate directions. Google Maps is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. By using Google maps on this website, you consent to the collection, processing, and use of your collected or provided data by Google, its agents, or third parties.
When visiting our websites, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 2 of this declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged into, or there is no user account. When you are logged into Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or customised website design. Such an evaluation is done (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of such user profiles; this right must be exercised through Google.
8.5. Use of Social Media Plug-ins
We use the following social media plug-ins: Facebook, Xing, and Instagram.
In doing so, we use the so-called two-click solution. That means that if you visit our sites, no personal data is initially given to the supplier of the plug-ins on principle. You can recognise the supplier of the plug-ins above the marking on the box by their initial letter or logo. We offer the option of contacting the supplier of the plug-ins directly via the button. Only when you click on the indicated field and it thereby activates, does the plug-in supplier receive the information that you have accessed on the corresponding websites of our online offers. The data mentioned in § 3 of this declaration will then be transmitted. In the case of Facebook, the IP addresses are immediately anonymised according to the specifications of the suppliers in Germany. By activating the plug-ins, your personal data will be transmitted to the plug-in suppliers and stored there (by US American suppliers in the USA). Because the plug-in suppliers carry out the data collection particularly via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed-out box.
We have neither influence over the data collection and data-processing operations, nor are we made aware of the full extent of the data collection, the purposes of the data processing or the length of time that data is stored. We also have no information in regards to deletion of the collected data by the plug-in supplier.
The plug-in supplier stores the data collected on you as a usage profile and uses the data for the purposes of advertising, market research and/or appropriate design of their website. Such an evaluation is done especially (even for users who are not logged in) for the presentation of appropriate advertising and to inform other users of the social network of your activities on our website. You have the right to object to the formation of such user profiles, whereby you must contact the respective plug-in supplier directly in order to exercise this right. We offer you the possibility to interact with the social network and with other users via the plug-ins so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 s1(f) GDPR.
The data transfer is done regardless whether you have an account with the plug-in supplier and are logged in there. When you are logged into the plug-in supplier, your data which has been collected by us will be assigned directly to your existing account with the plug-in supplier. When you activate the button and, for example, link to the site, the plug-in supplier also stores this information in your user account and openly communicates this with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button in order to avoid this kind of allocation to your profile with the plug-in supplier.
For more information on the purpose and scope of the data collection and its processing by the plug-in supplier, please refer to the following disclosed data protection declaration of the supplier. There you will find additional information about your rights concerning these matters and settings options for the protection of your privacy.
Addresses of the respective plug-in suppliers and URL with their data protection information:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Additional information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted itself to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
- Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA;Additional information on data collection: https://help.instagram.com/155833707900388;
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
8.6. Facebook Custom Audiences
Additionally, our websites use the remarketing-function “Custom Audiences” of Facebook Inc. (“Facebook”). Users can thereby be shown advertisements that pertain to their interests (“Facebook-Ads”) in the course of a visit to the social network Facebook or other websites that also use this process. In this way, we pursue interests in order to show you advertisements that are interesting to you so that we can make our website more interesting for you.
On the basis of the marketing tools use, your browser automatically creates a connection with the Facebook server. We have no influence over the scope and the further usage of the data that is collected by Facebook through the use of this tool. We therefore inform you accordingly of our present knowledge. Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our online presence or have clicked on one of our ads. Provided that you are registered with a Facebook service, Facebook can allocate the visit to your account. Even if you are not registered with Facebook or have not logged in, there is the possibility that the supplier may find out your IP address and other identifying features and store them.
Deactivation of the feature "Facebook Custom Audiences" is possible at https://www.facebook.com/settings/?tab=ads#.
The legal basis for the use of the plug-ins is Art. 6 s 1(f) GDPR. You can find additional information on data collection through Facebook at https://www.facebook.com/about/privacy.
With your consent, you can subscribe to our newsletter, which will keep you informed about current offers. The advertised goods and services are named in the declaration of consent.
We use the so-called double opt-in procedure to subscribe users to our newsletter. This means that after you have registered we will send an e-mail to your specified e-mail address to confirm your request to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We will also store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.
The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for sending you the newsletter. The legal basis is Art. 6 s 1(a) GDPR.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details provided in the legal notice.
We point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned under section 2 and the web beacons with your e-mail address and an individual ID. Links in the newsletter also contain this ID. The data are collected exclusively pseudonymised; therefore, the IDs are not linked to your other personal data and a direct personal reference is excluded.
You can stop this tracking at any time by clicking on the special link which is provided in every e-mail or informing us by some other means of contact with us. The information will be stored as long you are subscribed to the newsletter. After a cancellation, we save the data anonymously for statistical reasons. Moreover, such tracking is not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be completely displayed for you and you may not be able to use all of the functions. If you manually allow images to be displayed, the tracking mentioned above will work.
10. Rights of the Person Affected
- right to disclosure,
- right to correction or deletion,
- right to the limitation of the data processing,
- right to object to the data processing,
- and the right to data transferability.
Please contact us anytime under email@example.com if you would like to find out what personal data we have stored on you or if you would like to correct or delete this data.
You also have the right to complain to any data protection supervisory authority about the processing of your personal data by us.
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
20459 Hamburg, Germany
12. Changes to our data protection declaration
We reserve the right to amend our data protection declaration if this becomes necessary due to new technologies. Please ensure that you have the most current version available. If any fundamental amendments are made to this data protection declaration, these will be made known on our website.