Information on data protection in accordance with the Art. 13 General Data Protection Regulation (GDPR) in the EU

The Controller pursuant to Art. 4 No. 7 GDPR is:

UNION TANK Eckstein GmbH & Co. KG    
Heinrich-Eckstein-Straße 1    
63801 Kleinostheim    
Germany

Phone: +49 6027 – 509-0    
Email: info@uta.com    
Website: www.uta.com
 
Representative of the Controller:
Pierre Jalady (CEO)
 
If you access the UTA website in languages other than German or English, the respective UTA national company or another company belonging to the group is usually jointly responsible with UTA for the processing carried out via the website within the meaning of Article 26 GDPR. Upon request, we will be pleased to provide you with the essential contractual terms of the agreement pursuant to Art. 26 GDPR.

You can reach our data protection officer by mail at the above address with the addition of "data protection officer" or by e-mail at: dataprivacy@uta.com
 
Notice:

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your request, name and telephone number, if applicable) will be stored by us in order to answer your requests. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

1. Purpose(s) of processing

You can be sure: We process your data only for the purpose of fulfilling your requests, fulfilling and execution of the contracts concluded with us (including payment processing and, if applicable, credit assessment) and for our own marketing purposes. The processing always takes place in accordance with all data protection laws applicable to us.


2. Legal basis of processing
 
Insofar as we process your personal data on the basis of consent, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

When processing personal data to fulfil a contractual relationship with you, we process your personal data on the basis of Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of your personal data is necessary for the fulfilment of a legal obligation to which UTA is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to pursue a legitimate interest of UTA or a third party and if your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.


3. Storage duration

UTA will block or delete your personal data as soon as the purposes of the processing no longer apply. Storage may also take place if this is provided for by the European or national legislator in regulations, laws or other regulations to which we are subject as the Controller. Your personal data will also be blocked or erased in this case if a storage period prescribed by the aforementioned standards ends, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us:


1 Right of access
 
You may request confirmation from us as to whether personal data concerning you is being processed by us.
 
If there is such processing, you can request information from the Controller about the following:

• the purposes for which the personal data are processed;
• the categories of personal data which are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• the planned period for which personal data concerning you will be stored or, if specific information on this is not possible, criteria for determining the storage period;
• The existence of a Right to rectification or erasure of personal data concerning you, a Right to restriction of processing by us or a Right to object to such processing;  
• the existence of a right of appeal to a supervisory authority;
  any available information on the origin of the data, if the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

 
2 Right of rectification
 
You have a Right against us to rectification and/or completion towards the Controller, if the processed personal data concerning you are inaccurate or incomplete. The Controller shall carry out the rectification without undue delay.

 
3 Right to restriction of processing

You may request the restriction of processing of personal data concerning you under the following conditions:

• if you dispute the accuracy of the personal data concerning you for a period of time that enables us to verify the accuracy of the personal data;
• the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of processing of the personal data;
• we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims, or
• if you have lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether our legitimate grounds override your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
 
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.


4 Right to erasure

4.1 Duty to erase

You may request us to delete the personal data concerning you without undue delay. In this case, we are obliged to delete this data without undue delay if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.  
• You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
• The personal data concerning you have been processed unlawfully.  
• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.  
• The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
  
  

4.2 Information to third parties

If we have made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform further data controllers which process the personal data that you, as the data subject, have requested from them the erasure of all links to, or copies or replications of, such personal data.


4.3 Exceptions

The right to erasure does not exist insofar as the processing is necessary to

• to exercise the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, where the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
• for the assertion, exercise or defense of legal claims.

Furthermore, the right to erasure does not exist if the personal data must be stored by us due to statutory retention obligations and periods. In such a case, the personal data will be blocked instead of erased.


5 Right to notification

If you have asserted the Right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.


6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable and interoperable format. You also have the right to transmit this data to another data controller without hindrance from our side, provided that

• the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
• the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from us to another Controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7 Right to object
 
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

We shall no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.
 
8 Right of withdrawal of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time and without giving reasons. In the event of withdrawal, we will immediately delete your personal data and no longer process it. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision  

a) is necessary for the conclusion or fulfillment of a contract between you and us
b) is permitted on the basis of legal provisions of the Union or the Member States to which we are subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
c) is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the above-mentioned cases in (a) and (c), we shall take reasonable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of UTA, to express his own point of view and to contest the decision.

Data subject’s rights form

You can exercise your rights in relation to the above-mentioned processing activities against UTA at any time. The easiest and safest way to do this is to use the web form provided for this purpose: Privacy Web Form (onetrust.com).

10 Additional information for the Italian market

If you or your business are located in Italy, the following applies with regards to the aforementioned rights:

You may exercise the aforementioned data subject rights with respect to personal data of a deceased person, if you have a special interest (e.g. for family reasons) unless prohibited by law or, in the case of the direct offer of information society services, if the deceased person has requested it through a written declaration.

Your rights can be limited in certain situations if one of the following circumstances prohibits the exercise of your rights:

• Money laundering
• Support for victims of extortion demands
• Activity of parliamentary investigative commissions
• Activities of a public body
• Conducting defense investigations or exercising a right in court
• Whistleblowing

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
 
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

A list of the supervisory authorities is provided at the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en

1.1 Collection of general data and information

Our website collects a series of general data and information with each call of the website. This general data and information is stored in the log files of the server.

The following personal data can be recorded:

(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system arrives at our website (so-called referrer),
(4) the sub-websites that are accessed via an accessing system on our website,
(5) the date and time of an access to the website, (6) an Internet Protocol (IP) address,
(6) the Internet service provider of the accessing system and
(7) other similar data and information that serve to avert danger in the event of attacks on our IT-systems.

When using this general data and information, we do not draw any conclusions about your person. This information is rather required in order to

(1) deliver the contents of our website correctly,
(2) optimize the content of our website and the advertising for it,
(3) ensure the long-term functionality of our information technology systems and the technology of our website, and
(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This collected data and information is evaluated statistically, on the one hand, and on the other hand, with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by you.

1.2 Contact (via e-mail, phone and contact forms)

On our website we offer you the possibility to contact us in different ways and on different topics. For this purpose, you can either contact us by e-mail or use the forms provided by us on the website.

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number, if applicable, and the content of the message) will be processed by us in order to answer your questions. The personal data will be used exclusively to handle your inquiry.

By sending the e-mail or submitting the contact form, you give us your consent to process the personal data for the handling of your inquiry.

We process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future by exercising your withdrawal via the form provided for this purpose. If you withdraw your consent, we will immediately delete the personal data relating to you. In this case, it will no longer be possible for us to further handle your inquiry. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We delete the data accruing in this context after we have handled your inquiry or restrict the processing if there are legal retention obligations to further store the personal data.

1.3 Download of information material

On our website we offer the possibility to download information material on various topics (e.g., driving bans). For this purpose, you can use the forms provided to request a download link. By submitting the form, you consent to us using the personal data to send you a download link and to contact you for information purposes (advertising).

Insofar as you enter a telephone number, you further consent to us contacting you for information purposes (e.g., advertising) via this telephone number. The entry of a telephone number is voluntary and is not required for the download!

You can withdraw your consent at any time with effect for the future by contacting us at the above address or by means of a request via the form provided for this purpose. Should you be contacted by us, you have the option to inform us not to be contacted again and thus withdraw your consent. This shall not affect the lawfulness of the data processing until the time of withdrawal.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected or until you withdraw your consent.

1.4 Callback function

On our website, you have the option of requesting a callback from one of our employees. Through this function we enable you to contact us quickly and directly.

When you contact us to arrange a callback, the data you provide (your name, company name, telephone number and your request) will be stored by us to enable this callback. All information is voluntary and will be used to address you personally and to be able to clarify your corresponding request.

By entering the phone number and the associated confirmation, you agree to be called back. If you provide us with further personal data via the callback function, this is done on a voluntary basis. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future via the form provided for this purpose. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We delete the data collected from you in this context after storage is no longer necessary and no legal retention periods prevent deletion.

Cookies

1. Piano Analytics

As part of the operation of our website, we use the analysis tool "Piano Analytics" from the provider Piano Software Inc (111 S Independence Mall East, Suite 950, Philadelphia, PA 19106). The use of the "Piano Analytics" analysis tool enables us to collect and store usage information from users of our website in anonymised form using a measurement method. We use the "hybrid measurement" method of "Piano Analytics", which enables us to use both conventional tracking processes and non-personalised reach measurements. Accordingly, we would like to inform you about the processing of your personal data as follows;

1.1 Processing as part of the tracking function

The "Piano Analytics" service sets analysis cookies within your browser as part of the use of the tracking function. Cookies are small text files that are stored in your Internet browser or by the Internet browser on your computer system. When you visit our website, a cookie may be stored on your computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. 

In this context and as part of the use of the "Piano Analytics" analysis tool, your personal data will be processed accordingly. In particular, the following of your personal data is affected by processing:

• IP address
• Browser information
• operating system
• Date and time of access
• Data relating to interaction with our website

We base the use of the tracking function of "Piano Analytics" on the legal basis of consent pursuant to Art. 6 para. 1 lit. a GDPR. You naturally have the right to withdraw your consent at any time with effect for the future. The lawfulness of the processing of your personal data up to the time of revocation remains unaffected.

 
1.2 Carrying out reach measurements

As part of the use of Piano Analytics, we are also able to carry out reach measurements by means of a local log file analysis. Reach measurements involve the processing of non-personal data for the creation of summarised statistics. For this purpose, the data automatically transmitted by your browser to our server when you visit our website, which has no personal reference, is separated and processed. In contrast to the use of cookies, this data does not make it possible to recognise you personally. Accordingly, the individual data used for this purpose cannot be traced back to you as the data subject.
 
We would like to point out that we carry out the possibility of range measurement without further use of external third-party services. In addition, the non-personalised usage data collected is neither merged nor used to recognise the user or for other purposes.
 
The implementation of a reach measurement using such data, which is transmitted to our server by your browser when you access our website and stored on it, does not require consent due to the exemption regulation of § 25 para. 2 no. 2 German Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG). Accordingly, we base the processing that takes place as part of the implementation of reach measurement on the pursuit of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR (optimisation of our website, generation of insights, creation of usage statistics).
 
We are aware of the transfer of your personal data to a third country (here: USA) associated with the use of "Piano Analytics" and the associated risks. In order to ensure the security and integrity of your personal data in the context of this transfer, we have concluded an order processing contract with Piano Analytics Inc. in accordance with Art. 28 GDPR,  including the modular standard contractual clauses of the European Commission. In the case of self-certification of the provider Piano Software Inc. under the EU-U.S. Data Privacy Framework, this applies in addition.
 
We only store your personal data for as long as it is required to fulfil the original purpose for which it was collected. If the original purpose of collection no longer applies, e.g. if you withdraw your consent, we will delete your personal data unless we are obliged to continue storing your personal data due to statutory retention periods imposed on us. The storage period for your personal data has a duration of 25 months. 
 
Further information regarding the handling of your data and data protection by Piano Software Inc. can be found here: https://piano.io/privacy-policy/   

We place the highest value on the security and confidentiality when processing your personal data. Therefore, we use among others the solution(s) listed below to meet the highest standards of data security.


Use of Secure Sockets Layer (SSL)

Within the scope of our website, we use Secure Sockets Layer (SSL) to ensure confidential and encrypted transmission of your data. This makes it difficult or even impossible for third parties to read or manipulate your data during transmission. Thus, an SSL certificate is stored on our website, which the browser can identify as the intended source and subsequently decrypt. The use of such SSLs subsequently protects your personal data during a visit to our website and associated activities.

 Within our website we use the following SSL encryption:

• DigiCert EV
• DigiCert SSL
• SSL by Default

The legal basis for data processing is UTA's legitimate interest in processing data for purposes of product and legal security as well as the prevention of fraudulent or abusive attacks according to Art. 6 para. 1 lit. f GDPR.

The personal data shall remain stored for as long as it is required to achieve the purposes for which it was originally collected.

1. iOS

You have decided to use the fuel station finder App. In connection with the use of this application (app), you have read the privacy policy of Apple Inc. (https://www.apple.com/legal/privacy/en-ww/) is accepted. In addition, we inform you about access rights for certain services of the app that are active on your mobile device.

 Geo position

Your geo position is determined using the search function within the app in order to be able to show you the UTA stations. This only happens if the app is active in the foreground. As soon as the app is not used, i.e. in the background, we do not determine a geo position. If you have activated the "Report automatically" function, the iOS will continue to determine the geo position.

Routing

This function transmits information via the Apple API. The start and destination of the route are processed. Using the route determined, the app finds possible filling stations (or POIs) along the route.

Push service

If you have activated the push function, current information is made available within the "News" section by means of a so-called "push token".

Equipment identification

This feature checks the exact device you are using to display content to your phone correctly. No IMEI or UDID number is requested.

Statistical evaluations

Statistical data (e.g. frequency of use, download figures, number of new users) are transferred to the "Flurry" service. The privacy policy for this service can be found here: developer.yahoo.com/flurry/legal-privacy/tos.html

2. Android

You have decided to use the fuel station finder App. In connection with the use of this application (app), you have read the privacy policy of Google Inc. (https://policies.google.com/privacy?hl=en ) accepted. In addition, we inform you about access rights for certain services of the app that are active on your mobile device.

When using the app you have the choice between the online or offline version. When using the offline variant, no usage data is transferred.

In order for the online version to be technically implemented, we list the various access authorizations in connection with your mobile device below.

android.permission.INTERNET

In connection with the access authorization, the following queries are made when the data is retrieved by a backend ("eJump"):

System language: Language of the user (required so that texts of the "News" section and "Service numbers" can be displayed under "More".)

Device ID: This makes it possible to deliver device-specific content. No IMEI or UDID number is requested.

Routing

This service transmits data via the Google API. Data about the start and destination is processed. As a result, routes can be calculated.

android.permission.WRITE_EXTERNAL_STORAGE

This access authorization temporarily stores data and images on the device, such as "Favorites", image elements such as icons or images under "News".

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

The search for the stations in the vicinity is performed locally on the device. Geo coordinates are not transmitted.

Statistical evaluations

Statistical data (e.g. frequency of use, download figures, number of new users) are transferred to the "Flurry" service. The privacy policy for this service can be found here: developer.yahoo.com/flurry/legal-privacy/tos.html

UTA Edenred Drive - Driver Registration Process 
UTA hereby informs you about the use of your personal data which is provided to us in connection with the user registration within the UTA Edenred Drive app (hereinafter referred to as UTA Edenred Drive) and, but not necessarily for the activation of the UTA CardLock feature (hereinafter referred to as UTA CardLock). The UTA EasyFuel® feature and the UTA CardLock feature together are referred to as “the services”. This information is addressed to the data subjects (hereinafter also referred to as "drivers" or "you") whose personal data is provided to UTA for processing. The "Customer" (usually your employer) has the possibility to register your driver account for the UTA Edenred Drive in the UTA Service Center.

 
Purpose(s) of processing

 During the activation process: 

 By activation of your driver account to use the services within the UTA Service Center, we process the following personal data about you:

 (1) Last name, first name 
(2) Vehicle registration number 
(3) Mobile number 
(4) Email address of the respective user of UTA Edenred Drive
(5) Card number 

We use this data to contact you in a personalised way and to register you to use the services, as well as to enable you to activate your account. The personal data we process about you is based on the information provided by the customer who registered you as a user in the UTA Service Center. The email address provided also represents the username for logging into the UTA Edenred Drive app. Accordingly, the responsibility for the accuracy of your personal data belongs to the responsible employee of the customer who made the entry.

While using the UTA Service Center: 

In addition, when you access the website to activate your account, technical data is automatically collected that we need to process to enable the website to function properly. We automatically process the following personal data:

 (1) the browser type and version you use, 
(2) the operating system used by the accessing system, 
(3) the IP address, 
(4) and the time of access.

We also reserve the right to process your personal data for the following purposes:

 (1) Improvement and optimisation of the services and functions 
(2) Prevention and investigation of misuse and errors 
(3) Information (also in personalised form) about product-related faults, failures, improvements, updates, etc. 
(4) Sending surveys and feedback forms to improve UTA services 
(5) Administration of acceptance media (creation, blocking, removal) 
(6) Processing of requests 

 
Legal basis of processing

The legal basis for the processing of your personal data in the context of registration is the fulfilment of the contract both with the customer (your employer) and with you pursuant to Art. 6 para. 1 lit. b GDPR. With the activation of your account, a direct contractual relationship between you and UTA regarding the use of the services is established in addition to the contract with the customer (your employer). 
If we process your personal data for legal purposes, this processing is based on the legal basis Art. 6 para. 1 lit. c GDPR.

Processing on a legitimate interest of UTA

Furthermore, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this data processing is to maintain and improve the proper functioning of the services.

Recipients of the personal data

In the course of registering for the use of the UTA Edenred Drive app, processors acting on behalf of UTA will come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this. 

Transfer to a third country or an international organisation

If UTA transfers personal data to any unsafe third country in the context of the integration and use of the services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration 

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

The processing period corresponds to the term of the UTA Edenred Drive user contract. After termination of the user contract, UTA will delete your data in accordance with the data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows: 

• 3 years (statutory limitation period) in order to be in a position to handle any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting. 
• There is a 6-year retention period for commercial and business correspondence, emails, and other digital documents. 
  
  

Cookies 

None 

Version: EN 25.11.24

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the customer self-service portal myUTA (hereinafter referred to as "myUTA" or “portal”). This information is addressed to the data subjects (hereinafter also referred to as "user" or "you") whose personal data is provided to UTA for processing within myUTA. The "Customer" (usually your employer) has the possibility to register you as a user of the portal.

Purpose(s) of processing

In connection with the use of myUTA provided by us, we collect and process your data exclusively for specified purposes. These may result from technical necessities, contractual requirements or explicit user requests. In detail, these are:

• Technical data

Certain information is already processed automatically as soon as you visit myUTA. We have listed in detail below which of your personal data is processed.

As part of your use of the portal, we automatically collect necessary technical data that is required for the use of the application. This includes the IP address used, MAC address, internal device ID, version of your operating system and the time of access to myUTA.

The following data is automatically transmitted to us and processed by us :

(1) to provide you with the Service and related features;
(2) to prevent and remedy fraud, abuse and malfunctions.

• Creating a new account (account details)

When creating a new account, you transmit the personal data entered to UTA. The data will be stored by UTA for as long as your user account is maintained. Afterwards, the data will be deleted; if necessary, after a legal retention period (see below). Personal data is processed for the purpose of concluding a contract and contacting you.

• Company name
• Name (first name / surname)
• Company address
• E-mail address
• Telephone number
• Bank details
• Contact person data
   
• Account management

If you have forgotten your password, you have the option to reset your password and request a new one. To do this, you must enter your email address stored in our system, which we will then process for the password forgotten function.

• Password forgotten function

If you have forgotten your password, you have the option to reset your password and request a new one. To do this, you must enter your email address stored in our system, which we will then process for the password forgotten function.

• User administration

Within the portal you have the possibility to manage users. Here, you can create new users, edit existing users, or remove them. The personal data processed when creating a new user are:

• salutation
• first name
• surname
• email address
• phone number

Furthermore, you can set a new user as Admin. In the Admin role, a user can manage other users.

• Management of company data

In MyUTA you can manage your company data at any time. You can change the name, the trade register number, and the address of your company. You can also change the tax number and bank information.

• Card ordering

You can order UTA service cards via MyUTA (driver- and vehicle- related cards). When ordering a driver card, you must specify the first and last name as well as the name to be embossed on the ordered service card. Furthermore, you have the option of specifying either a PIN generated randomly or a requested PIN. In the latter case, you must enter your required PIN.

• Preferred petrol station / tariff changes

Within our platform, you can define and change your preferred petrol station yourself. Should you wish to change your tariff, you can select from the available tariffs. 

• Service card management 

You can manage the UTA service cards of your employees in the portal. For example, you can set a credit limit that is valid for a month, a day, or a transaction. You can differentiate between petrol stations and other acceptance partners. You can also set the maximum number of transactions per service card.

In addition, you can freeze and block the UTA cards of your employees (and vice versa). You can also set that UTA service cards can only be used at certain times.

• Feedback function

Your feedback is important to us. That is why we provide you with a feedback function. Within the scope of this function, you can either report a bug to us or share your feedback and suggestions for improvement. We will only use the content of your feedback to improve our service and will not use it for any other purpose. You may not receive a reply from us. Please do not use the feedback function for questions of a general nature or regular contact.

Legal basis of processing

Within the scope of the use of myUTA, UTA processes personal data exclusively for a specific purpose and based on a legal basis.

The processing of personal data takes place for:

(1) account and data management (user account)
(2) user administration
(3) ordering and administration of UTA service cards
(4) customer care
(5) provision of interest-based commercial communication
(6) Ensuring system security and protection against misuse of our systems

The processing of data within your usage of myUTA is based on Art. 6 para. 1 lit. b GDPR for the performance of the contract.

Insofar as we obtain your consent to address you in advertising, for customer satisfaction surveys, etc., this processing is based on the legal basis of Art. 6 para. 1 lit. a GDPR.

If UTA is subject to a legal obligation which makes the processing of personal data necessary, the processing is based on Art. 6 para. 1 lit. c GDPR.

Automated decision-making in individual cases including profiling (pursuant to Art. 22 GDPR) shall not take place.

Processing on a legitimate interest of UTA

In order to prevent and remedy fraud, misuse and malfunctions in the context of the use of myUTA, we collect and process technical information. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

Recipients of the personal data

Within the framework of the operation of myUTA, processors commissioned by UTA come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

 Transfer to a third country or international organisation

When using the Google Analytics, SendGrid and Userpilot services, your personal data is transferred to the USA. UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage.

The processing period generally corresponds to the duration of the business relationship with UTA. After the end of the business relationship, UTA will delete your data in accordance with the data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

• Use of Cookies

myUTA use cookies. Cookies are text files that are stored on computer systems. When you visit a website, a cookie may be stored on your operating system. Such a cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again.

We use cookies to make myUTA more user-friendly. Certain elements require that the calling browser can be identified even after the web application is called up again.

The following data is stored in the cookies and transmitted to the web application:  

(1) Language settings
(2) Login information

We also use cookies in our online services that enable an analysis of your use of the application.

The following data can be transmitted in this way:

(1) Frequency, of calling up the online service.
(2) Analysis of the interaction with the online services

Your data collected in this way is pseudonymised by technical procedures.

When visiting myUTA, you will be informed about the use of cookies for analysis purposes (e.g. Google Analytics or Userpilot) and asked for your consent to the processing of the personal data used. During this step, you will have the opportunity to obtain details of the processing from the data protection information. You can revoke your consent at any time with effect for the future, as described below. This revocation will not affect the lawfulness of the previous processing. 

Legal basis

Art. 6 para. 1 lit. f GDPR (legitimate interest) for technically absolutely necessary cookies.

Art. 6 para. 1 lit. a GDPR (consent) for e.g. Google Analytics.

Purpose of storage

The purpose behind the use of technically essential cookies is to make it easier for you to use myUTA. Certain functions of the portal cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognised when you visit myUTA again.

Objection / removal option

By changing the settings of your browser, you can deactivate cookies or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for myUTA, this may mean that it is no longer possible to use all the functions of the portal.

• Use of third party technologies

myUTA is using technologies provided by third parties (Google Analytics, User Pilot, SendGrid).

In the event that you would like further information on this technology, please refer to Section VIII of the statement for this information.

(Other)

As part of MyUTA, we have links to our social media pages. Please refer to this privacy policy for information on the processing of your personal data in this context.

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the UTA SmartCockpit® App.

In principle, it is also possible to use the app without providing personal data. If you want to use special functions of the app, the processing of personal data may be necessary.

Purpose(s) of processing

UTA collects and processes your data exclusively for specific purposes. These may also arise from technical necessities, contractual requirements or explicit user requests. For technical reasons, certain data must be collected and stored when using the App (e.g. push token, device platform and App version).

Within the scope of the App provided by UTA, UTA processes the personal data described below:

• Geolocation data (location data of the device which we have linked to a vehicle according to your specifications).
  
  During the initiation of the app, you as the user decide whether to activate the functionality for processing geolocation data. This is deactivated by default.
  
  The data flow into the UTA SmartCockpit® Web Application is dependent on
  
  - Activation of the function (geolocation) in the mobile device,
  - Activation of data transfer from the mobile device to the UTA SmartCockpit® Web Application,
  - Assignment of the mobile device to the vehicle in the UTA SmartCockpit® App.
  
  In case of an inquiry, we collect your current location via GPS in order to provide you with quick information about your immediate surroundings (proximity search) and to offer you the possibility to plan routes from your current position. Data on your location will be used to process your request and will be transmitted to the UTA SmartCockpit® Web Application. The transmission of your location data takes place via an encrypted connection using HTTPS. Your location data is used in the UTA SmartCockpit® Web Application to enable the user of the UTA SmartCockpit® Web Application to plan a route from the current position of a vehicle, as well as for subsequent analysis.
  Based on the geolocation data, UTA shall under no circumstances carry out profiling according to Art. 22 GDPR or measures to monitor the performance and behaviour of individual SmartCockpit® App users. If the GPS reception is disturbed, the positioning is automatically carried out via WLAN or radio masts. In this case, the geolocation may be less accurate. If the GPS function is deactivated, the last known position of the mobile device is displayed.
   
• Activating the App
  
  Within the scope of activating the UTA SmartCockpit® App, it is necessary that the customer number and the telephone number of the App user are processed in the App in order to create a permanent connection between the UTA SmartCockpit® Web Application and the associated App. This is necessary in order to be able to select vehicles, plan routes and receive planned routes from the UTA SmartCockpit® Web Application when using the App. In addition, the so-called Driver ID is processed.
   
• Using the push function towards the App
  
  When using the push function from the UTA SmartCockpit® Web Application towards the App, it is also necessary to process Vehicle ID and Push Token. Note: The Push Token is an App-specific token that is automatically generated by Goolge Firebase.
   
• Using the map functionality
  
  There is a difference between iOS and Android for the use of the map functionality. Android uses Google Maps, while iOS uses Apple Maps.
  Due to a used functionality (Layer) there is no transmission of geolocation data to Google, respectively iOS. UTA has the geolocation data processed within the scope of a regulated order processing.
  UTA has the geolocation data processed by Qivalon for display on the map within the scope of a regulated order processing.
  Prerequisite for the use of this function is an existing Internet connection via WLAN or mobile data. This may result in additional costs which are beyond the control of UTA.
   
• Analysis data
  
  In order to continuously improve your user experience, we collect statistics on the use of the App. For this purpose we use the analysis tool Google Analytics Firebase. This enables us to ensure that our app is designed to meet your needs and is continuously optimized. On the other hand, we use the tracking measures to record the use of our app statistically and evaluate it for the purpose of optimizing our offer for you. All data is processed anonymously.
  In standard tracking the following data is analysed: Number of active users, number of application crashes, user interaction, information about the target group and app usage. In addition, an event-based tracking is carried out in which the number of app activations, registered vehicles, planned routes, started routes and accepted missions are stored and evaluated. In addition, the number of app starts, the status of the app (opened in the background or foreground) and the number of app deletions are recorded and evaluated in this event-based tracking. Furthermore, the tracking of changes in settings regarding the radius, price projection, ignoring of motorway filling stations and the display of traffic information including the respective set parameters are also included.  Within the app, you as a user can make settings accordingly. These can be found in Route Planning or under the menu item Settings.
   
• Technical access authorisation to your Device
  
  For technical reasons access to the Internet is necessary. Access to the location of the device is also necessary for planning routes or radius searches from the current position of the vehicle. This is also one of the prerequisites for using the geolocation function, if desired and activated.
  
  

Legal basis of processing

Within the framework of the UTA SmartCockpit® App, UTA processes personal data purely for a specific purpose and based on a legal basis.

Location data shall be processed on the basis of the consent granted in the App in accordance with Art. 6 para. 1 lit. a GDPR. The functionality can be switched off at any time with future effect by the App user under 'Settings'. The functionality is then terminated and no more location data is collected or transmitted to the UTA SmartCockpit® Web Application. For the transmission of location data to the UTA SmartCockpit® Web Application it is essential that the mobile device accesses the Internet.

The processing of personal data within the scope of the use of the card functionality and technically required access authorisations is based on Art. 6 para. 1 lit. b GDPR and is exclusively for the purpose of providing contractually agreed services. The possibility of accessing the Internet is dependent on the provision of services. The availability of access to the Internet is beyond the control of UTA. Accordingly, UTA shall not assume any responsibility for the UTA SmartCockpit® App not functioning as agreed due to the lack of availability of or access to the Internet.

If UTA is subject to a legal obligation, which makes the processing of personal data necessary, the processing shall be based on Art. 6 para. 1 lit. c GDPR.

Processing on a legitimate interest of UTA

None

Recipients of the personal data:

In the context of the operation of the UTA SmartCockpit® App, contractually commissioned processors commissioned by UTA come into contact with personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation:

UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

The customer number, the driver's telephone number and the driver ID are permanently stored in the app in order to guarantee the continuous connection of the app with the UTA SmartCockpit® web application. In addition, the respective connected vehicle ID is temporarily stored for the duration of the connection of the vehicle with the App and the push token for a maximum of 6 months.

The data will be automatically deleted when the App is uninstalled.

Depending on the contract term of the UTA SmartCockpit® Web Application, UTA may store data collected via your mobile device for fulfilment of the contract.

In case of an objection to data processing, UTA shall treat the data in accordance with Art. 17 GDPR.

Cookies

We do not use any cookies within the app.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA SmartConnect - Driver information

In the following, UTA informs you about how your driver data is processed when using the fleet management application UTA SmartConnect (https://www.telepasskmaster.com/).

Purpose(s) of Processing

Driver data

In order to offer the use of UTA SmartConnect to our customers, we enable our customers' fleet managers to create driver data for the purpose of fleet management and fleet administration. The fleet manager has the option of processing the following categories of personal data relating to you:

• Name (first name, surname)
• ID code
• Fuel card information
• idApp (to create access to the app)
• SMS contact
• Driving licence
• Alternative means of communication (first and second alternative; e-mail or telephone)
• Port authorisation number

Location, trip details and vehicle data

We process the data required by your fleet manager to fulfil his task in order to enable the use of our fleet management application. Such fleet management includes the following functions, for example:

• Planning the most suitable route
• Optimisation of fuel consumption and use of filling stations
• Optimisation of the route to service points
• Informing the driver about possible traffic jams, etc.
• Resource management
• Compliance monitoring

We process the following personal data for this purpose:

• Routes planned for you
• Vehicle used
• Vehicle data (licence plate number, model, engine temperature, fuel level, consumption, etc.)
• Distance travelled (daily, total)
• Telemetry data (maximum speed, acceleration and braking, average speed)
• GPS location data (current location)
• Journey status data (time of vehicle movement, time of vehicle in "stop with key" status, time in "stop" status, total time travelled, as well as the period of the respective status (e.g. 10:00-10:15 "stop"), total journey time over a longer period of time
• Video data, if applicable, via the autostrade // per italia camera system (this data is not saved, but used as a live feed)
• Availability (holiday, illness or other activity)

• Violations of driving and rest times, as well as other infringements, such as driving without documents or speeding

The processed details of the journeys are then displayed by SmartConnect in a star rating (between 1 and 5 stars). This allows the fleet manager to view the driving data and the efficiency of the last journeys made at a glance. The data can then be compared with the data of other drivers.

The processing of your rest periods and potential offences is carried out in order to monitor the legal provisions relating to your employment as a professional driver.

The remaining processing of the details of your journeys is carried out to enable the fleet manager to coordinate the fleet and plan current and upcoming journeys.

Entries (messages, notes)

As part of the application, it is possible for the fleet manager to send messages to you as the driver via the fleet function. We process the messages sent in this way, as well as the messages you send to the fleet manager, in order to enable you to use the contact function between the fleet manager and driver. In addition, the fleet manager can make notes in your driver profile. This content is also assigned to you as personal data. The categories of personal data processed about you in this way are determined by the content of the messages or notes.

Tax and Customs Electronic Services Portal (PUESC)

In the following, we inform you in detail about data processing in the context of using the "Tax and Customs Electronic Services Portal" (PUESC).

Processing by your employer on the SmartConnect platform

In accordance with the national legal framework of the EU member state Poland, the provision of legally required information to the Polish tax authorities (Warsaw, 00-916, 12 Świętokrzyska St.) is required for reasons of tax or customs verification in the context of the transit of goods subject to declaration within the territory of the Polish state. The required information and documents are transmitted to the Polish tax authorities using the so-called "Tax and Customs Electronic Services Portal (PUESC)" system.

In order to fulfil this legal obligation using the PUESC system, it is necessary to register your employer's vehicle fleet within the PUESC system. After registration, a so-called "PUESC ID" is sent to your company's fleet manager, which can be used to identify individual vehicles in the fleet. This PUESC ID can then be linked to a specific vehicle in the fleet by the fleet manager within SmartConnect, whereby the legally required information for each vehicle is automatically transmitted to the PUESC system when travelling on Polish territory. This information includes, in particular, the personal data listed in this section of this Privacy Policy:

• Company data
• Vehicle data
• Order data
• OBU ID
• GPS location data (time stamp, speed, direction)

Processing by Polish state authorities

The personal data transmitted to the Polish tax authorities within the framework of the legal requirements using the PUESC system are processed by them for the purposes of tax and customs verification and evaluation. We expressly point out that UTA has no possibility of influencing the processing activities of the Polish tax authorities or other Polish state authorities and institutions. Nevertheless, we would like to inform you about the circumstances of the processing of your personal data by the relevant authorities.

As part of the fulfilment of legal requirements of the Polish state, there is an obligation to transmit relevant information, which may also include your personal data, to the Polish tax authorities using the PUESC system. In addition to the Polish tax authorities, the following Polish institutions may also be recipients of your personal data:

• Public authorities
• Public services
• Courts
• Public prosecutor's office

The processing of data transmitted in the course of using the PUESC system is carried out under the responsibility of the Head of the National Tax Administration (Warsaw, 00-916, 12 Świętokrzyska St.). A transfer of the personal data received by the respective recipient to EU third countries cannot be ruled out.

Further information regarding the handling of data protection in the context of the use of PUESC can be found here: https://puesc.gov.pl/en/polityka-prywatnosci

Operation, optimisation and improvement of the application

By using this general data and information, UNION TANK Eckstein GmbH & Co KG does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of the application, (2) optimise the contents of the application, (3) ensure the long-term functionality of our information technology systems and the technology of the application and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. Therefore, UNION TANK Eckstein GmbH & Co. KG analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Legal basis for processing of personal data

UTA processes your personal data on the basis of a data processing agreement concluded between your employer and UTA in accordance with Art. 28 GDPR. The legal basis for the processing between you and your employer is determined by your employer.

The use of the PUESC system is necessary due to legal obligations of your employer. The processing is carried out accordingly on the legal basis under data protection law to fulfil a legal obligation of your employer (transmission of the corresponding personal data) pursuant to Art. 6 para. 1 lit. c GDPR.

Processing by UTA as controller:

The temporary storage of the IP address by the application is necessary to enable a delivery of the application to the computer you are using. For this purpose, the user's IP address must remain stored for the duration of the session.

The purpose of the storage is to improve our offer and to optimise the application visually and functionally.

You have the right to object in accordance with Art. 21 GDPR. For further information, please refer to section IV 7 of this privacy policy.

Legitimate interests 

Operation, optimisation and improvement of SmartConnect by UTA.

Recipients of the personal data

Technical provider of the SmartConnect platform:

• Telepass S.p.A., Via A. Bergamini, 50, Rom (RM), Italy

• Telepass Innova S.p.A., Via A. Bergamini, 50, Rom (RM), Italy

Under no circumstances will UTA sell or pass on your personal data to other third parties unless there is a legal obligation to do so or you have given your separate consent.

Transfer to a third country or to an international organisation

By using the Google Maps function integrated in SmartConnect, personal data is transferred to a third country (USA).

UTA is aware of this and guarantees the legality of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the agreement concluded with Google.

For more information on processing by Google, please refer to section 8.2 of this privacy policy.

Duration of data storage

We only store the data provided by you in this way for as long as it is necessary to fulfil the purposes for which it was originally collected or until your employer instructs us to delete the data. In the case of your driver information, the data will be processed accordingly until the termination of our contractual relationship with your employer or until you are no longer working as a driver for this employer and your account is deleted.

In the case of the personal data listed below, the data will be deleted from the portal after a period of 4 months: location, journey details, rest periods, availability and vehicle and telemetry data.

The data processed under the responsibility of UTA is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the application, the data is deleted when the respective session has ended.

Cookies

UTA SmartConnect does not use cookies for the operation of the service.

UTA SmartConnect App (https://www.telepasskmaster.com/)

In the following, we inform you in detail about the data processing that takes place when using UTA SmartConnect due to the functions and services provided by us.

Purpose(s) of Processing

The SmartConnect application collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the subpages that are accessed via an accessing system in the application, (4) the date and time of access in the application, (5) an Internet protocol address (IP address), (6) the Internet service provider of the accessing system and (7) other similar data and information that serve to prevent risks in the event of attacks on our information technology systems can be recorded.

Account (Log-In and Management)

In order to be able to offer the use of the SmartConnect application and to ensure the access restriction to your user account and thus the security of the application, we process your log-in information (email address, password) accordingly.

You can change your password at any time in the options.

In addition, we process an ID assigned to you (ID-APP) for the purpose of communicating with you and identifying your account.

You also have the option of providing your e-mail address and telephone number for contact purposes. It is not necessary to enter this information in order to use our application; accordingly, the input fields are not mandatory. The name (surname and first name) that we process from you is provided by you on your own responsibility; you can also use a pseudonym.

Fleet management

We process the settings you have made as part of fleet management in order to be able to offer the services contractually guaranteed to your employer or to you and to organise your fleet according to your wishes. In addition, we process data collected as part of our application to enable an analysis of the fleet managed by you in order to make decisions regarding the route and economic planning on this basis.

We process the following data for this purpose:

• Scheduled route planning, vehicle maintenance, equipment maintenance, etc.
• The drivers and vehicles for which you are responsible
• Vehicle data (licence plate number, model, engine temperature, distance driven, current route, fuel level, consumption, etc.)
• GPS location data
• customers
• suppliers
• equipment
• Point of interest (locations specified by you)

Entries (messages, notes)

As part of the application, you can send messages to your drivers via the fleet function. We process the messages you send in this way, as well as the messages addressed to you, in order to enable you to contact your drivers. You can also make notes about your drivers. This content is also assigned to you as personal data. We offer you this function to store brief information about individual drivers in our application at your request. The categories of personal data are determined by the content of the messages or notes.

Data protection information regarding the use of Google Maps

As part of SmartConnect, we use Google Maps. This allows us to show you interactive maps directly in the application and enables you to use the map function conveniently.

By using our application, Google receives the information that you have visited the corresponding subpages of our application.

In addition, only technically necessary data is transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button.

For more information on processing by Google, please refer to section 8.2 of this privacy policy.

Operation, optimisation and improvement of the application

By using this general data and information, UNION TANK Eckstein GmbH & Co KG does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of the application, (2) optimise the contents of the application, (3) ensure the long-term functionality of our information technology systems and the technology of the application and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. Therefore, UNION TANK Eckstein GmbH & Co. KG analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Legal basis for processing of personal data

UTA processes your personal data on the basis of a data processing agreement concluded between your employer and UTA in accordance with Art. 28 GDPR. The legal basis for the processing between you and your employer is determined by your employer.

Processing by UTA as controller:

The temporary storage of the IP address by the application is necessary to enable a delivery of the application to the computer you are using. For this purpose, the user's IP address must remain stored for the duration of the session.

The purpose of the storage is to improve our offer and to optimise the application visually and functionally.

You have the right to object in accordance with Art. 21 GDPR. For further information, please refer to section IV 7 of this privacy policy.

Legitimate interests

Operation, optimisation and improvement of SmartConnect by UTA.

Recipients of the personal data

Technical provider of the SmartConnect platform:

• Telepass S.p.A., Via A. Bergamini, 50, Rom (RM), Italy
• Telepass Innova S.p.A., Via A. Bergamini, 50, Rom (RM), Italy

Under no circumstances will UTA sell or pass on your personal data to other third parties unless there is a legal obligation to do so or you have given your separate consent.

Transfer to a third country or to an international organisation

By using the Google Maps function integrated in SmartConnect, personal data is transferred to a third country (USA).

UTA is aware of this and guarantees the legality of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the agreement concluded with Google.

For more information on processing by Google, please refer to section 8.2 of this privacy policy.

Duration of data storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period required by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract or if the controller instructs us to do so.

In the case of your log-in information, as well as your name and the ID assigned to you, the processing takes place accordingly until the termination of our contractual relationship with your employer (or you personally if you purchase our services as a sole trader) or as soon as you are no longer active as a fleet manager and your account is deleted. The same applies to your telephone number and email address for contacting you. However, you can delete this data at any time if you wish.

The data processed under the responsibility of UTA is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the application, the data is deleted when the respective session has ended.

If the data is stored in log files, the data is deleted after seven days at the latest.

Cookies

UTA SmartConnect does not use cookies for the operation of the service.

Together with our parent company Edenred S.A., UNION TANK Eckstein GmbH & Co. KG is carrying out a pro-gramme aimed at determining customer satisfaction with UTA products and services and deriving needs for improvement. For this purpose, UTA uses a solution that makes it possible to manage surveys, analyse survey results and classify customer feedback (programme).

Purpose(s) of processing

Within the framework of the programme, UTA processes company data as well as data of a named contact person. All of this data is based on information that you have provided to us as part of the new customer pro-cess. In detail, the data processed are:

• of a contact person (first name, last name, gender, personalised company e-mail address, if applicable)

• from the company (company name, company headquarters (city, country), central communication data (e-mail address, telephone number))

• from the digital visitor (IP address, device information, browser information, language, etc.)

UTA's purposes for processing your personal data within the programme are as follows:

1. researching customer needs, customer satisfaction and trends in the provision of products and services, includ-ing

• creating standard customer profiles and categorising the information.
• trend analysis through segmentation, filtering, profile comparison and tracking over time
• personalisation of customer interactions, especially in terms of the interaction progression
• supporting the identification of customised offers based on customer feedback

2. identification of improvement opportunities

• identification of improvement opportunities for offered products and services based on customer feedback
• identifying maintenance needs in an operational state (tracking of IT incidents, verifying proper func-tioning of equipment, assisting with troubleshooting)

3. ensuring safety and traceability

• technical support
• account management & user authentication
• security monitoring: access and activity logging

Legal basis of processing

The processing activities described under 1 and 2 are based on your consent given to UTA pursuant to Art. 6 para. 1 lit. a GDPR.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

An automated decision in individual cases including profiling (Art. 22 GDPR) does not take place.

Processing on a legitimate interest of UTA

We collect and analyse technical information and usage data on a pseudonymised basis in order to continu-ously improve the platform used within the framework of the programme and the processes operated as well as to protect the IT systems used (3.). The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Recipients of the personal data

Within the company, all departments receive access to your personal data that absolutely need this access to fulfil their tasks.

Contractually obligated service providers and vicarious agents also come into contact with your data. These partners are contractually obliged to comply with data protection requirements within the framework of an agreement and support UTA in the performance of this task.

Within the programme, UTA is supported by:

• Medallia, a SaaS solution provider that provides maintenance and technical support in addition to the tech-nical platform for the programme.
• Edenred S.A to ensure the proper functioning of the programme. In this context, Edenred S.A., as the parent company of UTA, has basic access to all personal data processed within the framework of the programme. Edenred will not process your personal data for purposes other than those mentioned above.
• SalesForce, Inc., a CRM solutions provider. Their survey data and results are stored in Salesforce. Access to the data by the provider is not excluded.

Very important: Under no circumstances will UTA sell your personal data to any third party.

Transfer to a third country or an international organisation

It is ensured that your personal data within the framework of the programme is processed without exception on servers in the EU/EEA area (Frankfurt am Main, Germany or Amsterdam, the Netherlands).

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted without delay, insofar as no legal retention periods require further storage.

In the case of data collected within the framework of the programme, UTA processes these data:

• for a period of 3 years.
  After this period, they will be deleted by means of an automatic routine.

After termination of the programme, UTA will delete this data in accordance with data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory period of limitation), in order to be able to fulfil any claims you may have against UTA.
• For documents relevant to invoices, there is a 10-year retention period.
• For commercial and business related correspondence, emails and other digital documents, there is a 6-year retention period.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies 

Within the programme we use cookies.

We use cookies to collect your geolocation and connection data as part of the programme. This enables us to determine your needs and interests and to personalise our content. Before we use cookies, we obtain your consent in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with. § 25 para. 1 TTDSG. You can withdraw your consent at any time. The information contained in cookies (geolocation and connection data) is stored for 13 months.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

In the following we inform you about the use of your personal data which is provided to us in connection with the registration of the UTA Edenred Drive app (hereinafter referred to as "UTA Edenred Drive app"). This information is addressed to the data subjects (hereinafter also referred to as “driver” or "you") whose personal data is provided to UTA for processing. The "Customer" (usually your employer) has the possibility to register your driver account for activating you to use the UTA Edenred Drive app within the UTA Service Center.

Purpose(s) of processing 

Scope of the processing of personal data by using the UTA Edenred Drive app

UTA collects and processes your data exclusively for specific purposes, which may result from technical necessities, contractual requirements, or express user requests. 
Within the scope of the UTA Edenred Drive app provided by UTA, UTA processes the personal data designated below:

• Data collected during download   

When you download the app, certain required information is transmitted to the app store you have selected (e.g., Google Play or Apple App Store); in particular, the username, email address, customer number of your account, time of download, payment information, and individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control. 

• Automatically collected data  

As part of your use of the app, we automatically collect certain data that is required for the use of the app. This includes:

(1) the internal device ID, 
(2) the version of your operating system, 
(3) and the time of access 
(4) correlation ID 
(5) API endpoint (the service which is called) 
(6) date and time of the call 
(7) response status (error/ success, details about the error)

This data is automatically transmitted to us, and processed:

• to provide you with the service and related features;
• to improve the functions and performance features of the app; and
• to prevent and remedy misuse and malfunctions. 

• Permissions  

The following permissions are required for our app:

• Internet access: Required to process contactless transaction authorisation, for your authentication, to access the details of your use of our service and to show nearby gas stations.  
• GPS data: Required to determine your location and display nearby gas stations.
  

• Preferences 

When using the app, the user has the option on his/her profile to consent to the use of his/her personal data for optional purposes. The user can select here that his/her personal data will be used by UTA to

(1) keep the user updated regarding new UTA products and offers; 
(2) send the user the UTA newsletter; 
(3) send the user surveys and feedback opportunities to improve UTA services. 

• Account data  

The account data of the drivers (first name, last name, email address, card number, card PIN, mobile number) are processed for contacting you in a personalized manner. In addition, processing takes place in the context of this contact in order to provide technical updates/information (bug fixes, new versions, etc.).

Your personal data will also be processed to assign you a corresponding service card, to enable the customer to manage his fleet via the service cards and to enable you to use the UTA EasyFuel^® services via the app.

Although the input fields for your account details are mandatory, it is the customer's responsibility to enter the names themselves.

The setting of a driver-related card is not obligatory and is made by the customer for his employees, insofar as the customer wishes such an assignment.

In this context, the customer has the task of informing the employee about the data processing within the scope of our service offer and the UTA Edenred Drive app.

• Log-in data 

In order to be able to offer the use of the UTA Edenred Drive app and to ensure the access restriction to your user account and thus the security of the services for our customers, we process your log-in information (email address, password, mobile number, security PIN) accordingly.
The use of any biometric functions (face id or fingerprint) for verification purposes is beyond the control of UTA. This function is a feature of the used mobile phone.
You are always able to reset or adjust your password in the options of the UTA Edenred Drive app.

• Language  

The UTA Edenred Drive app processes your language so that you can be contacted in a language that you are able to understand. The language input is done by employees of the customer or by you when using the UTA Edenred Drive app. Accordingly, the responsibility for the accuracy of the information regarding your language belongs to the customer or you as the user of this app.

• Service station search  

When you install the app, you decide whether to enable the geolocation data processing feature. This function is disabled by default. If you want to use the service station search function, we process the current location of the mobile device via GPS. The location data is used in UTA Edenred Drive to plan a route from the current position of your device (e.g., mobile phone) to a selected service station nearby.

• Using the map function  

For the use of the map function, when using a mobile device with Android operating system, Google Maps is applied, and when using a mobile device with iOS operating system, Apple Maps is applied. When using a mobile device with Huawei operating system, Petal/Huawei Maps is applied. On the map you can find gas stations where it is possible to authorize the transaction with the UTA service card. If you have authorized UTA Edenred Drive to access your location, your location data will be transferred to the respective map operator while using the map function.

• Authorisation of contactless transactions via the UTA EasyFuel® service

The UTA EasyFuel® service offers you the function for contactless authorisation of transactions (also referred to as transaction authorisation directly at the pump). When you use the contactless transaction authorisation function, we process the following personal data:

(1) the identification of the authorizing medium (Card-PAN) or the driver (if a service card has been linked to him/her), 
(2) date and time of transaction authorisation, 
(3) purchased product and its quantity, release dates, 
(4) status of the transaction authorisation success. 
(5) for safety reasons, the exact location of the user (to CPD) 
(6) the mileage filled in by the user 

When a transaction authorisation is initiated, the abovementioned transaction-related data is passed on to the recipient and stored in the system.

• Contact 

Insofar that you contact us by utilizing the “Call Us”-Function, we will be processing the following data: 

• email address, 
• phone number 
• customer data for identification 
• content of your message 

We process this data solely for the purpose of answering your inquiry.

Legal basis for the processing of personal data

UTA only processes personal data for specific purpose(s) and related to existing legal basis. In connection with the use of the UTA Edenred Drive app, UTA processes your personal data as shown below.

The data processing in relation to the marketing preferences is based on the consent of the user pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn with effect for the future at any time by unchecking the corresponding boxes in the app under the user profile. 

The processing of location data is based on the consent given within the mobile app pursuant to Art. 6 para.1 lit. a GDPR. You can stop the processing of location data at any time with effect for the future by deactivating the function. This deactivation does not affect the lawfulness of the data processing using the location data that has taken place up to this point. 

The processing of personal data within the scope of the UTA EasyFuel^® services for the use of the 

• Management of account and master data (user account) 
• Contactless transaction of authorisation (transaction-related data) 

is carried out in accordance with Art. 6 para.1 lit. b GDPR exclusively for the provision of the contractually agreed services. 

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out in accordance with Art. 6 para.1 lit. c GDPR. 

For the functionality, security and continuous improvement of the UTA Edenred Drive app, we collect technical information, identifiers and analysis data on a pseudonymized basis. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest that constitutes the legal basis is: 

• provide you with the service and related features; 
• to improve the functions and performance features of the app; and 
• to prevent and correct misuse and malfunctions.   

Furthermore, we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service that is in line with the market interests.

UTA will under no circumstances carry out profiling within the meaning of Art. 22 GDPR on the basis of the geo-location data or measures to monitor the performance and behaviour of individual users of the UTA Edenred Drive app.

Recipients of the personal data 

In the course of the operation of the UTA Edenred Drive app, processors on behalf of UTA come into contact with the personal data provided by you. In detail, these are the following service providers: 

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this. 

Transfer to a third country or to an international organization 

If UTA transfers personal data to any unsafe third country in the context of the integration and use of the services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements. 

Storage duration  

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data. 

The storage of the telephone number, first name, last name and language is done according to the specifications of the customer (the UTA Edenred Drive user). The start of the retention period corresponds to the start of the term of the UTA Edenred Drive user contract. The end of the retention period corresponds to the end of the contract term or with regard to individual data records upon your instruction. After termination of the user contract, UTA will delete your data in accordance with data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows: 

• 3 years (statutory limitation period) in order to be in a position to handle any claims you may have against UTA.  
• There is a 10-year retention period for documents relevant to accounting.  
• There is a 6-year retention period for commercial and business correspondence, emails, and other digital documents.  

The transmitted geo-location data processed in the app is stored for a maximum period of 14 days. 

Cookies 

No cookies are deployed for the use of the UTA Edenred Drive app.

Additional information for the Italian market 

If you or your business are located in Italy, the following applies with regards to your rights as a data subject: 

You may exercise the data subject rights mentioned in section V with respect to personal data of a deceased person, if you have a special interest (e.g. for family reasons) unless prohibited by law or, in the case of the direct offer of information society services, if the deceased person has requested it through a written declaration. 

Your rights can be limited in certain situations if one of the following circumstances prohibits the exercise of your rights: 

• Money laundering 
• Support for victims of extortion demands 
• Activity of parliamentary investigative commissions 
• Activities of a public body 
• Conducting defense investigations or exercising a right in court 

• Whistleblowing 

Version: EN 25.11.24

7.8.1 UTA eCharge® for cards issued from 01/09/2024 onwards*

*(except for cards issued as part of card renewals until 30/09/2024)

In the following, UNION TANK Eckstein GmbH & Co KG ("UTA", "we" or "us") informs you about the processing of your personal data if your employer (or you, if you are a direct contractual partner of ours) uses the UTA eCharge® service and your card was issued on or after September 1, 2024.

UTA eCharge® is a service offered by us for the purchase of products and services in the field of electromobility, in particular for fleet management and to enable the billing and authorization of transactions for charging processes for electric vehicles via a service card or a specialized app.

You can find more detailed information on the processing of your personal data when using the app in the data protection notice within the app. In the following, we will only inform you about the processes that take place before you actively use the app or when utilizing the services without the app.

Registration for service cards and eCharge® apps

If your employer orders a service card with eCharge option from UTA, this service card will first be sent to your employer's fleet manager. The fleet manager then makes the service card available to you. When ordering, the fleet manager/employer has the option of activating you for the use of the eCharge® app in the UTA customer exclusive area.

To do this, the fleet manager transmits the data shown below via the UTA customer exclusive area. A user account is then created, which is linked to your employer for billing purposes. Once the user account has been created, you will receive an invitation link with which you can activate the user account and then use the app.

The following data will be passed on to us for this purpose:

• Name (first name, surname)
• E-mail address

Charging processes

When you use our service card, we process your information on charging processes in order to provide our services and to better support you in the event of possible errors and irregularities. For these purposes, we process the following personal data about you:

• Charging process type
• Company name
• Driver name (first name, surname)
• Information about the charging station and its operator (e.g. location, station name)
• Date, time and duration of the charging process
• Information on amperage and voltage type
• Energy consumption (kWh)
• Costs for the charging process (gross and net)
• VAT rate (%) and amount
• Currency

In addition, we create internal statistics and analyses from the information on loading processes in order to optimize our services based on user behavior. We anonymize the personal data for this purpose.

Limitation of driver-related service cards (for fleet managers)

For certain services, we offer you/your employer the option of setting specific limits for different cards (frequency of use, transaction limit (monthly, daily), times of use, etc.). In addition, your employer can temporarily block, suspend or cancel service cards. This information may constitute personal data if the corresponding card is assigned to you as a person.

The data is used to limit the use of the card according to your settings and to provide you with information about the set limits.

The processing of your personal data described above is based on our legitimate interest in providing the contractually owed services to your employer in accordance with Art. 6 par. 1 lit. f GDPR. If you are our direct business partner, we process your data to fulfill the contract in accordance with Art. 6 par. 1 lit. b GDPR.

The data for the app will be stored by us for as long as you have a user account for the eCharge® app. The data relating to charging processes will be stored for as long as we are legally required to store the information. All data may be retained for the duration of the statutory retention periods.

As part of offering the eCharge® app, we use service providers who process your personal data on our behalf to register user accounts and provide access to the app.

7.8.2 UTA eCharge® for cards issued until 31/08/2024**

**(as well as cards issued as part of card renewals until 30/09/2024)

UTA eCharge® is a service offered by UTA for the purchase of products and services in the field of electromobility, in particular for fleet management and to enable the billing and authorisation of transactions for charging processes for electric vehicles.

In the following, UNION TANK Eckstein GmbH & Co. KG ("UTA", "we" or "us") informs you about the processing of your personal data in the context of the use of UTA eCharge®.

The information is aimed at both customer/fleet managers and drivers using the service.

Purpose(s) of processing

UTA collects and processes your data exclusively for certain purposes resulting from technical necessities, contractual requirements or explicit user requests.

For the administration of this data on the part of the users as well as UTA and its service providers, your data will be stored in the form of a user account (hereinafter referred to as "account"). For you as a user, it is possible to record, partially view and edit this data via correspondingly provided user interfaces on the internet (in the version "web app") and as mobile apps on the smartphone (in the version "app").

For further information on the processing, in particular with regard to the (technical) functionality and features of the mobile app used, please refer to ChargePoint's Privacy and Cookie Policy: https://de.chargepoint.com/privacy_policy?instance=EU&locale=en

Within the scope of the UTA eCharge® service provided by UTA, UTA processes the personal data referred to below:

Registration process

If your employer orders a service card with the UTA eCharge® option, this card will first be sent to your employer’s Fleet Manager. The Fleet Manager will subsequently make the card available to you. In doing so, he or she must enter your full name, e-mail address and telephone number in the UTA customer exclusive area. You will then receive a specific invitation link with which you can create a personal user profile which will be connected with your employer for settlement purposes.

After that, you need to register through the web app or the mobile app to use UTA eCharge®. The registration process involves processing your personal data, specifically the following:

(1) Company name
(2) Driver name (first and last name)
(3) Email address
(4) Phone number
(5) Username
(6) Address (street, house number, postcode, city, region/state, country)
(7) Acknowledgement of data protection information
(8) Card ID (card serial number)
(9) RFID UID (serial number of RFID chip of the card)
(10) Individual card name
(11) Consent to the General Terms and Conditions of ChargePoint
(12) Acknowledgement of the eCharge data protection information of UTA
(13) Vehicle information (such as vehicle model, year of manufacture, colour)
(14) Information on the need for a home charger (only in the case of home charging)
(15) Information on the installation and charging location (type of charging infrastructure, street, house number, postcode, town, region/state, country -- only in the case of home charging)

If it is stated under (14) that a home charger is required, a check of your home address will be carried out in cooperation with our partner to determine the installation options.

These personal data are processed in order to provide you with the contractually agreed services within the scope of the UTA eCharge® offering.

The processing of these aforementioned personal data is initially carried out by ChargePoint, with this company also acting as a distinct Controller within the meaning of data protection law. The data are then forwarded to UTA for further data processing. For more information, please refer to the ChargePoint data protection information: https://de.chargepoint.com/privacy_policy?instance=EU&locale=en

Contacting (sending a reminder e-mail) with information on how to activate the UTA eCard

UTA reserves the option to contact you directly as a driver if your registration in the ChargePoint portal remains unfulfilled after ordering an eCard.

Contact
 
Insofar as you contact us in connection with a service request, we will process the following data:

(1) Customer data
(2) Personal data of the driver (incl. case-specific information, cf. clause 3.1 regarding the registration process)
(3) Content of the message

We process your data exclusively for the purpose of responding to your request.

Charging sessions
 
We process your information concerning charging operations for the purpose of providing our service and improving our ability to support you in case of errors or irregularities. For these purposes, we process the following personal data:

(1) Type of charging session
(2) Company name
(3) Driver name (First and last name)
(4) Information on the charging station and its operator (e.g., location, station name)
(5) Date, time and duration of the charging session
(6) Information on current and power type
(7) Energy consumption (kWh)
(8) Costs of the charging session (gross and net)
(9) VAT rate (%) and amount
(10) Currency

If your employer provides you with a home charging solution with reimbursement option, the use of such equipment will entail the processing of the following personal data:

(11) Name of the organisation
(12) Employer ID
(13) Employer name
(14) Driver verification details
(15) ID of the home charging station (if applicable)
(16) Home tariff (per kWh)

In addition, we use the information on charging processes to create internal statistics and analyses in order to optimise our services based on user behaviour. For this purpose, we will anonymise the personal data.

Restrictions placed on driver-related service cards (for fleet managers)
 
For certain services, we offer you the possibility to set limits for different cards (frequency of use, transaction limit [monthly, daily], times of use, etc.). In addition, you have the option of temporarily blocking, suspending, or cancelling cards. If the card is assigned to a specific user, this information may, under certain circumstances, constitute personal data.

The data are used to limit the use of the card according to your settings and to provide you with information about the limits you have set.

Communication preferences
 
When using your account, you have the option to consent to the use of your personal data for optional purposes. In this context, you can select in your account the extent your personal data are used by UTA to:

(1) Keep you informed about new UTA products and offers;
(2) Send you the UTA Newsletter;
(3) Send you surveys and opportunities to provide feedback in order to improve UTA service offerings.

Workplace/depot charging
 
Within the scope of your interest in a solution for "charging at the workplace", our partner processes your personal data as a contact person as well as the company-related data collected by you on its own responsibility as controller. The data marked as mandatory in the registration process within the procurement of the charging infrastructure project must be collected for a successful contact and settlement; the collection of all other data is voluntary. The following data will be processed during registration:

(1) Company name
(2) Salutation, first name, last name
(3) Email address
(4) telephone number
(5) Address
(6) Website
(7) Location category
(8) Industry
(9) Fleet related information
(10) Current service provider used for charging infrastructure (optional)
(11) Date of installation (optional)

All processing operations here take place under the responsibility of ChargePoint in a direct relationship between you/your company and ChargePoint.

Legal basis for the processing

Within the context of UTA eCharge®, UTA will process personal data on a legal basis exclusively for the following purposes:

(1) Collection, comparison and supplementing of driver data on the basis of the cooperation partner's database within the context of the UTA eCharge® service
(2) Management of account and master data (account)
(3) Use of the transaction overview
(4) Fleet management (management of drivers’ and service cards by the customer)
(5) Provision of information and notifications about our products
(6) Processing of requests and support cases
(7) Authorisation of transactions
(8) Billing and invoicing
(9) Prevention of cases of misuse and fraud
(10) Arranging charging infrastructure solutions

The processing of personal data within the context of the UTA eCharge® services takes place in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the purpose of providing the contractually agreed services.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing shall be carried out on the basis of Art. 6 para. 1 lit. c GDPR.

Insofar as we obtain your consent (e.g. to send advertising emails), the processing is based on Art. 6 para. 1 lit. a GDPR.

There are no automated decisions individual cases, including profiling (Art. 22 GDPR).

Processing on a legitimate interest of UTA

For the continuous improvement of UTA eCharge® services as well as for the protection of your IT systems, we collect and analyse technical information and usage data in a pseudonymised form on the legal basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to:

(1) Provide you with our services and related features;
(2) Improve the performance and process flows of our solutions;
(3) Prevent and remedy the consequences of misuse and malfunctions.

Recipients of personal data

In the course of operating the UTA eCharge® service, processors acting on behalf of UTA or controllers will come into contact with personal data of customers and drivers. This refers to the following service providers:

UTA will not sell or pass on your personal data to any third parties under any circumstances unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

UTA will transfer your personal data to companies in third countries or to international organisations.  UTA has ensured (where applicable, with its cooperation partners in the area of the UTA eCharge® service) that a legal basis exists for this transfer and that the service providers will act in compliance with the data protection rules applicable to UTA. In particular, the transfer of personal data is based on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR published by the EU Commission.

Storage duration

In principle, your personal data will only be processed for as long as it is necessary to fulfil the purposes for which the data were originally collected. After this purpose has been fulfilled, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

As far as information concerning telephone number, first name, last name and language is concerned, storage follows the specifications of the customer or the UTA eCharge® user. The commencement of the storage period corresponds to the commencement of the term of the UTA eCharge® user contract. The storage period ends when the contractual term ends or - as far as individual data records are concerned - as per your instruction. After the termination of the user contract, UTA will erase the data in accordance with data protection regulations and will only continue to store personal data which are subject to statutory retention periods. The retention periods are as follows:

(1) 3 years (statutory limitation) with a view to the fulfilment of any claims you may have against UTA.
(2) For accounting-relevant documents, the retention period is 10 years.
(3) For commercial and business correspondence, emails and other digital documents, the retention period is 6 years.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Transmitted geolocation data stored in the app are stored for a maximum of 14 days.

Cookies

None.
 
Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UNION TANK Eckstein GmbH & Co. KG (UTA, we, us) hereby informs you about the processing of your personal data which you provide to us in connection with your online registration and the associated application for a business relationship with UTA. This information is addressed to the data subjects (hereinafter also referred to as "users" or "you") whose personal data is provided to UTA for processing within the online registration and the order of UTA service cards.

Purpose(s) of the processing 

We collect and process data that you enter during online registration exclusively for specified purposes. These may result from technical necessities, contractual requirements or explicit user requests. In detail, these are:

Technical data

Certain information is already processed automatically as soon as you access our online services. We have listed in detail below which of your personal data is processed.

As part of your use of the online service, we automatically collect necessary technical data that is required for the use of the application. This includes the IP address used, MAC address, internal device ID, version of your operating system and the time at which the online service was called up.

This data is automatically transmitted to us and processed by us:

(1) to provide you with the Service and related features and to develop them on an ongoing basis;
(2) nto prevent and correct fraud, misuse and malfunctions.

Requesting a business relationship with UTA

When requesting a business relationship with UTA via online registration, you transmit personal data (mandatory, voluntary) to UTA. The data will be stored by UTA for as long as we need it within the framework of the customer onboarding process. Afterwards, the data will be (a) stored for the purpose of executing the contract in case a business relationship is established (b) deleted in case that no business relationship is established; if applicable, after a legal retention period (see below). Personal data is processed for the purpose of concluding the contract, establishing the business relationship and contacting you.

• Contact person data (title, first and last name)
• Communication data of the contact person (email address, telephone number)
• Company data (company name, company address incl. postcode and country)
• Business data (VAT ID, tax ID, company registration number)*
• Number of UTA service cards required
• Card personalisation data in case you wish to receive personalised service cards - this requires the conclusion of an order processing agreement with UNION TANK Eckstein GmbH & Co. KG*
• Bank data (IBAN, BIC, bank name)
• Information about your company creditworthiness
• Your experience/your use of the online registration process (tracking)

Data marked with a star *) in the above list is voluntary on your part.

2. Legal basis for the processing of personal data

In the course of your online registration, UTA processes personal data exclusively for a specific purpose and based on a legal basis.

The processing of personal data is carried out for the purpose of:

• Processing your request for a business relationship with UTA
• Assessment of the potential economic risk - credit report
• Contacting you/your company
• Establishing a business relationship with you/your company
• Ordering UTA Service Cards
• Personalization of UTA Service Cards - if applicable
• Provision of interest-based advertising incl. surveys
• Ensuring system security and protection against misuse of our systems
   

The processing of data within the online registration by UTA is based on Art. 6 para. 1 lit. b GDPR for pre-contractual measures.

Insofar as we obtain your consent to address you in advertising, for customer satisfaction surveys, etc., this processing is based on the legal basis of Art. 6 para. 1 lit. a GDPR.

If UTA is subject to a legal obligation which makes the processing of personal data necessary, the processing is based on Art. 6 para. 1 lit. c GDPR. 

In the case of personalisation of Service Cards, this processing is based on the legal basis of Art. 28 GDPR (data processing).

Automated decision-making in individual cases including profiling within the meaning of Art. 22 GDPR (negative legal effect or similar significant impairment) does not take place.

3. Legitimate interests 

In order to ensure that UTA processes the correct company data from you/your company, we offer a functionality during the online registration which, as a result of the collection of the company data, offers you a selection of companies from which you can choose the correct company data. UTA's interest in the correctness of the data transmitted to UTA is based on the legal basis Art. 6 para. 1 lit. f GDPR.
 
Within the framework of the initiation of the business relationship with your company, UTA determines the potential risk of a payment default on the basis of the available information (including the personal data concerning you) by means of the support of credit agencies. Art. 6 para. 1 lit. f GDPR constitutes the legal basis for the processing by UTA for this purpose.
Verification results that would lead to a rejection of your registration request will be personally reviewed by us and evaluated with regard to possible consequences for the requested business relationship by an employee of UTA.
 
In order to prevent and remedy fraud, misuse and malfunctions within the scope of use during the online registration process, we collect and process technical information. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

4. Recipients of the personal data
 
Within the scope of your online registration, service providers commissioned by UTA will come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so or you have separately consented to this.

5. Transfer to a third country or to an international organization
 
During an online registration, the services of Salesforce and Twilio are used. These may process your personal data in the USA. We generally base the transfer of your personal data on standard contractual clauses of the EU Commission.

6. Duration of data storage
 
In general, your personal data will only be processed for as long as it is necessary for the fulfilment of the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted without delay, insofar as no legal retention periods require further storage.
 
As a result of a positive course of business initiation, UTA processes the data collected from you to establish and execute the business relationship. For further details on the processing of your personal data within the scope of a business relationship with UTA, please refer to clause X 10.1 of this data protection declaration.
 
The processing period generally corresponds to the duration of the initiation of the business relationship with UTA. After the end of the business relationship, UTA will delete your data in accordance with the provisions of data protection law and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (legal period of limitation) in order to be able to fulfil any claims you may have against UTA. 
• There is a 10-year retention period for documents relevant to accounting. 
• There is a 6-year retention period for commercial and business correspondence, emails, and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.  

Cookies

Cookies are used within the scope of the online registration process. Further details can be found under clause VI.2 in this data protection declaration.

Tools used

We use various tools on our website for the processes and presentation of our website. These tools and their respective functions are shown below.

We use "DoubleClick" from Google to be able to show you personalised advertising when you use our website. DoubleClick" makes it possible to place relevant advertisements for users by setting cookies. This optimisation of advertising is also the purpose of the processing of your personal data by "DoubleClick".

When used, DoubleClick uses a cookie ID to prevent multiple display of advertisements. Due to the marketing tools used here, a connection is established between your browser and Google's servers and personal data is subsequently transmitted to Google in the form of your IP address. This provides Google with information about the visit to our website and the advertisement and can link this information to your Google account.

Our legal basis for the processing of your personal data within the scope of DoubleClick and the setting of the cookie is your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can withdraw this consent at any time with effect for the future by changing the corresponding setting under the cookie settings. This does not affect the lawfulness of the data processing until the time of the withdrawal.

Google is a US company, which means that in the given context your personal data may be processed in the USA. The USA is an insecure third country for which there is no adequacy decision by the Commission pursuant to Article 46 of the GDPR, i.e. there is no adequate level of protection for personal data. In order to nevertheless ensure the security of your personal data during this transfer, the standard contractual clauses approved by the Commission for the transfer of personal data to third countries have been concluded as appropriate measures pursuant to Art. 46(2) lit. c GDPR. You can find more details on this in the information provided by Google.

The personal data will be stored as long as it is necessary to fulfill the purposes for which it was originally collected. For further information on data protection in connection with the use of DoubleClick and the associated use of cookies, please refer to the privacy policy of Google Inc.: https://policies.google.com/technologies/ads?hl=de.

On this website we use the function of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, further data is transmitted to Google, such as your IP address, date and time of the request, website from which the request comes, browser, and operating system and its interface.

This occurs regardless of whether you are logged into your Google account or whether there is no user account.

If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The legal basis for the processing is our legitimate interest in improving our offer, the visual and functional optimisation of the website as well as the provision of a function that facilitates the location of acceptance partners according to Art. 6 para. 1 lit. f GDPR. The data will be deleted as soon as our legitimate interest no longer exists, or we are obliged to delete the data due to statutory or legal orders.

Insofar as Google processes the personal data collected in this way for its own purposes, Google is the Controller for the processing within the meaning of Art. 4 No. 7 of the GDPR. For more information on the purpose and scope of data collection and processing by Google, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.

Google is a US company, which means that in the given context your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

We use Apple's Smart App Banners Inc. (1 Infinite Loop, Cupertino, California) on our website to inform you about our mobile app application. By selecting and clicking on the Smart App Banner, you will be taken directly to our in-house mobile app application in the Apple App Store.

For the redirection from our website to the Apple App Store, technically necessary data from you is processed to ensure the functionality of our Smart App Banners. This technically necessary data may also include personal data such as your IP address, which is transmitted to Apple. Apple processes further personal data from you in the event of a download of our mobile app application, which is related to your App Store account.

The legal basis for the data processing is our legitimate interest in the advertising our apps according to Art. 6 para. 1 lit. f GDPR.

You can of course object to data processing at any time. Your personal data processed by us will be erased immediately if it is no longer necessary for the purposes for which it was collected and no legal retention periods prevent erasure of the data.

Apple is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have implemented appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Apple's website.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected. For more information on data protection in connection with the use of Apple Smart App Banners, please refer to the privacy policy provided by Apple: https://www.apple.com/de/legal/privacy/data/ .

We use the Font Awesome widget from the company Fonticons Inc. (307 S Main St. Ste 202 Bentonville, AR, 72712-9214 United States) on our website to integrate the web font Font Awesome and its icons into our website. By using Font Awesome we are able to enrich displays and further contents of our website. Furthermore, the use of icons of the web font Font Awesome enables us to improve the loading speed as well as the clarity of our website. This is also the purpose of the processing of your personal data when using Font Awesome.

When using Font Awesome, a Content Delivery Network (CDN) is used to enable the loading of icons from an external server. When you enter our website, your browser establishes a connection to the servers of the Fonticons company in order to enable the loading of the icons. In doing so, Fonticons processes your personal data in the form of your IP address.

The legal basis for data processing is our legitimate interest in the process optimisation pursuant to Art. 6 para. 1 lit. f GDPR.

Fonticons is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have implemented appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the US is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected. For more information regarding data processing in the context of the use of Font Awesome, please refer to Fonticons' privacy policy: https://fontawesome.com/privacy .

We use the cookie consent management tool "OneTrust" of the company OneTrust Technology Limited (82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK)) on our website. The use of "OneTrust" enables us to obtain your consent from you when you call our website, to provide you with specific choices when granting your consent, and to document the consent options you choose. The use of "OneTrust" is necessary for us to fulfill our obligation to obtain consent and the associated documentation obligation. For this purpose, "OneTrust" places a cookie in your browser when you enter our website in order to be able to deliver the application correctly and to be able to guarantee its functionality. In the context of a use of "OneTrust", your personal data will be processed, e.g., your IP-address and the date and time of granting your consent or managing your preferences.

The personal data collected from you in this way will be processed by OneTrust Technology Limited by way of commissioned processing. Please note that OneTrust Technology Limited is a company based in the United Kingdom (UK), which means that there is a possibility that your personal data may be transferred to and processed in a third country of the EU. The UK is a third country with an adequacy decision by the EU Commission in the sense of Art. 45 GDPR, whereby an adequate level of protection with regard to the processing of your personal data in the UK has been measurably established. We have also concluded a data processing agreement with OneTrust Technology Limited pursuant to Art. 28 GDPR to ensure the security and integrity of your personal data as well as compliance with data protection.

We base the use of "OneTrust" on the legal basis of a processing for the fulfillment of legal obligations according to Art. 6 para. 1 lit. c GDPR (the legal obligation is to obtain consent according to Art. 6 para. 1 lit. a GDPR as well as § 25 TTDSG; fulfillment of documentation and accountability obligations according to Art. 5 para. 2 GDPR).

The OneTrust Cookie has a storage duration of one year. After that, your personal data will be erased.

For more information about OneTrust Technology Limited's privacy practices and how OneTrust Technology Limited treats your personal information, please visit OneTrust Technology Limited's Privacy Policy: https://www.onetrust.com/privacy/.  

For our customers, we want to make the start of using our online service as user-friendly as possible. Therefore, we use a user guidance service provided by our processor Userpilot Inc, 2035 Sunset Lake Road, Newark, Delaware 19702, USA.

The user guidance service provides you with additional information and instructions at some points during your interaction with our Online Services, such as clicking certain buttons or visiting a particular sub-site, to help you better navigate and understand how to use the Service. In addition, we use user prompts to inform you of new features within the Online Service. We also analyse whether the user guidance has helped you and to what extent an optimisation of the same is necessary.

The following types of data are processed in the process:

IP address, device type (mobile device or PC), operating system, browser version, country, your registration date for our online service, number of logins, sub-pages visited within the online service.

We transfer your personal data to the Userpilot server in the USA. We have concluded a data processing agreement and standard contractual clauses of the EU Commission with the processor Userpilot for the transfer of personal data to the USA.  

The legal basis for the user guidance and its analysis and optimisation is your consent pursuant to Art. 6 par. 1 lit. a GDPR.

We use the software solution "SendGrid" of the US company Twilio, Inc. (1801 California Street, Suite 500, Denver, CO 80202, USA) on our website. The use of SendGrid enables us to send you automated emails and thus to provide you with the content you contractually requested. For example, we use SendGrid to send you confirmation emails, transaction confirmations or emails with contractually relevant content. In the context of the use of SendGrid, it is necessary for us to process the following of your personal data:

• Master data
• Contract data
• Information relating to your product 
  interests
• email address
• IP address

We would like to point out that Twilio Inc. is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Art. 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the EU Commission for the transfer of personal data to third countries.

We base the lawfulness of the use of the software solution "SendGrid" on the fulfillment of pre-contractual or contractual obligations pursuant to Art. 6 (1) lit. b GDPR.

For more information about Twilio Inc.'s privacy practices and how Twilio Inc. handles your personal information, please visit Twilio Inc.'s privacy policy: https://www.twilio.com/legal/privacy.

“Google reCaptcha" (hereinafter referred to as "reCaptcha") is a service of the provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using reCaptcha, we can verify whether the data entry on our website was made by a human user or by an automated program. For this purpose, each website visitor who enters our website is automatically analysed by reCaptcha.

In the process, various information such as the IP address or the time spent on the website as well as the mouse movements are forwarded to Google and analysed. This analysis takes place entirely in the background and does not make the users of the website aware of this analysis.

The legal basis for this data processing is our legitimate interest according to Art. 6 (1) (f) GDPR to protect our web offers from abusive automated spying and spam.

Google is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

For more information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/about/

We use the software solution "Google Analytics for Firebase" of the US company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website. The use of "Google Analytics for Firebase" enables us to link users to interactions on and around our website using so-called "instance IDs". Instance IDs" are unique identifiers that are assigned to a timestamp. These are assigned to users of our website and subsequently allow the user to be associated with the respective interaction. In the context of the use of "Google Analytics for Firebase", the following of your personal data are sometimes processed:

• IP address
• Number of users
• Number of sessions
• Session duration
• Operating system used
• Device model
• Region of access

We explicitly point out that we have no influence on the use of your personal data by Google. Nevertheless, we would like to inform you about the following in the context of the upcoming processing:

Google is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

We base the lawfulness of the use of "Google Analytics for Firebase" on the legal basis of obtaining the consent of the data subject pursuant to Art. 6 (1) lit. a GDPR and Section 25 TTDSG. You can, of course, withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out up to the time of the withdrawal remains unaffected.

For more information about Google LLC's privacy practices and how Google LLC handles your personal information, please visit Google LLC's privacy policy:

https://support.google.com/firebase/answer/9019185?hl=en#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article

Facebook Fanpage
 
We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), operate our own Facebook fan page at https://www.facebook.com/UTADeutschland/. As the operator of this Facebook page, we are joint controller with the provider of the social network Facebook of the provider Meta Platforms Inc. (Deborah Crawford 1601 Willow Road Menlo Park, California 94025, USA, hereinafter also: Meta), in the sense of Article 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both joint controllers.

We have concluded an agreement with Meta on joint controllership under data protection law (Page Controller Addendum). With this agreement, Meta recognizes the joint controllership regarding so called insights data and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. The agreement also determines that Facebook is the primary contact for the exercise of data subjects' rights (Art. 15 - 22 GDPR). As the provider of the social network, Facebook alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. However, should our support be required, you are welcome to contact us at any time as stated in our privacy notice.

• Use of Insights and cookies
  
  In connection with the operation of this Facebook fan page, we use Meta's Insights function to obtain anonymized statistical data on the users of our Facebook fan page. Meta provides information about Insights and Facebook Fanpages, for example, via its privacy notice. 
  
  Meta also uses cookies and other similar storage technologies in connection with visits to our and other Facebook pages. For more information about Meta's use of cookies, please see their Cookie Policy.
  
  
• Comments and messages; participation in competitions
   
  On our Facebook page, you also have the opportunity to comment on and rate our posts and to contact us via private messages or to participate in competitions.
  
  

• Purpose(s) of the processing
   

  The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain aggregated statistics that Meta compiles based on visits to our Facebook fan page. The purpose of this is to control the marketing of our activity. For example, it allows us to learn about the profiles of visitors who like our Facebook page or use applications on the page so that we can provide them with more relevant content and develop features that may be of greater interest for them.

  In addition, to help us better understand how our Facebook Page can better achieve our business goals, demographic and geographic analyses are also created and provided to us based on the information collected. We may use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Facebook on multiple devices, the collection and analysis can also be carried out across devices if the visitors are registered and logged into their own profiles.

  The visitor statistics created are only transmitted to us in anonymized form. We have no access to the underlying data.

  Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products and services. In this context, we may receive further information, for example due to user comments, private messages or because they follow us or share our content. The processing is solely for the purpose of communicating and interacting with them.

• Legal basis for the processing
   
  The processing of users' personal data is based on our legitimate interests in optimizing the presentation of our company and products (Art. 6 para. 1 lit. f GDPR) as well as in the case answering product application questions based on a (pre-) contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR.
  
  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by using the form provided by us (data protection web form). 
  
  
• Possibility of objection
   
  Facebook users can influence the extent to which their user behavior may be recorded when they visit our Facebook page under the settings for advertising preferences 
  
  Further options are offered by the Facebook settings or the form for the right to object.
  
  

X Fanpage

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), use a X fan page under the name twitter.com/uta_deu. In the following, we would like to inform you about the processing of your personal data on our X fan page.

• Processing of personal data by X

X is a service provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. We would like to point out that you are responsible for using the services provided by X Corp. and all associated functions (e.g., sharing and rating content). 

Information on the data processing carried out by X Corp. and the corresponding purposes pursued can be found in the data protection declaration of X Corp. 

You can find X's data protection declaration here: https://twitter.com/en/privacy. We have no influence on the type and scope of the data processed by X Corp.  or its transfer to third parties. We have no means of control in this regard.

Your data is collected and processed by X Corp. Your personal data will be transferred, regardless of your place of residence, to the United States, Ireland and any other country in which X Corp. conducts business. Data that you have voluntarily provided to X will be processed by X Corp. (e.g., name and username, email address, telephone number or the contacts in your address book) if you upload them. 

In addition, X Corp. evaluates the content you share. As a result, X Corp. identifies the topics and content in which you are interested. It also processes confidential messages that you send to other X users. GPS data, information on wireless networks or your IP address are used to determine your location and to send you corresponding content, usually advertising. 

The evaluation may be carried out with the help of various analysis tools, such as Google Analytics. The use of such analysis tools by X is not subject to our control or influence. If such analysis tools are used by X Corp., we were not informed about the use of such tools. Consequently, X Corp. has not been instructed, assisted or supported by us in the use of such analysis tools. Furthermore, the results of such analysis are not made available to us. Only anonymized information about the response generated by tweets (clicks, likes, etc.) is visible to us. The use of analysis tools on our X account cannot be switched off and there are no other options to prevent such use.  

X also receives data from visitors who do not have a X account when they view content on X. This log data includes the IP address, the type of browser used, the operating system, information about the website previously visited and the pages you viewed, location, mobile provider, cookies or search terms and the terminal device used.

You have the option of restrict the processing of your data by X. To do this, you can open the general settings of your X account and change your privacy settings under "Data protection and security". 

You can check and customize your privacy settings here: https://twitter.com/personalization

Additional help is available at: 
https://support.twitter.com/articles/105576# 
https://help.twitter.com/en/search?q=data%20protection

You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that X only has limited access to your contact data, location data, calendar data or photos, etc. These setting options differ depending on the operating system used on your mobile device. 
 
Further information and assistance is available at:

- https://support.twitter.com/articles/20172711# (possibility to view your own data processed by X).
- https://twitter.com/your_twitter_data (information about X’s inferences to you)
- https://support.twitter.com/forms/privacy (form to receive further information from X)
- https://support.twitter.com/articles/20170320# (possibility to download your own X archive)

• General information on the processing of personal data by us 
   
  If we process your personal data on X, it will not be collected via our X account. There is no transfer of data to X, such as IP addresses, due to the embedding of tweets on homepages or similar. However, we may retweet tweets from you, reply to tweets from you or write tweets that refer to you or your X account. In this respect, your public data on X may be made available to followers of our site.
  
  Data is only passed on to public authorities in the event of overriding legal provisions. If we publish images of individuals, this is done via consent (legal basis: Art. 6 para. 1 lit. a GDPR), on the basis of a contractual agreement (legal basis: Art. 6 para. 1 lit. b GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 para. 1 lit. f GDPR).
   
• Purpose(s) of the processing
   
  We use our X page to communicate with our customers, interested parties and X users and to inform them about us and our products and services. In this context, we may receive further information, e.g., due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. 
  
  
• Legal basis for the processing
  
  The processing of users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when answering product application questions based on a (pre-)contractual relationship according to Art. 6 para. 1 lit. b GDPR.
  
  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by using the form provided by us (data protection web form). 

XING page
 
We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA") use a XING page of the provider New Work SE (Am Strandkai 1, 20457 Hamburg, Germany). With these data protection provisions, we would like to inform you about how we process your personal data via our XING social media profile https://www.xing.com/pages/uniontankecksteingmbh-co-kg and who has access to the data you have provided.

Data about you may be collected via this social media profile through cookies, regardless of whether you have an account with XING or not. Cookies are regularly stored on the user's terminal device when visiting a XING page, including this profile. The information stored in the cookies is received, recorded and processed by XING, in particular when the user visits XING services, services provided by other members of the group of companies and services provided by other companies using XING services. In addition, other entities such as XING partners or even third parties may use cookies on the XING services to provide services to companies advertising on XING. For more information on XING's use of cookies, please refer to their privacy policy.

Cookies are primarily set in order to be able to display personalized advertising to visitors to XING websites, for example. This is done by displaying ads on our XING profile to the user from XING's advertising partners whose websites the user had previously visited. In addition, cookies enable statistics to be compiled on the use of a social media profile, so that XING and UTA can track the use of a social media profile. 

The collection of your data through cookies in the context of the use of the social media profile is neither legally nor contractually required. Nor is this necessary for the conclusion of a contract. There is therefore no obligation to transmit your data to XING. However, the non-transmission of your data (e.g. by blocking cookies) has the consequence that we cannot offer you our social media profile or only to a limited extent.
 
XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are offered by the XING settings or the form for the right to object.

The processing of information by means of the cookies used by XING can also be prevented by not allowing cookies from third-party providers or those from XING in your own browser settings.
 
Further details on the use of cookies by XING can be found in the Data Policy.

• Purpose(s) of the processing
   
  UNION TANK Eckstein GmbH & Co. KG operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information and to communicate with users.
  
  
• Legal basis(s) for the processing
   
  The processing of users' personal data is based on our legitimate interests in optimising the presentation of our company and contacting potential applicants (Art. 6 para.  1 lit. f GDPR).
  
  Your personal data will only be stored by us for as long as it is required to achieve your collection purpose. You have the right to object to the described processing pursuant to Art. 21 GDPR. You can submit your objection to the offices named by us in this data protection declaration.

LinkedIn Page
 
We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), use a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland at https://www.linkedin.com/company/uta_edenred/. 

We have concluded a data protection joint controller agreement (Page Controller Addendum) with LinkedIn Ireland Unlimited Company. With this agreement, LinkedIn Ireland Unlimited Company acknowledges joint controllership regarding the described processing procedures and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches.

When visiting our site, LinkedIn as the data controller party collects personal data of the user, for example, through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this site who are not logged in or registered with LinkedIn. Information about data collection and further processing by LinkedIn can be found in LinkedIn's privacy policy.
 
UTA cannot track which user data LinkedIn collects. UTA also does not have full access to the collected data or your profile data. UTA can only see the public information of your profile. You decide what this information is in your LinkedIn settings.
 
If our site offers a chat function, UTA will use your data when using the chat function to respond to your inquiry.

• Purpose(s) of the processing
   
  UNION TANK Eckstein GmbH & Co. KG operates this LinkedIn page in order to present itself to users of LinkedIn as well as other interested persons who visit this LinkedIn page, to present information regarding recruiting and entry-level opportunities at UNION TANK Eckstein GmbH & Co. KG and to communicate with the users. 
  
  Furthermore, we use the service and customer support information collected via LinkedIn to contact you in order to provide you with the requested information and offers.
  
  UTA processes anonymous statistics provided by LinkedIn regarding Page usage and utilization. The following information is provided:
   
  - Followers: number of people following UTA - including growth and development over a defined time frame.
  - Reach : number of people who see a specific post. Number of interactions on a post. This can be used, for example, to determine which content is better received by the community than others.
  - Ad performance: How many people were reached and interacted with a post or paid ad.
  
  These statistics, from which we cannot draw any conclusions about individual users, are used by UTA to constantly improve its online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.
   
  UTA receives personal data via LinkedIn when you actively share it with us via a personal message on LinkedIn. We use your data (e.g. first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.
  
  
• Legal basis for the processing
   
  The processing of users' personal data is based on our legitimate interests, in an optimized company presentation and contacting potential applicants (Art. 6 para. 1 lit. f GDPR).
  
  

Instagram page

When you visit our Instagram page https://www.instagram.com/uta_deutschland/ and your browser allows cookies to be stored, Meta Platforms Inc. (Deborah Crawford 1601 Willow Road Menlo Park, California 94025, USA) stores information in the form of small text files in your browser's memory (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that embeds Meta technologies. For more information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard, please refer to the information on Instagram cookies.

We would like to point out that Meta is able to track your user behavior (across devices for registered users) on other websites beyond the Instagram platform by means of the cookies used. This applies both to users registered with the Instagram platform and to users not registered there.

We would also like to point out that we have no influence on the data processing carried out by Meta in connection with cookies. Visiting our Instagram page is also possible if you configure your browser so that no cookies are stored by the Instagram platform. Information on how to adjust the settings for cookies in your browser can usually be found in the help section of the browser you use.

If you are registered or logged in to the Instagram or Facebook platform and want to avoid Meta being able to associate your visit to our Instagram page with your Instagram or Facebook user account, you should log out of Facebook or disable the "stay logged in" feature, delete the cookies present on your device, and exit and restart your browser.

We have concluded a data protection joint controller agreement (Page Controller Addendum) with Meta. With this agreement, Meta acknowledges joint controllership with regard to the described processing operations and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. You can then also assert your data subject rights there. 

• Data processing during interactions on our Instagram page
   
  Our Instagram page offers you the opportunity to respond to and comment on our posts, view our Stories, participate in Story interactions, and send us private messages. Please carefully consider what personal information you share with us through our Instagram page. If you would like to avoid Meta processing any personal data you submit to us, please contact us through other means.
   
  In addition to the content you submit, information about your profile, likes and posts will be visible to us depending on your privacy settings.
  
  
• Purpose(s) of the processing
  
  We use our Instagram page to communicate with our customers, prospective customers and Instagram users and to inform them about us and our products and services. In this context, we may receive further information, e.g., based on user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. 
  
  Statistical purposes:
  
  We have set up our Instagram page as a business profile and use anonymized page statistics ("Instagram Insights") provided by Meta Platforms Inc. to provide us with insights about visitors to our Instagram page and their interactions with our Instagram page and its content. We do not contribute to the decision on the means and purposes of processing event data used to generate page statistics. The statistics include the following information:
  
  - Reach , page views, time spent on video posts.
  - Interactions such as tagging a post with "like," commenting, or sharing posts
  - Demographics such as age, gender, and location.
  
  We use this data to identify trends. It is not possible for us to link back to individuals who triggered these events.
  
  
• Legal basis for processing
  
  Our legitimate interest is in particular our business interest in sharing information with our users and being able to communicate with them. The processing of users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when answering product application questions based on a (pre-)contractual relationship according to Art. 6 para. 1 lit. b GDPR.
  
  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. 
  
  We process the data you provide in this context and which may be accessible to us in order to protect our legitimate interests in contacting and communicating with our interested parties, which outweigh our interests in the context of a balancing of interests. This is also our legitimate interests in the data processing according to Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Note on data processing by YouTube

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and offers other users the opportunity to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, so that not only complete films and TV shows, but also music videos, trailers and amateur videos prepared by users can be accessed via the internet portal.

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Information about what data is processed by Google, and for what purposes, can be found in Google's privacy policy.

We have no influence on the type and scope of the data processed by Google, the way in which it is processed and used, or the transfer of this data to third parties. We also have no effective control options in this respect. By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and transferred to, stored and used in the United States, Ireland and any other country in which Google does business, regardless of your country of residence. It is transferred to Google-affiliated companies and to other trusted companies or individuals who process it on Google's behalf.  
 
Google processes your voluntarily entered data such as name and user name, e-mail address and telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. On the other hand, Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location based on GPS data, information on wireless networks or your IP address in order to send you advertising or other content. For evaluation, Google may use analysis tools such as Google Analytics. We have no influence on the use of such tools by Google and have not been informed about such potential use. If tools of this type are used by Google for our YouTube channel, we have neither commissioned this nor supported it in any other way.   

We are also not provided with the data obtained during the analysis. In addition, we have no way to prevent or disable the use of such tools on our YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called "log data" may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. You have options to restrict the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers privacy settings specific to YouTube. You can find out more about this in the guide to data protection in Google products from Google.

For more information on these points, see Google's privacy policy under the term "Privacy Settings". For more information, please see Google's Privacy Help.

• Purpose(s) of the processing
  
  We use our YouTube channel to communicate with our customers, prospective customers and YouTube users and to inform them about us and our products and services. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. This processing is solely for the purpose of communicating and interacting with you. 
   
  In addition, we have integrated YouTube videos from our YouTube channel directly on our website to increase the user-friendliness of our website and thus improve the user experience. Although we have activated YouTube's advanced privacy settings in this context, it cannot be ruled out that your personal data may be affected by processing, e.g., by the setting of cookies.  
   
  As already described, there is no tracking of your behavior by UTA when you use YouTube. However, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we may respond to your publications under "Discussions". The data freely published and disseminated by you on YouTube will thus be included by us in our offer and made available to our followers.   
  
  
• Legal basis for the processing
   
  The processing of users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when answering product application questions based on a (pre-)contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR. 
   
  Our legitimate interest is in particular our business interest to share information with our users and to be able to communicate with them, as well as for customer retention.
  
  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. 
   
  Furthermore, we base the processing of your personal data in the context of the integration of YouTube videos on our website by setting cookies on obtaining consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 TTDSG. Of course, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out up to the time of the revocation remains unaffected. You can submit your withdraw to the offices named by us in this data protection notice.
  
  
• Recipients of personal data
   
  The transfer of your personal data to the USA is in accordance with the GDPR. Google has submitted to the standard contractual clauses as a data importer and we have taken additional measures to comply with the data protection requirements. Here you can find more information about Google's compliance with data protection regulations: https://cloud.google.com/security/compliance?hl=en

YouTube video integration in extended data protection mode 

On our website, we have integrated components from YouTube and use YouTube's extended data protection mode. Enhanced privacy mode allows us to embed YouTube videos without using cookies that track user behaviour. This means that no activity data is collected to personalise the user experience. Instead, video recommendations are contextual and relate to the current video. Videos played in enhanced privacy mode do not affect your browsing experience on YouTube.

If you are logged in to YouTube at the same time, YouTube recognises which specific sub-website of our website you have visited when you call up a sub-website that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. 

YouTube and Google receive information via the YouTube components that you have visited our website if you are logged into YouTube; this happens regardless of whether you have clicked on a YouTube video or not. If you do not wish this information to be transferred to YouTube and Google in this way, you can prevent this transfer by logging out of your YouTube account before accessing our website.

The privacy policy published by YouTube is available here - it provides information on the collection, processing and use of personal data by Google and YouTube. Information on the extended data protection mode can be found here.

The transfer of your personal data to the USA is in accordance with the GDPR. Google has submitted to the standard contractual clauses as a data importer and we have taken additional measures to comply with the data protection requirements. Here you can find more information about Google's compliance with data protection regulations: https://cloud.google.com/security/compliance?hl=en

Note on data processing for Google company profile (Google My Business)

You can find our company as an entry in "Google My Business". This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). 

If you find us via the My Business page set up by Google, we would like to point out that the functions are not provided by us. In particular, interacting with our profile (reviewing, sharing, calling, rating, showing address) may result in Google collecting both your IP address and possibly other information. Furthermore, the data collected by Google may be further processed by Google, possibly also in third countries. You can find more information here in Google's privacy policy.

We cannot exclude the possibility that the data you provide when interacting with our Google profile may be used, viewed and evaluated by Google. Therefore, contact with us should be established by other means than via Google, or direct contact should be sought as soon as possible. 

Google provides us with statistical information about the interaction with our profile. We do not collect any other data, in particular personal data, via Google My Business.
 
General information on social media channels used by UTA

The general information presented below refers to all social media channels used by UTA.

• Possibility to object
  
  You can object to the processing of your personal data by the respective channel provider via the above-mentioned links. 
  
  Furthermore, you can object to the processing of your personal data by us via our contact options.
  
  
• Duration of data storage
  
  Your data will be deleted when the purpose ceases to exist, unless there is a duty to retain the data.
  
  
• Transfer to a third country or to an international organization
  
  It cannot be ruled out that user data is processed on systems outside the European Union. Google, LinkedIn, Xing, Twitter and META (Facebook) have submitted to the standard contractual clauses and have thus undertaken to comply with the data protection standards of the EU.  
  
  Note: UTA itself does not pass on any personal data that we receive via our social media channels.

WhatsApp Channel

We operate a WhatsApp Channel on which we share information and news about our services and products. For this purpose, we use the services of WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X25K, Ireland. WhatsApp users can subscribe to or access this channel to follow and interact with the messages and posts we share. We then process your data when you interact with our posts in our channel or subscribe to it. The data processed are

• Account name
• Reaction
• Profile picture (unless you have disabled this in your privacy settings)

Your telephone number is only visible to us if your contact is already stored on the device we use.

We and WhatsApp are each separately controllers for the processing of personal data within the WhatsApp Channel. Further information on data processing when using WhatsApp channels can be found in WhatsApp's privacy policy.

• Purpose of the processing
  
  
  • Provision of information and news via a channel on WhatsApp
  • Advertising your products and services via the WhatsApp Channel
    
    

• Legal basis of the processing

We process your personal data based on our legitimate interest to operate our channel and to inform interested WhatsApp users about our products and services via the channel, as well as to advertise our products and services.

• Possibility of objection

You can object to the processing at any time by canceling your subscription to our channel.

On our website there is the possibility to register for our newsletter. By registering accordingly, you give us your consent to process your e-mail address and name to send you the newsletter. This consent is given via a double opt-in procedure. The legal basis regarding the processing of your personal data for dispatch of a newsletter is your consent given to UTA.
 
You can withdraw this consent at any time by clicking on the corresponding link in the newsletter sent to you with effect for the future. This shall not affect the lawfulness of the data processing until the time of withdrawal. Alternatively, you can also use the form provided for this purpose. In the event of a withdrawal, we will immediately delete the personal data processed for this purpose.
 
The shipment of the newsletter is carried out by means of "Inxmail", a newsletter distribution platform of Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg.

Information on this data protection notice 

UNION TANK Eckstein GmbH & Co. KG (UTA, we, us) processes company data (including personal data) collected indirectly from various sources (e.g. from lead data providers, address brokers or third-party recommendations) or directly in connection with your enquiry about a business relationship with UTA or in the course of direct discussions with you (e.g. at trade fairs, visits, telephone canvassing) in the course of initiating a business relationship. The processing serves to validate the address, to conclude a contact, and to establish the business relationship with you/your company. As UTA takes the issue of data protection very seriously, we provide you with the following data protection information.

Nature of data processing

In the following, we inform you in detail about the data processing that takes place with regard to your company/personal data as part of the UTA Lead Management.

Source of indirect data collection

UTA has collected your company/contact data indirectly, e.g., as part of address brokerage via lead brokers or from recommendations.

Note: The lead broker is responsible for the lawful collection and forwarding/provision of the data as a distinct controller within the meaning of the GDPR. UTA regulates the data protection conditions and responsibilities of the parties involved in the processing for the transmission/provision of your data within the framework of a so-called controller-to-controller agreement with the respective lead provider.

Source of direct data collection

Your data was collected by UTA directly from you or transmitted by you to UTA, e.g. in the context of contacting us via web sales, our own marketing/lead generation campaigns (hereinafter referred to as TeleSales channels), chatbots/contact requests, by means of the UTA new customer application, forms for requesting offers or information on our products or in the context of tenders.

Purposes of the processing

We process your data either on the basis of business requirements as part of (pre-)contractual measures or for advertising purposes.

We pursue the following purposes with regard to our business requirements:

Validation of data:

• Verification of the accuracy of the personal data collected.
• Verification and identification of identity to prevent money laundering, terrorist financing, tax crime and phishing.

Determination of creditworthiness:

• Assessment of the economic risk to be assumed (determination of creditworthiness) in the context of a business relationship with you/your company.

Internal storage:

• Creation and storage of data records in the lead management tools used by UTA.

For the fulfilment of legal obligations:

• Insofar as we are legally obliged to store your personal data, we process it in order to fulfil our legal obligations.

We pursue the following purposes with regard to the advertising approach of your company or you:

Contacting:

• Contact for acquisition (e.g. telephone, email, post).

Provision of information and advertising material from UTA:

• Sending UTA-related company information.
• Obtaining opinions specific to goods and services (surveys).
• Comparison with data records already known by UTA.

Advertising optimisation/enrichment of data records

• Segmentation
• Data enrichment
• Personalisation of advertising content
• Advertising optimisation
• Increasing data quality

Preservation of advertising preferences

• Blacklist: In the event that you made it explicitly clear to us, that you no longer wish to be contacted for advertisement purposes by UTA at any time in the future, we will place your contact details on an internal blacklist to prevent you from being contacted again.
• Temporary advertising block: If you express no interest in being contacted again in the near future for advertisement, if no contract is reached, we will temporarily store your data to prevent you from being contacted again in the near future and then delete the data. During this period, we will only contact you in exceptional cases if the reason for not concluding the contract no longer applies due to a change in our offer situation and we can assume that you are interested (e.g. price reduction, lack of interest due to the price).
• Lead data pool: If you indicate your interest in us contacting you again in the near future if no contract has been concluded, we will store your data in a lead data pool and contact you again at the latest within one year. We will also store your data in this lead data pool if we could not reach you multiple times to contact you again at a fitting time. In this case we assume, that you are temporary not reachable via phone.

Legal basis(s) for processing

In the context of lead management, UTA processes your personal data on the basis of specific legal basis and exclusively for specific purposes. All processing for pre-contractual measures is carried out in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the purpose of establishing a contractual relationship with you/your company.

Insofar UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

Insofar that we obtain your explicit consent, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. In addition to the legitimate interest, this legal basis generally applies to processing for the purposes of advertising. If we process your personal data based on your consent, we inform you about the details of processing and about how you can withdraw your consent during the collection of consent.

To the extent that we have a legitimate interest in processing that overrides your interests, rights and freedoms in accordance with Art. 6 para. 1 lit. f GDPR, we process your personal data in accordance with the conditions listed below.

Information regarding the right to object, which you can assert at any time in cases of advertising contact, can be found under IV. 7. in this data protection information.

Automated decision-making in individual cases, including profiling (Art. 22 GDPR), does not take place.

Processing on the basis of a legitimate interest of UTA

We process your personal data based on the legitimate interests described below.

Data validation:

In order to ensure that UTA receives and processes correct data from you and that you/your company are acting as an entrepreneur (B2B) on the market, UTA checks the information you have provided. For this purpose, UTA uses external sources and service providers to validate the data.

Comparing inventory data for process control:

In principle, UTA must obtain an overview of the available data through adequate data management and, for this purpose, compares newly collected data with the existing databases. This serves, for example, to ensure that UTA does not add any already known company data to the database. This also ensures that UTA can optimise internal processes and workflows.

Creditworthiness assessment (mitigation of financial risks for UTA)

In the forefront of concluding a business relationship, we obtain information regarding the financial risk and reliability of you/your company. For this purpose, we utilise the support of credit agencies. They assess the potential risk of non-payment on the basis of the information available (including the personal data relating to you). If necessary, the result will be checked by us personally and assessed by a UTA employee with regard to possible consequences for the business relationship.

If necessary, UTA processes your personal data in this regard to assess the individual default risk and to prepare a customised offer (conditions) for the purchase of our goods and services.

Provision of UTA-related company and product information and surveys

Insofar as your presumed consent to telephone advertising for UTA goods and services can be assumed, we may contact you by telephone in accordance with Section 7 (2) No. 1 UWG in conjunction with Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in advertising our goods and services. Such presumed consent exists if there is a specific reason for the call that can be derived from your are of interest. We assume such a reason if your company has a fleet with a corresponding number of vehicles in which an interest in our services can be assumed or we come to the conclusion, based on our experience, as part of a corresponding internal assessment, that you have the above-described number of vehicles or have requested advertising or offers via one of our contact forms. You can object to this advertising approach at any time.

Categories of personal data processed

In the course of generating leads, UTA processes among others the following (personal or non-personal data) from you/your company:

• Company name incl. legal name
• Company address incl. country
• Company-related data
• Company size
• Communication data, such as central company telephone number, fax number, email address or mobile phone number)
• First name and surname of the managing director / contact person
• Salutation
• Bank details (IBAN, BIC, bank name)
• Billing-relevant data
• Forecasted demand
• Size of the fleet/vehicle fleet
• Vehicle-related data (manufacturer, licence plate number)
• Other data that you disclose when contacting UTA

Categories of data subjects

In the context of generating leads, UTA processes personal data relating to the following categories of data subjects:

• Companies that represent a natural person (e.g. sole traders)
• Managing directors
• Contact persons

Duration of data storage

In the event that a business relationship is established with you/your company, UTA stores the data within the scope of this relationship for the provision of contractually guaranteed services and, in addition, in accordance with legal obligations and, where applicable, based on our legitimate interests. These legitimate interests can be found in the data protection notice for customers.

Based on your consent, we will process your data until you withdraw your consent or until you enter into a business relationship with us. In this case, the new legal basis is Art. 6 para. 1 lit. b GDPR (fulfilment of contract and implementation of pre-contractual measures). In the event that we have specified a period for processing when obtaining consent, we will process your personal data for the duration of the specified period.

If we add you to our blacklist, we will process your data indefinitely to prevent you from being contacted again. In this case, we will only process the data required to recognise you. You can also request that we delete you from the blacklist, but in this case, we cannot rule out contacting you again for customer acquisition purposes.

If we have included you in our lead data pool (see above), we will process your data until the next contact and beyond, should you again indicate an interest in being contacted in the future. We store your data in our list for a temporary advertising block (see above) for a maximum of 2 years.

Information regarding the right to object, which you can assert at any time in cases of advertising contact, can be found under IV. 7. in this data protection information.

In principle, we will delete the data as soon as it is no longer required for the purpose for which it was collected, you have objected to the processing, you have withdrawn your consent, or you have sent us a request for deletion.

Insofar that we are legally obliged to store your data, we process your data beyond the above-mentioned deletion periods, in accordance with the respective legal obligation.

Recipients of your personal data

As part of lead management, UTA uses processors who process personal data on instruction. By concluding corresponding contracts together with technical and organisational measures, UTA ensures that your data is processed exclusively in accordance with the requirements of the GDPR.

Transfer to a third country or to an international organisation

In principle, no data processing takes place outside the European Economic Area. We currently use a CRM service provider for lead management at UTA, which means that a transfer to the USA cannot be completely ruled out. If necessary, we ensure processing outside the EU/EEA by concluding standard data protection clauses or other suitable guarantees in accordance with Art. 44 - 46 GDPR

As part of the provision of our services, we are generally responsible for the processing of your personal data and the data of your employees or the employees of your company. This applies in particular to the services that we offer as part of our acceptance media and for the processing of transactions with the acceptance media. 

For certain products offered by us, we may exceptionally act as a processor for our customers. In these cases, in addition to the contract or the additional agreement on the service, you will receive an agreement on data processing for signature for the specific processing that we carry out as data processor. 

 2 Purposes and legal bases of the processing

We process your personal data for the purposes described below and only based on a valid legal basis. 

2.1 Contract fulfilment and pre-contractual measures (Art. 6 para. 1 lit. b GDPR) 

In principle, we process your personal data, which you provide to us as part of the new customer application or in the course of our business relationship, for the fulfilment of the contract concluded with you or your company or for pre-contractual measures. This generally includes the processing of personal data that is necessary for the provision of our contractually agreed services. The exact guaranteed services can be found in our new customer application, our General Terms and Conditions and any additional contracts concluded with you. 

Please note that you are obliged to provide the contractually required information as part of our business relationship, otherwise it will not be possible for us to conclude a contract or to fulfil the contract at a later date. 

In this context, we process your personal data among other purposes for the following purposes: 

• Conclusion of contract 

• Ordering and sending acceptance media (service cards, toll boxes, onboard units, etc.) 

• Performing the services in connection with the acceptance media (authorisation and billing of service purchases) 

• Provision of contractually agreed digital services (UTA - customer exclusive area, e-invoicing, electronic billing information, UTA station finder app, eCharge, etc.) 

• Provision of toll boxes and toll services 

• Payment processing 

• Processing of late payments and debt collection procedures (including forwarding of data to debt collection agencies) 

• Customer service (telephone service, card service, etc.) 

2.2 Legitimate interests (Art. 6 para. 1 lit. f GDPR) 

We process your personal data beyond the fulfilment of the contract for the protection of our predominant legitimate business interests pursuant to Art. 6 para. 1 lit. f GDPR. 

We process your personal data to fulfil the following legitimate interests: 

• Advertising for own similar products and services 

We process your personal data in order to send you advertising to the email address you have provided. In this context, we will only send you advertising for UTA products that are similar or identical to the UTA products that you (or your company) have already purchased. This also includes surveys. 

In connection with the collection of your email address, we give you the opportunity to object to the processing of your personal data for these purposes (in the new customer application or during email validation). You can simply tick the checkbox provided for this purpose. 

You can object to this processing of your data for direct marketing purposes at any time by clicking on the link provided in every advertising email or by contacting us via our Privacy Web Form or informing us of your objection by other means. 

When sending advertising emails, based on our legitimate interest, we comply with entries in block lists for email advertising provided for by your national legislator. 

• Telephone advertising 

Based on our legitimate interest, we will contact you by telephone with advertising or surveys for products offered by us. In doing so, we comply with national regulations, including any blacklists and entries in address directories. 

Contact is made on the basis of your presumed consent, which exists if there is a reason for the call based on your interests. Such a reason usually exists due to our prior business contact. 

You can object to telephone advertising at any time. Simply inform us of your objection by telephone, using the Privacy Web Form provided or by other means. 

• Optimisation of customer contact (incl. customer segmentation) 

We have a legitimate interest in addressing our customers (and potential customers or leads) as effectively and profitably as possible for both sides. For this purpose, we carry out, for example, customer segmentation for a targeted approach based on the related products. 

We process the data in particular for the administration of our customers' contact data, e.g. for comparison with newly collected contact data, in order to prevent our customers from being approached in error as part of our customer acquisition. 

• Assessment of the economic risk to be assumed (determination of creditworthiness) 

We use the support of credit agencies to initiate a business transaction and to monitor an existing customer relationship - particularly in the event of late payment. These assess the risk of non-payment on the basis of available information, including your personal data. The result is reviewed by us personally and evaluated by an employee of UNION TANK Eckstein GmbH & Co. KG with regard to possible consequences for the business relationship. A fully automated rating does not take place. 

• Prevention/anti-fraud measures 

To prevent criminal offences and cases of fraud, we monitor usage behaviour and the use of your acceptance media. In addition, we take the necessary measures to comply with the applicable Group-wide guidelines and legal requirements and to document compliance with them. 

• Defence or enforcement of legal claims 

We potentially process your data for the defence or enforcement of legal claims. For this purpose, we store the relevant data for at least the duration of the applicable statute of limitations. 

• Measures for business management and further development of our products and services (needs analyses) 

We collect data on our business relationship and our customers and analyse this data in order to manage our business processes. In this respect, we have a fundamental interest in improving, further developing or, if necessary, adapting our services and making informed and fact-based business decisions. This includes, for example, improving a product based on feedback from our customers. 

2.3 Consent (Art. 6 para. 1 lit. a GDPR) 

We process your personal data in special situations based on your given consent. In these cases, we will inform you of the details of the respective processing when obtaining your consent. 

You always have the option of withdrawing your consent with effect for the future. To do so, please use our Privacy Web Form or the options provided for the respective process (e.g. links in advertising emails). 

Consent is our legal basis for the following processing operations, for example: 

• Newsletter 

• Personal guarantees 

• Shipment tracking (when ordering acceptance media or other products dispatched by us) 

• Advertising and surveys for products from partner companies or products that we offer in partnership with other companies 

2.4 Legal obligations (Art. 6 para. 1 lit. c GDPR) 

Finally, we process your personal data to fulfil our legal obligations. This includes, among other things, the storage of tax-relevant documents as well as the collection and documentation within the framework of legal requirements (e.g. for anti-money laundering and terrorist financing or corruption). 

Under no circumstances will we sell your data to third parties! 

Within the scope of our business activities, we may transfer your personal data to the following categories of recipients: 

• Sales partners in co-operation models 

• Acceptance partners in the provision of our services relating to acceptance media and toll services 

• Companies that provide services for us as part of our business activities, e.g. support/maintenance/development of EDP & IT applications, call centre services, data destruction and disposal, dispatch of advertising materials, credit information, logistics companies 

• Companies in the Group 

• Public authorities 

When transferring data to recipients, we ensure that your data is processed for a specific purpose and in compliance with the statutory provisions. 

If we have your data processed by a service provider outside the EU/EEA, the processing will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if suitable data protection guarantees are in place to ensure adequate protection of your personal data. 

We delete your personal data as soon as storage is no longer necessary to fulfil the above-mentioned purposes. 

In principle, we process your personal data for the duration of our business relationship and beyond, insofar as this is required by law or the storage of personal data is necessary for the defence or enforcement of legal claims.

Status: 12/2024 

In the following, we explain how UNION Tank Eckstein GmbH & Co KG (hereinafter ‘we’, ‘us’, ‘UTA’) processes your data and the data of your employees or the employees of your company and what rights you and the other persons named are entitled to. However, the notice is addressed to all persons named and we ask you to communicate this notice to all persons whose data you share with us.

We process your personal data for the purposes described below. The personal data processed for these purposes includes master data (e.g. company name incl. company name, address, geolocalisation data), contact data (email address, telephone/mobile phone number), as well as all data that we require for billing purposes within the scope of the contractual relationship (e.g. VAT ID, bank data).

Contract fulfilment

In the context of the conclusion of a supplier contract or during pre-contractual negotiations with UNION TANK Eckstein GmbH & Co KG, we process your data to establish and implement the business relationship. The provision of the data requested in the contracts and subsequently by us is necessary for the conclusion of a contract. If you do not share the requested data with us, it will not be possible to fulfil the contractual relationship.

In addition to contract fulfilment, we also process your data for the following purposes:
To ensure data quality

Ensuring data quality is essential for the fulfilment of the contractual relationship with us, but also to ensure error-free customer-related services and billing - e.g. to fulfil the billing and payment process with you as a UTA acceptance partner or to provide information about acceptance points (name, address, geodata, goods, services, opening hours, etc.). For this purpose, we check the information provided with the means available to us.

To present the services and sources of supply provided by UTA to customers
Sometimes your personal data is processed for the provision of our services to the customer. This includes the inclusion of your data in customer billing documents (itemised statement) or digital data output, in which UTA customers are shown the goods and services obtained from the respective acceptance partner.

We also process your personal data for the provision of information about our acceptance partners and acceptance points (e.g. Station Finder, UTA applications or the petrol station directory) to our customers.

Measures for business management and further development of the business relationship

Onboarding, promoting, monitoring and controlling the acceptance partner relationship.

Compliance with legal obligations

We may be legally obliged to process your personal data to fulfil legal requirements and to pass it on to third parties (e.g. tax authorities, law enforcement agencies).

All processing of your personal data in the above-mentioned processing procedures for pre-contractual or contractual purposes is based on Art. 6 para. 1 b of the GDPR.

In addition, we may be obliged to transfer your data to other recipients to fulfil legal requirements or reporting obligations. These may be, for example, tax authorities or law enforcement agencies. The legal basis for the fulfilment of legal obligations is Art. 6 para. 1 lit. c GDPR.

We process your data for the legitimate interests of us and third parties. This processing is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR. These legitimate interests consist in achieving the purposes of processing described above, with the exception of contract fulfilment and compliance with legal obligations. Insofar as we process data from your employees, our legitimate interest also lies in the fulfilment of the contract concluded with you.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR. Please find in section IV of this statement a description how to exercise your rights.

Under no circumstances will we sell your data to third parties!

As part of our business activities, we may transfer your personal data to the following categories of recipients:

• Sales partners/customers
• Group-internal companies or affiliated companies
• Companies that provide services for us as part of our business activities, e.g. support/maintenance/development of EDP & IT applications, call centre services, data destruction and disposal, dispatch of advertising material, logistics
• Public authorities
• Third party service providers

When transferring data to recipients, we ensure that your data is processed for a specific purpose and in compliance with the statutory provisions.

If we have your data processed by a service provider or customer outside the EU/EEA, this will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if suitable data protection guarantees have been made to ensure adequate protection of your personal data.

We delete your personal data as soon as storage is no longer necessary to fulfil the above-mentioned purposes.

In principle, we process your personal data for the duration of our business relationship and beyond, insofar as this is required by law or the storage of personal data is necessary for the defence or enforcement of legal claims.

Status: 12/2024

If you wish to apply to us for one of our open positions or as part of an initiative application, we will process your personal data. This processing is necessary to ensure equal treatment of applicants as part of the application and decision-making process as well as to identify qualified applications. You have the option of applying by e-mail or by post to the contact indicated on our website. We process the following data from you, among others:

• Name
• First name
• Date of birth
• Personal telephone number
• Personal e-mail address
• CV (Resume)
• Level of experience
• Marital Status
• Nationality
• Application photo 

If you have consented to be included in our talent pool, we also process your personal data in a talent pool. This data processing is done for the purpose of identifying and storing applicant profiles that meet the criteria for future job offers.

Your personal data will only be processed by internal departments (HR department, supervisor of the position). There is no transfer to third parties, with the exception of our service providers as part of commissioned processing. We have concluded a data processing agreement with our processors, where legally required, in order to be able to ensure the security and integrity of your personal data.  There is no intention to transfer the personal data to a third country or an international organization.

We base the lawfulness of processing your personal data in the context of the application process on the legal basis of processing for the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR in connection with Sec. 26 para. 1 s. 1 BDSG.

We base the lawfulness of processing your personal data in the context of our talent pool on the legal basis of consent pursuant to Art. 6 (1) lit. a GDPR.

Your personal data will be deleted by us if it is no longer required to fulfill the purpose of the collection. This is regularly the case (up to) 6 months after completion of the application process, provided that no legal retention periods oppose deletion. If an employment contract is concluded, we will inform you separately about the use of the data in the employment relationship.

If the processing is based on consent, you have the right to withdraw your consent at any time with effect for the future. The processing up to the time of the withdrawal remains unaffected in its validity.