Version 2.23 from 30/06/2020
We (the Publisher and any separate providers) thank you for your interest in this app. We are committed to protecting your privacy as an app user. This document explains how we handle personal data with regard to the app. “Personal data” means all information that relates to a natural person who has been or can be identified. The way we handle personal data is always based on our applicable Data Protection Policy.
We process personal data of the users that the users enter when logging into and using the app, data that they approve for processing on the device, and data relating to the use of the app (location).
The transfer of such data is neither legally or contractually prescribed nor necessary for the conclusion of a contract. The user is not obliged to transfer such data. However if such data are not transferred this may result in the app not functioning or only functioning with restrictions.
In addition for the use of the payment function, we save an earmarked identification number. In this respect, we additionally process the name of the credit card holder, the expiry date of the credit card and the credit card number that the user provided as a payment method when registering. Furthermore, we use an encrypted image of the credit card data with a shortened credit card number as a unique credit card identifier.
We process the aforementioned data pursuant to the applicable data protection laws. Data is processed for the following purposes:
1. Contract fulfillment
We process personal data to fulfill the contract with you for use of the app (provision of the app and its functions) to the extent necessary.
We generally delete the personal data once further processing is no longer needed for the purposes of contract fulfillment. Further storage or processing takes place only as set forth in the section “Term of storage and deletion.”
When using the payment function, we process the above-mentioned personal information to provide the service to you. When you select this service, you do not have to re-enter your payment data if you make payments connected to this service in other webshops. Processing this data is required so that we can provide you with this service. Therefore, the legal basis is performance of contract with the person affected by data processing.
2. Consent to Data Processing
If you have opted in to the processing of personal data for other purposes (e.g. for evaluating usage data, see section “Evaluation of Usage Data”), this data processing is conducted based on your consent.
Consent is always voluntary and you can opt out at any time. As a rule, consent given in the app can also be revoked in the app; otherwise you can revoke consent via the email address listed in the provider information. Opting out has no effect on the lawfulness of data processing that took place between the time you opted in and the time you opted out. It also has no effect on continued processing of the information on another legal basis, such as to fulfill legal obligations (see section titled “Compliance with legal requirements”).
3. Protection of legitimate interests
If required, we process your personal data beyond contractual fulfillment in order to protect legitimate interests of the publisher or of third parties. Legitimate interests include maintaining the functionality and security of our IT systems.
We generally delete this personal data once further processing or archiving is no longer needed to protect the respective legitimate interest. Further storage or processing takes place only as set forth in the section “Term of storage and deletion.”
4. Compliance with legal requirements
Our company is subject to legal obligations and requirements, such as retention obligations under commercial and tax laws. Therefore, we also process personal data of the users if needed to comply with legal obligations. We disclose personal data of a user only if there is a legal obligation to law enforcement and criminal prosecution authorities.
If you have consented to the evaluation of usage data by activating the function, we evaluate usage data from the app (usage data is collected for operation and to further develop Bertha) in order to determine preferences and upgrade the app. This allows us to tailor the app more closely to users’ needs and improve our offers.
You can revoke your consent to analysis of usage data at any time by deactivating the function in My Account > Data Protection > Usage Information, and you can grant consent again by re-activating the function. If cookies are used for evaluation, their use will stop once you deactivate the evaluation function.
If you have agreed to receive push messages, you will receive push messages on your device with information on how to use the app better and on features and offers of interest to you. You can also revoke your consent to receive push messages at any time by deactivating the function under My Account > Privacy > Usage Information and reactivating it again.
Passing On to Third Parties
If you use services from providers and other third parties with the app, particularly Adobe Analytics, Adjust, Sentry, Clever Tap we will share users’ personal data with them. We will do so only if needed for provision and use of the app and its functions, to fulfill legitimate interests of the Publisher or third parties, or if you have previously consented to your data being shared (see the section on “Scope and purposes of data processing”).
We have carefully selected the providers and monitor them regularly, particularly with regard to the secure handling of and security for the personal data accessible to them. We require that all providers agree to confidentiality and compliance with the legal obligations.
As far as the app links to contents and offers of third parties, these contents are in the responsibility of the respective third party.
For the use of the payment function, we transfer your data to our payment processor and the payment service provider selected by the webshop (“Payment Service Provider”, “PSP”). All relevant PSPs are located in the European Union and are bound to us through data processing agreements pursuant to Art.28 of the GDPR. Some of the relevant PSPs might use subcontracted processors outside the European Union. An adequate level of data protection is ensured through the agreement on standard contractual clauses for data processors.
Employees of the Daimler AG and its affiliated companies
For Users who log in to the App with their internal Daimler mail address when registering for the first time, the mail address is sent to Daimler AG for checking the existing Daimler fuel cards of the respective User. The fuel card if available will automatically be stored in the app. Before transmitting the mail address, the User will be informed of this transmitting when registering. If the User don’t want to pass on the Daimler mail address to Daimler AG, the User has the option of change the mail address to a private or other external one before registration.
If the employee fuel card from Daimler-AG is deposited, the fueling data required for payment processing will be transmitted to Daimler AG.
Government institutions or agencies
Personal data is transferred to government institutions or agencies only pursuant to mandatory legal requirements (see section on “Scope and purposes of data processing”).
We store and process your personal data only as long as needed for the respective purpose (see “Scope and purposes of data processing”). Moreover, data is stored and processed only if required for another purpose (see “Scope and purpose of data processing”) such as to comply with legal requirements (such as retention obligations under tax or commercial laws). In this case, we limit further data processing to this purpose and the legal basis of further processing.
If you have any questions about the processing of personal data in the app, you can contact the corporate data protection officer. He and his team will also be happy to help with requests for information, suggestions or complaints:
Chief Officer, Corporate Data Protection
D-70546 Stuttgart, Germany
In addition to the regulations above, under the requirements of the Data Protection Regulation of the European Union (GDPR), where applicable, please note the following:
The processing set forth in the section on “Scope and purposes of data processing” takes place on the following legal basis:
As a data subject affected by data processing, you have the right to information (Section 15 GDPR), correction (Art. 16 GDPR), data erasure (Art. 17 GDPR), purpose limitation (Art. 18 GDPR) and data portability (Art. 20 GDPR).
You have the right, for reasons relating to your own particular situation, to object at any time to the processing of your personal data on the basis of Article 6 1 e) of the GDPR (data processing in the public interest) or Art. 6 1 f) of the GDPR (data processing based on a consideration of interests). If you file an objection, we will continue to process your personal data only if we can document mandatory, legitimate reasons that outweigh your interests, rights and freedoms, or if processing is for the assertion, exercise or defense of legal claims.
If you feel that the processing of your personal data is in breach of legal requirements, you have the right to file a complaint with the responsible supervisory authority (Section 77 of the GDPR).
We reserve the right to update this data protection notice from time to time with future effect, such as following a change in circumstances and technical developments. We will provide you with sufficient notice of any material changes in a suitable manner and explain your rights in relation to the change.