Information on data protection in accordance with the Art. 13 General Data Protection Regulation (GDPR) in the EU

1.1 Collection of general data and information

Our website collects a series of general data and information with each call of the website. This general data and information is stored in the log files of the server.

The following personal data can be recorded:

(1) browser types and versions used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system arrives at our website (so-called referrer),

(4) the sub-websites that are accessed via an accessing system on our website,

(5) the date and time of an access to the website, (6) an Internet Protocol (IP) address,

(6) the Internet service provider of the accessing system and

(7) other similar data and information that serve to avert danger in the event of attacks on our IT-systems.

When using this general data and information, we do not draw any conclusions about your person. This information is rather required in order to

(1) deliver the contents of our website correctly,

(2) optimize the content of our website and the advertising for it,

(3) ensure the long-term functionality of our information technology systems and the technology of our website, and

(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This collected data and information is evaluated statistically, on the one hand, and on the other hand, with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by you.

1.2 Contact (via e-mail, phone and contact forms)

On our website we offer you the possibility to contact us in different ways and on different topics. For this purpose, you can either contact us by e-mail or use the forms provided by us on the website.

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number, if applicable, and the content of the message) will be processed by us in order to answer your questions. The personal data will be used exclusively to handle your inquiry.

By sending the e-mail or submitting the contact form, you give us your consent to process the personal data for the handling of your inquiry.

We process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future by exercising your withdrawal via the form provided for this purpose. If you withdraw your consent, we will immediately delete the personal data relating to you. In this case, it will no longer be possible for us to further handle your inquiry. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We delete the data accruing in this context after we have handled your inquiry or restrict the processing if there are legal retention obligations to further store the personal data.

1.3 Download of information material

On our website we offer the possibility to download information material on various topics (e.g., driving bans). For this purpose, you can use the forms provided to request a download link. By submitting the form, you consent to us using the personal data to send you a download link and to contact you for information purposes (advertising).

Insofar as you enter a telephone number, you further consent to us contacting you for information purposes (e.g., advertising) via this telephone number. The entry of a telephone number is voluntary and is not required for the download!

You can withdraw your consent at any time with effect for the future by contacting us at the above address or by means of a request via the form provided for this purpose. Should you be contacted by us, you have the option to inform us not to be contacted again and thus withdraw your consent. This shall not affect the lawfulness of the data processing until the time of withdrawal.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected or until you withdraw your consent.

1.4 Callback function

On our website, you have the option of requesting a callback from one of our employees. Through this function we enable you to contact us quickly and directly.

When you contact us to arrange a callback, the data you provide (your name, company name, telephone number and your request) will be stored by us to enable this callback. All information is voluntary and will be used to address you personally and to be able to clarify your corresponding request.

By entering the phone number and the associated confirmation, you agree to be called back. If you provide us with further personal data via the callback function, this is done on a voluntary basis. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future via the form provided for this purpose. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We delete the data collected from you in this context after storage is no longer necessary and no legal retention periods prevent deletion.

Cookies

1 Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website such as

1. Browser type/version,
2. operating system used,
3. Referrer URL (the previously visited page),
4. Host name of the accessing computer (IP address),
5. Time of the server request,

will probably be transferred to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We have also extended Google Analytics on this website with the code "anonymizeIP". This function ensures that your IP address is masked so that it is more difficult to assign it to you personally. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

To better integrate and manage Google Analytics on our site, we use the Google TAG Manager. According to Google, no cookies are used for this and no personal data is collected.

In addition, we use Google AdWords to promote our website. As soon as you are redirected to our landing page by an ad generated on the basis of keywords in Google, Google sets an AdWords cookie on its own responsibility in order to be able to integrate this information in Google Analytics. These cookies expire after 30 days and are used to create conversion statistics.

The legal basis for the data processing described above and setting of the cookie is your consent, which you have given us in the cookie banner in accordance with Art. 6 Para. 1 lit a GDPR and § 25 para. 1 TTDSG. You can withdraw your consent at any time with effect for the future by adjusting the corresponding settings in the cookie settings. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We additionally use Google Analytics to analyze data from Double-Click-Cookies (see under 8.1) for statistical purposes. If you do not want this, you can deactivate it via the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/?hl=de).

Google is a US company, which means that in the given context your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the European Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

The data will be kept for statistical purposes for 14 months .

2 Hotjar

We use the analysis tool "Hotjar" provided by Hotjar Ltd. (Dragonara Business Centre, 5th Floor, Dragonara Road, Pacevile St Julian’s STJ 3141, Malta) to analyze the online behavior of our users and to be able to use it for purposes of product optimization as well as to improve our user-friendliness. This is done, for example, through heatmaps, user surveys and funnel tracking.

To enable analysis, Hotjar uses cookies to collect user data for the website operator. Among other things, the following data is collected:

• IP address of your terminal device
• Type of terminal
• Geographical location
• Language used

The data collected in this way is transmitted to Hotjar and processed and then stored anonymously on Hotjar's servers within the EU.

The legal basis for the data processing and the setting of the cookie is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can withdraw your consent at any time with effect for the future by adjusting the corresponding settings at the cookie settings. This shall not affect the lawfulness of the data processing until the time of withdrawal.

For more information regarding data processing in the context of a use of Hotjar, please see the privacy policy provided by Hotjar: https://www.hotjar.com/legal/policies/privacy/ .

3 Facebook and Instagram Pixel

On our website, we use "Facebook and Instagram Pixel" operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

By using the pixel, Meta is able to identify visitors to our website as a target group for the placement of advertisements (so-called "Facebook Ads"). We use the pixel to display Facebook and/or Instagram ads placed by us only to those users who have shown an interest in our website or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta within the scope of the "Custom Audience" function of the pixel. With the use of pixels, we also want to ensure that our Facebook/Instagram ads correspond to the potential interest of users and do not have a harassing effect. This gives us the opportunity to track the effectiveness of Facebook and/or Instagram ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook or Instagram ad (so-called "conversion").

The processing of data by Meta takes place within the framework of Meta's data policy. For general information about Meta products, please see Meta's Data Policy: https://www.facebook.com/policy.php.   

The personal data collected by the pixel is processed for 180 days and then deleted. More specific information and details about Pixel and how it works can be found in Facebook's help section, which is listed here: https://www.facebook.com/business/help/651294705016616. 

Meta is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Meta's website.

For the processing of data where Meta acts as a processor, we have a processing agreement with Meta in which we require Meta to protect our customers' data and not to disclose it to third parties.

For the processing of data where we are joint controllers with Meta, the controller addendum (https://www.facebook.com/legal/controller_addendum) applies.  

The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by adjusting the corresponding settings at Cookie settings. This does not affect the lawfulness of the data processing until the time of withdrawal. In case of withdrawal, we will instruct meta to delete all personal data collected about you.

4 LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited. (Wilton Place, Dublin, Ireland).  This tool sets a cookie in your web browser that enables the collection of data, including: IP address, device and browser properties, and page events (e.g. page views).

This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share personal data with us but offers anonymized reports on website audience and ad performance. In addition, LinkedIn offers the possibility of retargeting via Insight Tag.

We may use this data to display targeted advertisements outside our website without identifying you as a visitor to the website. For more information about privacy at LinkedIn, please see LinkedIn's privacy policy.

The legal basis for the data processing as well as the setting of the cookie is your consent obtained via the cookie banner according to Art. 6 para. 1 lit. a GDPR as well as § 25 para. 1 TTDSG.

You can withdraw your consent at any time with effect for the future by adjusting the corresponding settings at Cookie settings. This does not affect the lawfulness of the data processing until the time of withdrawal. In case of withdrawal, we will delete or anonymize any of your personal data processed in the context of the LinkedIn Insight Tag.

LinkedIn is a US company, which means that in the given context your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on LinkedIn's website.

5 Bing Universal Tracking (UET)

On our website, we also use the Bing Universal Tracking (UET) tool to collect and store data from which usage profiles are created. The service is offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to collect information about user behaviour on our website. The events defined by us, such as calling up certain sub-pages, downloading information material, etc. (so-called conversions) are logged on a so-called UET tag on the website and forwarded to Microsoft. Subsequently, this data can be used to improve our website or for retargeting website visitors.

In order to be able to assign the collected data to your person, UET sets cookies in your browser (see section 5).

The legal basis for the processing of your personal data by UET and the setting of the associated cookies is your consent given in the cookie banner in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can withdraw your consent at any time with effect for the future by adjusting the corresponding settings under the cookie settings. This does not affect the lawfulness of the data processing until the time of the withdrawal.

The personal data collected in this way is stored for a maximum period of 180 days and then deleted. If you withdraw your consent, your personal data will be deleted without undue delay.

Microsoft is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Microsoft's website.

We place the highest value on the security and confidentiality when processing your personal data. Therefore, we use among others the solution(s) listed below to meet the highest standards of data security.

Use of Secure Sockets Layer (SSL)

Within the scope of our website, we use Secure Sockets Layer (SSL) to ensure confidential and encrypted transmission of your data. This makes it difficult or even impossible for third parties to read or manipulate your data during transmission. Thus, an SSL certificate is stored on our website, which the browser can identify as the intended source and subsequently decrypt. The use of such SSLs subsequently protects your personal data during a visit to our website and associated activities.

Within our website we use the following SSL encryption:

• DigiCert EV
• DigiCert SSL
• SSL by Default

The legal basis for data processing is UTA's legitimate interest in processing data for purposes of product and legal security as well as the prevention of fraudulent or abusive attacks according to Art. 6 para. 1 lit. f GDPR.

The personal data shall remain stored for as long as it is required to achieve the purposes for which it was originally collected.

1. iOS

You have decided to use the fuel station finder App. In connection with the use of this application (app), you have read the privacy policy of Apple Inc. (https://www.apple.com/legal/privacy/en-ww/) is accepted. In addition, we inform you about access rights for certain services of the app that are active on your mobile device.

Geo position

Your geo position is determined using the search function within the app in order to be able to show you the UTA stations. This only happens if the app is active in the foreground. As soon as the app is not used, i.e. in the background, we do not determine a geo position. If you have activated the "Report automatically" function, the iOS will continue to determine the geo position.

Routing

This function transmits information via the Apple API. The start and destination of the route are processed. Using the route determined, the app finds possible filling stations (or POIs) along the route.

Push service

If you have activated the push function, current information is made available within the "News" section by means of a so-called "push token".

Equipment identification

This feature checks the exact device you are using to display content to your phone correctly. No IMEI or UDID number is requested.

Statistical evaluations

Statistical data (e.g. frequency of use, download figures, number of new users) are transferred to the "Flurry" service. The privacy policy for this service can be found here: developer.yahoo.com/flurry/legal-privacy/tos.html

2. Android

You have decided to use the fuel station finder App. In connection with the use of this application (app), you have read the privacy policy of Google Inc. (https://policies.google.com/privacy?hl=en ) accepted. In addition, we inform you about access rights for certain services of the app that are active on your mobile device.

When using the app you have the choice between the online or offline version. When using the offline variant, no usage data is transferred.

In order for the online version to be technically implemented, we list the various access authorizations in connection with your mobile device below.

android.permission.INTERNET

In connection with the access authorization, the following queries are made when the data is retrieved by a backend ("eJump"):

System language: Language of the user (required so that texts of the "News" section and "Service numbers" can be displayed under "More".)

Device ID: This makes it possible to deliver device-specific content. No IMEI or UDID number is requested.

Routing

This service transmits data via the Google API. Data about the start and destination is processed. As a result, routes can be calculated.

android.permission.WRITE_EXTERNAL_STORAGE

This access authorization temporarily stores data and images on the device, such as "Favorites", image elements such as icons or images under "News".

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

The search for the stations in the vicinity is performed locally on the device. Geo coordinates are not transmitted.

Statistical evaluations

Statistical data (e.g. frequency of use, download figures, number of new users) are transferred to the "Flurry" service. The privacy policy for this service can be found here: developer.yahoo.com/flurry/legal-privacy/tos.html

UTA EasyFuel® Driver Management

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the UTA EasyFuel® Driver Management (hereinafter referred to as "web app"). This information is addressed to the data subjects (hereinafter also referred to as "drivers" or "you") whose personal data is provided to UTA for processing. The "Customer" (usually your employer) has the possibility to register your driver account for the registration of the UTA EasyFuel® service in the UTA Driver Management.

Purpose(s) of processing

During the activation process:

By activating your driver account to use the UTA EasyFuel® service within Driver Management, we process the following personal data about you:

(1) Last name, first name

(2) Vehicle registration number

(3) Mobile number

(4) Email address of the respective user of the UTA EasyFuel® mobile app

(5) Card number

We use this data to contact you in a personalised way and to register you to use the UTA EasyFuel® service, as well as to enable you to activate your account in the UTA EasyFuel® mobile app. The personal data we process about you is based on the information provided by the customer who registered you as a driver in the UTA EasyFuel® system. The email address provided also represents the username for logging into the UTA EasyFuel® mobile app. Accordingly, the responsibility for the accuracy of your personal data belongs to the responsible employee of the customer who made the entry.

While using the UTA customer service section:

In addition, when you access the website to activate your account, technical data is automatically collected that we need to process to enable the website to function properly. We automatically process the following personal data:

(1) the browser type and version you use,

(2) the operating system used by the accessing system,

(3) the IP address,

(4) and the time of access.

We also reserve the right to process your personal data for the following purposes:

(1) Improvement and optimisation of the services and functions

(2) Prevention and investigation of misuse and errors

(3) Information (also in personalised form) about product-related faults, failures, improvements, updates, etc.

(4) Sending surveys and feedback forms to improve UTA services

(5) Administration of acceptance media (creation, blocking, removal)

(6) Processing of requests

Legal basis of processing

The legal basis for the processing of your personal data in the context of registration is the fulfilment of the contract both with the customer (your employer) and with you pursuant to Art. 6 para. 1 lit. b GDPR. With the activation of your account, a direct contractual relationship between you and UTA regarding the use of the UTA EasyFuel® mobile app is established in addition to the contract with the customer (your employer).

The legal basis for the processing of your personal data is the fulfilment of the contract according to Art. 6 para. 1 lit. b GDPR.

If we process your personal data for legal purposes, this processing is based on the legal basis Art. 6 para. 1 lit. c GDPR.

Processing on a legitimate interest of UTA

Furthermore, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this data processing is to maintain and improve the proper functioning of the UTA EasyFuel® services.

Recipients of the personal data

In the course of registering for the use of the UTA EasyFuel® services, processors acting on behalf of UTA will come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

If UTA transfers personal data to the USA or any other unsafe third countries in the context of the integration and use of the Services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfill the purposes for which the data was originally collected. Following the fulfillment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

The processing period corresponds to the term of the UTA EasyFuel® user contract. After termination of the user contract, UTA will delete your data in accordance with the data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

None

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the customer self-service portal myUTA (hereinafter referred to as "myUTA" or “portal”). This information is addressed to the data subjects (hereinafter also referred to as "user" or "you") whose personal data is provided to UTA for processing within myUTA. The "Customer" (usually your employer) has the possibility to register you as a user of the portal.

Purpose(s) of processing

In connection with the use of myUTA provided by us, we collect and process your data exclusively for specified purposes. These may result from technical necessities, contractual requirements or explicit user requests. In detail, these are:

• Technical data

Certain information is already processed automatically as soon as you visit myUTA. We have listed in detail below which of your personal data is processed.

As part of your use of the portal, we automatically collect necessary technical data that is required for the use of the application. This includes the IP address used, MAC address, internal device ID, version of your operating system and the time of access to myUTA.

The following data is automatically transmitted to us and processed by us :

(1) to provide you with the Service and related features;

(2) to prevent and remedy fraud, abuse and malfunctions.

• Creating a new account (account details)

When creating a new account, you transmit the personal data entered to UTA. The data will be stored by UTA for as long as your user account is maintained. Afterwards, the data will be deleted; if necessary, after a legal retention period (see below). Personal data is processed for the purpose of concluding a contract and contacting you.

• Company name
• Name (first name / surname)
• Company address
• E-mail address
• Telephone number
• Bank details
• Contact person data
   

• Account management

Within your user profile, you have the option to change your master and contact details as well as reset your password. Furthermore, you can change your consent preferences for commercial communication in this area.

• Password forgotten function

If you have forgotten your password, you have the option to reset your password and request a new one. To do this, you must enter your email address stored in our system, which we will then process for the password forgotten function.

• User administration

Within the portal you have the possibility to manage users. Here, you can create new users, edit existing users, or remove them. The personal data processed when creating a new user are:

• salutation
• first name
• surname
• email address
• phone number

Furthermore, you can set a new user as Admin. In the Admin role, a user can manage other users.

• Management of company data

In MyUTA you can manage your company data at any time. You can change the name, the trade register number, and the address of your company. You can also change the tax number and bank information.

• Card ordering

You can order UTA service cards via MyUTA (driver- and vehicle- related cards). When ordering a driver card, you must specify the first and last name as well as the name to be embossed on the ordered service card. Furthermore, you have the option of specifying either a PIN generated randomly or a requested PIN. In the latter case, you must enter your required PIN.

• Preferred petrol station / tariff changes

Within our platform, you can define and change your preferred petrol station yourself. Should you wish to change your tariff, you can select from the available tariffs.  

• Service card management

You can manage the UTA service cards of your employees in the portal. For example, you can set a credit limit that is valid for a month, a day, or a transaction. You can differentiate between petrol stations and other acceptance partners. You can also set the maximum number of transactions per service card.

In addition, you can freeze and block the UTA cards of your employees (and vice versa). You can also set that UTA service cards can only be used at certain times.

• Feedback function

Your feedback is important to us. That is why we provide you with a feedback function. Within the scope of this function, you can either report a bug to us or share your feedback and suggestions for improvement. We will only use the content of your feedback to improve our service and will not use it for any other purpose. You may not receive a reply from us. Please do not use the feedback function for questions of a general nature or regular contact.

Legal basis of processing

Within the scope of the use of myUTA, UTA processes personal data exclusively for a specific purpose and based on a legal basis.

The processing of personal data takes place for:

(1) account and data management (user account)

(2) user administration

(3) ordering and administration of UTA service cards

(4) customer care

(5) provision of interest-based commercial communication

(6) Ensuring system security and protection against misuse of our systems

The processing of data within your usage of myUTA is based on Art. 6 para. 1 lit. b GDPR for the performance of the contract.

Insofar as we obtain your consent to address you in advertising, for customer satisfaction surveys, etc., this processing is based on the legal basis of Art. 6 para. 1 lit. a GDPR.

If UTA is subject to a legal obligation which makes the processing of personal data necessary, the processing is based on Art. 6 para. 1 lit. c GDPR.

Automated decision-making in individual cases including profiling (pursuant to Art. 22 GDPR) shall not take place.

Processing on a legitimate interest of UTA

In order to prevent and remedy fraud, misuse and malfunctions in the context of the use of myUTA, we collect and process technical information. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

Recipients of the personal data

Within the framework of the operation of myUTA, processors commissioned by UTA come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or international organisation

When using the Google Analytics, SendGrid and Userpilot services, your personal data is transferred to the USA. UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage.

The processing period generally corresponds to the duration of the business relationship with UTA. After the end of the business relationship, UTA will delete your data in accordance with the data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

• Use of cookies

myUTA use cookies. Cookies are text files that are stored on computer systems. When you visit a website, a cookie may be stored on your operating system. Such a cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again.

We use cookies to make myUTA more user-friendly. Certain elements require that the calling browser can be identified even after the web application is called up again.

The following data is stored in the cookies and transmitted to the web application:  

(1) Language settings

(2) Login information

We also use cookies in our online services that enable an analysis of your use of the application.

The following data can be transmitted in this way:

(1) Frequency, of calling up the online service.

(2) Analysis of the interaction with the online services

Your data collected in this way is pseudonymised by technical procedures.

When visiting myUTA, you will be informed about the use of cookies for analysis purposes (e.g. Google Analytics or Userpilot) and asked for your consent to the processing of the personal data used. During this step, you will have the opportunity to obtain details of the processing from the data protection information. You can revoke your consent at any time with effect for the future, as described below. This revocation will not affect the lawfulness of the previous processing.

Legal basis

Art. 6 para. 1 lit. f GDPR (legitimate interest) for technically absolutely necessary cookies.

Art. 6 para. 1 lit. a GDPR (consent) for e.g. Google Analytics.

Purpose of storage

The purpose behind the use of technically essential cookies is to make it easier for you to use myUTA. Certain functions of the portal cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognised when you visit myUTA again.

Objection / removal option

By changing the settings of your browser, you can deactivate cookies or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for myUTA, this may mean that it is no longer possible to use all the functions of the portal.

• Use of third party technologies

myUTA is using technologies provided by third parties (Google Analytics, User Pilot, SendGrid).

In the event that you would like further information on this technology, please refer to Section VIII of the statement for this information.

(Other)

As part of MyUTA, we have links to our social media pages. Please refer to this privacy policy for information on the processing of your personal data in this context.

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the UTA SmartCockpit® App.

In principle, it is also possible to use the app without providing personal data. If you want to use special functions of the app, the processing of personal data may be necessary.

Purpose(s) of processing

UTA collects and processes your data exclusively for specific purposes. These may also arise from technical necessities, contractual requirements or explicit user requests. For technical reasons, certain data must be collected and stored when using the App (e.g. push token, device platform and App version).

Within the scope of the App provided by UTA, UTA processes the personal data described below:

• Geolocation data (location data of the device which we have linked to a vehicle according to your specifications).
  
  During the initiation of the app, you as the user decide whether to activate the functionality for processing geolocation data. This is deactivated by default.
  
  The data flow into the UTA SmartCockpit® Web Application is dependent on
  
  - Activation of the function (geolocation) in the mobile device,
  - Activation of data transfer from the mobile device to the UTA SmartCockpit® Web Application,
  - Assignment of the mobile device to the vehicle in the UTA SmartCockpit® App.
  
  In case of an inquiry, we collect your current location via GPS in order to provide you with quick information about your immediate surroundings (proximity search) and to offer you the possibility to plan routes from your current position. Data on your location will be used to process your request and will be transmitted to the UTA SmartCockpit® Web Application. The transmission of your location data takes place via an encrypted connection using HTTPS. Your location data is used in the UTA SmartCockpit® Web Application to enable the user of the UTA SmartCockpit® Web Application to plan a route from the current position of a vehicle, as well as for subsequent analysis.
  Based on the geolocation data, UTA shall under no circumstances carry out profiling according to Art. 22 GDPR or measures to monitor the performance and behaviour of individual SmartCockpit® App users. If the GPS reception is disturbed, the positioning is automatically carried out via WLAN or radio masts. In this case, the geolocation may be less accurate. If the GPS function is deactivated, the last known position of the mobile device is displayed.
   

• Activating the App
  
  Within the scope of activating the UTA SmartCockpit® App, it is necessary that the customer number and the telephone number of the App user are processed in the App in order to create a permanent connection between the UTA SmartCockpit® Web Application and the associated App. This is necessary in order to be able to select vehicles, plan routes and receive planned routes from the UTA SmartCockpit® Web Application when using the App. In addition, the so-called Driver ID is processed.
   

• Using the push function towards the App
  
  When using the push function from the UTA SmartCockpit® Web Application towards the App, it is also necessary to process Vehicle ID and Push Token. Note: The Push Token is an App-specific token that is automatically generated by Goolge Firebase.
   

• Using the map functionality
  
  There is a difference between iOS and Android for the use of the map functionality. Android uses Google Maps, while iOS uses Apple Maps.
  Due to a used functionality (Layer) there is no transmission of geolocation data to Google, respectively iOS. UTA has the geolocation data processed within the scope of a regulated order processing.
  UTA has the geolocation data processed by Qivalon for display on the map within the scope of a regulated order processing.
  Prerequisite for the use of this function is an existing Internet connection via WLAN or mobile data. This may result in additional costs which are beyond the control of UTA.
   

• Analysis data
  
  In order to continuously improve your user experience, we collect statistics on the use of the App. For this purpose we use the analysis tool Google Analytics Firebase. This enables us to ensure that our app is designed to meet your needs and is continuously optimized. On the other hand, we use the tracking measures to record the use of our app statistically and evaluate it for the purpose of optimizing our offer for you. All data is processed anonymously.
  In standard tracking the following data is analysed: Number of active users, number of application crashes, user interaction, information about the target group and app usage. In addition, an event-based tracking is carried out in which the number of app activations, registered vehicles, planned routes, started routes and accepted missions are stored and evaluated. In addition, the number of app starts, the status of the app (opened in the background or foreground) and the number of app deletions are recorded and evaluated in this event-based tracking. Furthermore, the tracking of changes in settings regarding the radius, price projection, ignoring of motorway filling stations and the display of traffic information including the respective set parameters are also included.  Within the app, you as a user can make settings accordingly. These can be found in Route Planning or under the menu item Settings.
   

• Technical access authorisation to your Device
  
  For technical reasons access to the Internet is necessary. Access to the location of the device is also necessary for planning routes or radius searches from the current position of the vehicle. This is also one of the prerequisites for using the geolocation function, if desired and activated.
   

Legal basis of processing

Within the framework of the UTA SmartCockpit® App, UTA processes personal data purely for a specific purpose and based on a legal basis.

Location data shall be processed on the basis of the consent granted in the App in accordance with Art. 6 para. 1 lit. a GDPR. The functionality can be switched off at any time with future effect by the App user under 'Settings'. The functionality is then terminated and no more location data is collected or transmitted to the UTA SmartCockpit® Web Application. For the transmission of location data to the UTA SmartCockpit® Web Application it is essential that the mobile device accesses the Internet.

The processing of personal data within the scope of the use of the card functionality and technically required access authorisations is based on Art. 6 para. 1 lit. b GDPR and is exclusively for the purpose of providing contractually agreed services. The possibility of accessing the Internet is dependent on the provision of services. The availability of access to the Internet is beyond the control of UTA. Accordingly, UTA shall not assume any responsibility for the UTA SmartCockpit® App not functioning as agreed due to the lack of availability of or access to the Internet.

If UTA is subject to a legal obligation, which makes the processing of personal data necessary, the processing shall be based on Art. 6 para. 1 lit. c GDPR.

Processing on a legitimate interest of UTA

None

Recipients of the personal data:

In the context of the operation of the UTA SmartCockpit® App, contractually commissioned processors commissioned by UTA come into contact with personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation:

UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

The customer number, the driver's telephone number and the driver ID are permanently stored in the app in order to guarantee the continuous connection of the app with the UTA SmartCockpit® web application. In addition, the respective connected vehicle ID is temporarily stored for the duration of the connection of the vehicle with the App and the push token for a maximum of 6 months.

The data will be automatically deleted when the App is uninstalled.

Depending on the contract term of the UTA SmartCockpit® Web Application, UTA may store data collected via your mobile device for fulfilment of the contract.

In case of an objection to data processing, UTA shall treat the data in accordance with Art. 17 GDPR.

Cookies

We do not use any cookies within the app.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA SmartConnect Driver management

In the following, UTA informs you about how your driver data is processed within the framework of the use of the fleet management service UTA SmartConnect (https://www.telepasskmaster.com/).

Purpose(s) of processing

Driver data:

In order to offer the use of UTA SmartConnect to our customers (your employer), we allow our customers' fleet managers to create driver data for the purpose of fleet management and administration. The fleet manager has the possibility to record the following categories of personal data regarding you:

• Name (first, last)
• ID code
• fuel card information
• idApp (used to create access to the app)
• SMS contact
• Driving licence
• Alternative means of communication (first and second alternative; email or phone)
• Port authorisation number

Location, journey details and vehicle data:

We process the data required by your fleet manager to fulfil its task in order to enable the use of our fleet management service. Such fleet management includes, for example, the following functions:

• Planning the most favourable route
• Optimisation of fuel consumption and petrol station use
• Optimisation of the route to service points
• Informing the driver about possible traffic jams, etc.
• Resource management

For this purpose, we process the following personal data:

• Routes planned for you
• Vehicle used
• Vehicle related data (registration number, model, engine temperature, fuel level, consumption, etc.)
• Distance driven (daily, in total)
• GPS location data (Current location)
• Trip status data (time of vehicle moving, time of vehicle in "stop with key" state, time in "stop" state, total runtime of the engine, and the time period of each status (e.g. 10:00-a.m. to 10:15 a.m. "stop"))
• If applicable, video data, via the autostrade // per italia camera system (this data is not stored but used as a live feed).

News, Notes function:

As part of our services, it is possible for the fleet manager to send messages to you as a driver via the fleet function. We process the messages sent in this way, as well as the messages sent by you to the fleet manager, to enable you to use the contact function between the fleet manager and the driver. In addition, the fleet manager may make notes in your driver profile. This content is also assigned to you as personal data. The categories of personal data processed about you in this way are determined by the content of the messages or notes.

Legal basis of processing

The processing is carried out on the legal basis under data protection law, which has been determined by your employer. As a rule, this will be Art. 6 para. 1 lit. b GDPR in conjunction with. § 26 BDSG.

We process your personal data based on a data processing agreement concluded with your employer (our customer) within the meaning of Art. 28 GDPR.

Processing on a legitimate interest of UTA

None

Recipients of the personal data

Provider of the SmartConnect platform:

• Telepass S.p.A., Via A. Bergamini, 50, Rome (RM), Italy
• K-Master S.r.l, Via A. Bergamini, 50, Rome (RM), Italy

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

If UTA transfers personal data to unsafe third countries in the context of the integration and use of the Services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreement.

Storage duration

We only store the data you provide in this way for as long as it is necessary to achieve the purposes for which it was originally collected or if your employer instructs us to do so. In the case of your driver information, the processing will take place accordingly until the termination of our contractual relationship with your employer or until you are no longer working as a driver for that employer and your account is deleted.

In the case of personal data relating to your location, journey details and vehicle data, processing will continue accordingly until the termination of our contractual relationship with your employer or until you are no longer working as a driver for the employer and your account is deleted.

Cookies

None

Other

In the event that you as an employee wish to make use of your data protection rights, please assert them vis-à-vis your employer (controller within the meaning of Art. 4 No. 7 GDPR). Should UNION TANK Eckstein GmbH & Co. KG (UTA) receive such a request from you, UTA will forward this request to your employer.

User information UTA SmartConnect

In the following we inform you about the processing of your personal data by using the UTA service UTA SmartConnect (https://www.telepasskmaster.com/)

Purpose(s) of processing

Collecting general data and information:

The SmartConnect application collects a series of general data and information each time you as data subject or an automated system visits the website. This general data and information is stored in the server's log files. The following data may be collected:

(1) the browser types and versions used,

(2) the operating system used by the accessing system,

(3) the sub-websites that are accessed via an accessing system on our website,

(4) the date and time of an access to the website,

(5) an Internet protocol address (IP address),

(6) the Internet service provider of the accessing system and

(7) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, UTA does not draw any conclusions about the data subject. Rather, this information is needed

(1) to deliver the contents of our website correctly,

(2) to optimise the contents of our website as well as the advertising for these,

(3) to ensure the long-term operability of our information technology systems and the technology of our website, and

(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

Therefore, UTA analyses anonymously collected data and information with the aim of increasing the data protection and data security of our company, so that we can target an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Data processing in particular:

In the following, we would like to inform you in detail about the data processing that takes place when using UTA SmartConnect due to the functions and services provided by us.

1. Account (Log-In and Management)

In order to be able to offer the use of the SmartConnect service and to ensure the access restriction to your user account and thus the security of the service for you as our customer, we process your log-in information (e-mail address, password) accordingly.

You can change your password in the options at any time.

In addition, we process an ID assigned to you (ID-APP) for the purpose of addressing you and identifying your account.

Also, you have the option of providing your e-mail address and telephone number for contact purposes. An entry in this regard is not necessary for the use of our service, accordingly the input fields are not mandatory fields. The name (surname and first name) that we process from you is provided by you on your own responsibility, you may also use a pseudonym.

2. Fleet management

We process the settings you have made within the framework of fleet management in order to be able to offer you the contractually assured services, to organise your fleet according to your wishes. In addition, we process data collected within the scope of our service to enable you to analyse the fleet managed by you in order to make decisions regarding the route and economic planning on this basis.

For this purpose, we process the following data:

• Scheduled route planning, vehicle maintenance, equipment maintenance etc.
• Drivers and vehicles under your responsibility
• Vehicle data (registration number, model, engine temperature, distance driven, current route, fuel level, consumption, etc.)
• GPS location data
• Customers
• Suppliers
• equipment
• Point of interest (locations specified by you)F
   

3. Inputs made (messages, notes)

As part of our services, it is possible for you to send messages to your drivers via the fleet function. We process the messages you send in this way, as well as the messages addressed to them, to enable you to use the function of contacting your drivers. In addition, you can make notes regarding your drivers. This content is also assigned to you as personal data. We offer you this function in order to store brief information on individual drivers in our system at your request. The categories of personal data are determined by the content of the messages or notes.

You do not have the possibility to opt out of this data processing, as this data is necessary to provide you with our service.

4. Google maps

As part of SmartConnect, we use the Google maps service. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have requested the corresponding sub-page of our website.

In addition, only the technically necessary data is transferred. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button.

For further information on the processing of personal data by Google, please refer to section VII of this statement.

Legal basis of processing

All processing of personal data (account data, fleet data, messages and notifications) takes place within the framework of the use of UTA SmartConnect. The processing activities are based on the legitimate interest of your employer in accordance to Art. 6 para. 1 lit. f GDPR.

Processing on a legitimate interest of UTA

The processing in connection with the technical and functional provision of UTA SmartConnect including the Google maps functionality is carried out by UTA on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

We have a legitimate interest in ensuring the functionality and error-free operation of the service and in being able to offer a service that is in line with the market interests, whereby this legitimate interest outweighs your rights and interests in protecting your personal data within the meaning of Art. 6 para.1 lit. f GDPR.

Recipients of the personal data

Provider of the SmartConnect platform:

• Telepass S.p.A., Via A. Bergamini, 50, Rome (RM), Italy
• K-Master S.r.l, Via A. Bergamini, 50, Rome (RM), Italy

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfers to a third country or an international organisation

In the context of the use of the Google Maps function integrated in SmartConnect, a transfer of personal data to a third country (USA) or to an international organisation cannot be ruled out.

UTA is aware of this and guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In general, we only store the data you provide in this way for as long as it is necessary to achieve the purposes for which it was originally collected.

In the case of

(1) providing the website, the data are deleted with finishing the web session.

(2) storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

(3) your log-in information, as well as your name and the ID assigned to you, the processing will take place accordingly until the termination of our contractual relationship with your employer (or you personally if you are purchasing our service as a sole trader). Or as soon as you are no longer active in the function as a fleet manager and your account is deleted. The same applies to your phone number and e-mail address for contact purposes. However, you can delete this data at any time if you wish.

You have the possibility to object/remove this data processing with regard to your contact email address and your phone number, as well as your name, by removing the information from your profile, insofar as this is permitted by your employer.

(4) personal data relating to your fleet management, the processing will take place accordingly until the termination of our contractual relationship with your employer (or you personally insofar as you obtain our service as a sole trader), or as soon as you are no longer active in the function as fleet manager and your account is deleted. You do not have the option to delete your account, as this data is necessary to provide you with our service.

(5) Google maps functionality the data will be deleted as soon as our legitimate interest no longer exists, or we are obliged to delete the data due to statutory or legal orders.

With the exception of the data mentioned under no. 3 above, you have no possibility to decide against the storage of your data, as this data is necessary to provide you with our service.

Cookies

UTA SmartConnect does not use cookies for the provision of the service.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

Together with our parent company Edenred S.A., UNION TANK Eckstein GmbH & Co. KG is carrying out a pro-gramme aimed at determining customer satisfaction with UTA products and services and deriving needs for improvement. For this purpose, UTA uses a solution that makes it possible to manage surveys, analyse survey results and classify customer feedback (programme).

Purpose(s) of processing

Within the framework of the programme, UTA processes company data as well as data of a named contact person. All of this data is based on information that you have provided to us as part of the new customer pro-cess. In detail, the data processed are:

• of a contact person (first name, last name, gender, personalised company e-mail address, if applicable)

• from the company (company name, company headquarters (city, country), central communication data (e-mail address, telephone number))

• from the digital visitor (IP address, device information, browser information, language, etc.)

UTA's purposes for processing your personal data within the programme are as follows:

1. researching customer needs, customer satisfaction and trends in the provision of products and services, includ-ing

• creating standard customer profiles and categorising the information.
• trend analysis through segmentation, filtering, profile comparison and tracking over time
• personalisation of customer interactions, especially in terms of the interaction progression
• supporting the identification of customised offers based on customer feedback

2. identification of improvement opportunities

• identification of improvement opportunities for offered products and services based on customer feedback
• identifying maintenance needs in an operational state (tracking of IT incidents, verifying proper func-tioning of equipment, assisting with troubleshooting)

3. ensuring safety and traceability

• technical support
• account management & user authentication
• security monitoring: access and activity logging
   

Legal basis of processing

The processing activities described under 1 and 2 are based on your consent given to UTA pursuant to Art. 6 para. 1 lit. a GDPR.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

An automated decision in individual cases including profiling (Art. 22 GDPR) does not take place.

Processing on a legitimate interest of UTA

We collect and analyse technical information and usage data on a pseudonymised basis in order to continu-ously improve the platform used within the framework of the programme and the processes operated as well as to protect the IT systems used (3.). The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Recipients of the personal data

Within the company, all departments receive access to your personal data that absolutely need this access to fulfil their tasks.

Contractually obligated service providers and vicarious agents also come into contact with your data. These partners are contractually obliged to comply with data protection requirements within the framework of an agreement and support UTA in the performance of this task.

Within the programme, UTA is supported by:

• Medallia, a SaaS solution provider that provides maintenance and technical support in addition to the tech-nical platform for the programme.
• Edenred S.A to ensure the proper functioning of the programme. In this context, Edenred S.A., as the parent company of UTA, has basic access to all personal data processed within the framework of the programme. Edenred will not process your personal data for purposes other than those mentioned above.
• SalesForce, Inc., a CRM solutions provider. Their survey data and results are stored in Salesforce. Access to the data by the provider is not excluded.
  
   

Very important: Under no circumstances will UTA sell your personal data to any third party.

Transfer to a third country or an international organisation

It is ensured that your personal data within the framework of the programme is processed without exception on servers in the EU/EEA area (Frankfurt am Main, Germany or Amsterdam, the Netherlands).

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted without delay, insofar as no legal retention periods require further storage.

In the case of data collected within the framework of the programme, UTA processes these data:

• for a period of 3 years.
  After this period, they will be deleted by means of an automatic routine.

After termination of the programme, UTA will delete this data in accordance with data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory period of limitation), in order to be able to fulfil any claims you may have against UTA.
• For documents relevant to invoices, there is a 10-year retention period.
• For commercial and business related correspondence, emails and other digital documents, there is a 6-year retention period.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

Within the programme we use cookies.

We use cookies to collect your geolocation and connection data as part of the programme. This enables us to determine your needs and interests and to personalise our content. Before we use cookies, we obtain your consent in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with. § 25 para. 1 TTDSG. You can withdraw your consent at any time. The information contained in cookies (geolocation and connection data) is stored for 13 months.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA EasyFuel® app

In the following we inform you about the use of your personal data which is provided to us in connection with the use of the UTA EasyFuel® app (hereinafter referred to as "EasyFuel® app"). This information is addressed to the data subjects (hereinafter also referred to as “driver” or "you") whose personal data is provided to UTA for processing. The "Customer" (usually your employer) has the possibility to register your driver account for activating you to use the EasyFuel® app within the UTA EasyFuel® Driver Management.

Purpose(s) of processing

Scope of the processing of personal data by using the UTA EasyFuel® app

UTA collects and processes your data exclusively for specific purposes, which may result from technical necessities, contractual requirements, or express user requests.

Within the scope of the UTA EasyFuel® App provided by UTA, UTA processes the personal data designated below:

• Data collected during download

When you download the app, certain required information is transmitted to the app store you have selected (e.g., Google Play or Apple App Store); in particular, the username, email address, customer number of your account, time of download, payment information, and individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.

• Automatically collected data

As part of your use of the app, we automatically collect certain data that is required for the use of the app. This includes

(1) the internal device ID,

(2) the version of your operating system,

(3) and the time of access.

This data is automatically transmitted to us, but not stored,

• to provide you with the Service and related features;
• to improve the functions and performance features of the App; and
• to prevent and remedy misuse and malfunctions.
   

• Permissions

The following permissions are required for our app:

• Internet access: Required to process contactless transaction authorisation, for your authentication, to access the details of your use of our service and to show nearby gas stations.
• GPS data: Required to determine your location and display nearby gas stations.  
   

• Preferences

When using the App, the User has the option on his/her profile to consent to the use of his/her personal data for optional purposes. The user can select here that his/her personal data will be used by UTA to

(1) keep the user updated regarding new UTA products and offers;

(2) to send the user the UTA newsletter;

(3) to send the user surveys and feedback opportunities to improve UTA services.

• Account data

The account data of the drivers (first name, last name, email address, ID number) are processed for contacting you in a personalized manner. In addition, processing takes place in the context of this contact in order to provide technical updates/information (bug fixes, new versions, etc.).

Your personal data will also be processed to assign you a corresponding fuel card, to enable the customer to manage his fleet via the fuel cards and to enable you to use the UTA EasyFuel® services via the app.

Although the input fields for your account details are mandatory, it is the customer's responsibility to enter the names themselves. Pseudonyms can also be entered in these fields instead of your name.

The setting of a driver-related card is not obligatory and is made by the customer for his employees (drivers), insofar as the customer wishes such an assignment.

In this context, the customer has the task of informing the employee about the data processing within the scope of our service offer and the UTA EasyFuel® app.

• Log-in data

In order to be able to offer the use of the UTA EasyFuel® app and to ensure the access restriction to your driver account and thus the security of the services for our customers, we process your log-in information (email address, password) accordingly.

You are always able to reset or adjust your password in the options of the UTA EasyFuel® app.

• reCaptcha

For the UTA EasyFuel® app, we use "Google reCaptcha". For further detailed information on the processing of personal data in connection with the use of this service, please view into Section VIII of this statement.

• Language

The UTA EasyFuel® app processes your language so that you can be contacted in a language that you are able to understand. The language input is done by employees of the customer or by you when using the UTA EasyFuel® app. Accordingly, the responsibility for the accuracy of the information regarding your language belongs to the customer or with you as the user of this app.

• UTA EasyFuel® service station search

When you install the app, you decide whether to enable the geolocation data processing feature. This function is disabled by default. If you want to use the service station search function, we record the current location of the mobile device via GPS. The location data is used in the UTA EasyFuel® app to plan a route from the current position of your device (e.g., smartphone) to a selected service station nearby.

• Using the map function

For the use of the Map function, when using a mobile device with Android operating system, Google Maps is applied, and when using a mobile device with iOS operating system, Apple Maps is applied. On the map you can find gas stations where it is possible to authorize the transaction with the UTA fuel card. If you have authorized the UTA EasyFuel® app to access your location, your location data will be transferred to the respective map operator while using the map function.  

• Approval of contactless transactions in UTA EasyFuel®.  

The UTA EasyFuel® app offers you the function for contactless approval of transactions (also referred to as transaction authorisation directly at the pump). When you use the contactless transaction authentication function, we process the following personal data:

(1) The master data of the customer (first name, last name, address),

(2) the identification of the authorizing medium (Card-BIN) or the driver (if a fuel card has been linked to him/her),

(3) Date and time of transaction authorisation,

(4) purchased product and its quantity, release dates,

(5) Status of the transaction authorisation success.

When a transaction authorisation is initiated, the abovementioned transaction-related data is passed on to the recipient and stored in the system.

• Contact

Insofar that you contact us by utilizing the “Call Us”-Function, we will be processing the following data:

• Phone number
• Customer data for identification
• Content of your message

We process this data solely for the purpose of answering your inquiry.

Legal basis of processing

UTA only processes personal data for specific purpose(s) and related to existing legal basis. In connection with the use of the UTA EasyFuel® app, UTA processes your personal data on the basis of:

• Your preferences

This data processing is based on the consent of the user pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn with effect for the future at any time by unchecking the corresponding boxes in the app under the user profile.

Within the framework of the UTA EasyFuel® App, UTA processes personal data exclusively for a specific purpose and In accordance to a specific legal basis.

The processing of location data is based on the consent given within the mobile app pursuant to Art. 6 para.1 lit. a GDPR. You can stop the processing of location data at any time with effect for the future by deactivating the function. This deactivation does not affect the lawfulness of the data processing using the location data that has taken place up to this point.

The processing of personal data within the scope of the UTA EasyFuel® services for the use of the

• Management of account and master data (user account)
• Contactless transaction (transaction-related data)

is carried out in accordance with Art. 6 para.1 lit. b GDPR exclusively for the provision of the contractually agreed services.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out In accordance to Art. 6 para.1 lit. c GDPR.

An automated decision in individual cases including profiling (Art. 22 GDPR) does not take place.  

UTA will under no circumstances carry out profiling within the meaning of Art. 22 GDPR on the basis of the geo-location data or measures to monitor the performance and behavior of individual users of the UTA EasyFuel® App.

Processing on a legitimate interest of UTA

For the functionality of the app, as well as the continuous improvement of the same, we collect technical information and analysis data on a pseudonymized basis. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest that constitutes the legal basis is:

• Provide you with the Service and related features;
• To improve the functions and performance features of the app; and
• To prevent and correct misuse and malfunctions.  

Furthermore, within the scope of using the UTA EasyFuel® App, it collects automatically data based on our legitimate interest according to Art. 6 para.1 lit. f GDPR.

We have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service that is in line with the market interests, whereby this legitimate interest outweighs your rights and interests in protecting your personal data within the meaning of Art. 6 para.1 lit. f GDPR.

Recipients of the personal data

In the course of the operation of the UTA EasyFuel® App, processors on behalf of UTA come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

If UTA transfers personal data to the USA or any other unsafe third countries in the context of the integration and use of the Services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfill the purposes for which the data was originally collected. Following the fulfillment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

The storage of the telephone number, first name, last name and language is done according to the specifications of the customer (the UTA EasyFuel® user). The start of the retention period corresponds to the start of the term of the UTA EasyFuel® user contract. The end of the retention period corresponds to the end of the contract term or with regard to individual data records upon your instruction. After termination of the user contract, UTA will delete your data in accordance with data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

The transmitted geo-location data processed in the app is stored for a maximum period of 14 days.

Cookies

When using our app Google reCAPTCHA automatically places a functional Cookie (_GRECAPTCHA) to ensure the spam protection. This Cookie is a so-called Session Cookie, which will be deleted as soon as the session is ended and the App is closed. If you are logged in to your Google account on the device you are using reCAPTCHA might read the information stored in these Cookies. The legal basis for the setting of the cookie consists in § 25 (2) Nr. 2 TTDSG, as the spam protection by reCAPTCHA utilizing the Cookie is necessary to ensure the function of the app.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA eCharge® is a service offered by UTA for the purchase of products and services in the field of electromobility, in particular for fleet management and to enable the billing and authorisation of transactions for charging processes for electric vehicles.

In the following, UNION TANK Eckstein GmbH & Co. KG ("UTA", "we" or "us") informs you about the processing of your personal data in the context of the use of UTA eCharge®.

The information is aimed at both customer/fleet managers and drivers using the service.

Purpose(s) of processing

UTA collects and processes your data exclusively for certain purposes resulting from technical necessities, contractual requirements or explicit user requests.

For the administration of this data on the part of the users as well as UTA and its service providers, your data will be stored in the form of a user account (hereinafter referred to as "account"). For you as a user, it is possible to record, partially view and edit this data via correspondingly provided user interfaces on the internet (in the version "web app") and as mobile apps on the smartphone (in the version "app").

For further information on the processing, in particular with regard to the (technical) functionality and features of the mobile app used, please refer to ChargePoint's Privacy and Cookie Policy: https://de.chargepoint.com/privacy_policy?instance=EU&locale=en

Within the scope of the UTA eCharge® service provided by UTA, UTA processes the personal data referred to below:

Registration process

If your employer orders a service card with the UTA eCharge® option, this card will first be sent to your employer’s Fleet Manager. The Fleet Manager will subsequently make the card available to you. In doing so, he or she must enter your full name, e-mail address and telephone number in the UTA customer exclusive area. You will then receive a specific invitation link with which you can create a personal user profile which will be connected with your employer for settlement purposes.

After that, you need to register through the web app or the mobile app to use UTA eCharge®. The registration process involves processing your personal data, specifically the following:

(1) Company name
(2) Driver name (first and last name)
(3) Email address
(4) Phone number
(5) Username
(6) Address (street, house number, postcode, city, region/state, country)
(7) Acknowledgement of data protection information
(8) Card ID (card serial number)
(9) RFID UID (serial number of RFID chip of the card)
(10) Individual card name
(11) Consent to the General Terms and Conditions of ChargePoint
(12) Acknowledgement of the eCharge data protection information of UTA
(13) Vehicle information (such as vehicle model, year of manufacture, colour)
(14) Information on the need for a home charger (only in the case of home charging)
(15) Information on the installation and charging location (type of charging infrastructure, street, house number, postcode, town, region/state, country -- only in the case of home charging)

If it is stated under (14) that a home charger is required, a check of your home address will be carried out in cooperation with our partner to determine the installation options.

These personal data are processed in order to provide you with the contractually agreed services within the scope of the UTA eCharge® offering.

The processing of these aforementioned personal data is initially carried out by ChargePoint, with this company also acting as a distinct Controller within the meaning of data protection law. The data are then forwarded to UTA for further data processing. For more information, please refer to the ChargePoint data protection information: https://de.chargepoint.com/privacy_policy?instance=EU&locale=en

Contacting (sending a reminder e-mail) with information on how to activate the UTA eCard

UTA reserves the option to contact you directly as a driver if your registration in the ChargePoint portal remains unfulfilled after ordering an eCard.

• Contact

Insofar as you contact us in connection with a service request, we will process the following data:

(1) Customer data
(2) Personal data of the driver (incl. case-specific information, cf. clause 3.1 regarding the registration process)
(3) Content of the message

We process your data exclusively for the purpose of responding to your request.

• Charging sessions

We process your information concerning charging operations for the purpose of providing our service and improving our ability to support you in case of errors or irregularities. For these purposes, we process the following personal data:

(1) Type of charging session
(2) Company name
(3) Driver name (First and last name)
(4) Information on the charging station and its operator (e.g., location, station name)
(5) Date, time and duration of the charging session
(6) Information on current and power type
(7) Energy consumption (kWh)
(8) Costs of the charging session (gross and net)
(9) VAT rate (%) and amount
(10) Currency

If your employer provides you with a home charging solution with reimbursement option, the use of such equipment will entail the processing of the following personal data:

(11) Name of the organisation
(12) Employer ID
(13) Employer name
(14) Driver verification details
(15) ID of the home charging station (if applicable)
(16) Home tariff (per kWh)

In addition, we use the information on charging processes to create internal statistics and analyses in order to optimise our services based on user behaviour. For this purpose, we will anonymise the personal data.

• Restrictions placed on driver-related service cards (for fleet managers)

For certain services, we offer you the possibility to set limits for different cards (frequency of use, transaction limit [monthly, daily], times of use, etc.). In addition, you have the option of temporarily blocking, suspending, or cancelling cards. If the card is assigned to a specific user, this information may, under certain circumstances, constitute personal data.

The data are used to limit the use of the card according to your settings and to provide you with information about the limits you have set.

• Communication preferences

When using your account, you have the option to consent to the use of your personal data for optional purposes. In this context, you can select in your account the extent your personal data are used by UTA to:

(1) Keep you informed about new UTA products and offers;

(2) Send you the UTA Newsletter;

(3) Send you surveys and opportunities to provide feedback in order to improve UTA service offerings.

• Workplace/depot charging

Within the scope of your interest in a solution for "charging at the workplace", our partner processes your personal data as a contact person as well as the company-related data collected by you on its own responsibility as controller. The data marked as mandatory in the registration process within the procurement of the charging infrastructure project must be collected for a successful contact and settlement; the collection of all other data is voluntary. The following data will be processed during registration:

(1) Company name

(2) Salutation, first name, last name

(3) Email address

(4) telephone number

(5) Address

(6) Website

(7) Location category

(8) Industry

(9) Fleet related information

(10) Current service provider used for charging infrastructure (optional)

(11) Date of installation (optional)

All processing operations here take place under the responsibility of ChargePoint in a direct relationship between you/your company and ChargePoint.

Legal basis for the processing

Within the context of UTA eCharge®, UTA will process personal data on a legal basis exclusively for the following purposes:

(1) Collection, comparison and supplementing of driver data on the basis of the cooperation partner's database within the context of the UTA eCharge® service

(2) Management of account and master data (account)

(3) Use of the transaction overview

(4) Fleet management (management of drivers’ and service cards by the customer)

(5) Provision of information and notifications about our products

(6) Processing of requests and support cases

(7) Authorisation of transactions

(8) Billing and invoicing

(9) Prevention of cases of misuse and fraud

(10) Arranging charging infrastructure solutions

The processing of personal data within the context of the UTA eCharge® services takes place in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the purpose of providing the contractually agreed services.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing shall be carried out on the basis of Art. 6 para. 1 lit. c GDPR.

Insofar as we obtain your consent (e.g. to send advertising emails), the processing is based on Art. 6 para. 1 lit. a GDPR.

There are no automated decisions individual cases, including profiling (Art. 22 GDPR).

Processing on a legitimate interest of UTA

For the continuous improvement of UTA eCharge® services as well as for the protection of your IT systems, we collect and analyse technical information and usage data in a pseudonymised form on the legal basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to:

(1) Provide you with our services and related features;

(2) Improve the performance and process flows of our solutions;

(3) Prevent and remedy the consequences of misuse and malfunctions.

Recipients of personal data

In the course of operating the UTA eCharge® service, processors acting on behalf of UTA or controllers will come into contact with personal data of customers and drivers. This refers to the following service providers:

UTA will not sell or pass on your personal data to any third parties under any circumstances unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

UTA will transfer your personal data to companies in third countries or to international organisations.  UTA has ensured (where applicable, with its cooperation partners in the area of the UTA eCharge® service) that a legal basis exists for this transfer and that the service providers will act in compliance with the data protection rules applicable to UTA. In particular, the transfer of personal data is based on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR published by the EU Commission.

Storage duration

In principle, your personal data will only be processed for as long as it is necessary to fulfil the purposes for which the data were originally collected. After this purpose has been fulfilled, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

As far as information concerning telephone number, first name, last name and language is concerned, storage follows the specifications of the customer or the UTA eCharge® user. The commencement of the storage period corresponds to the commencement of the term of the UTA eCharge® user contract. The storage period ends when the contractual term ends or - as far as individual data records are concerned - as per your instruction. After the termination of the user contract, UTA will erase the data in accordance with data protection regulations and will only continue to store personal data which are subject to statutory retention periods. The retention periods are as follows:

(1) 3 years (statutory limitation) with a view to the fulfilment of any claims you may have against UTA.

(2) For accounting-relevant documents, the retention period is 10 years.

(3) For commercial and business correspondence, emails and other digital documents, the retention period is 6 years.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Transmitted geolocation data stored in the app are stored for a maximum of 14 days.

Cookies

None.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

We use various tools on our website for the processes and presentation of our website. These tools and their respective functions are shown below.

We use "DoubleClick" from Google to be able to show you personalised advertising when you use our website. DoubleClick" makes it possible to place relevant advertisements for users by setting cookies. This optimisation of advertising is also the purpose of the processing of your personal data by "DoubleClick".

When used, DoubleClick uses a cookie ID to prevent multiple display of advertisements. Due to the marketing tools used here, a connection is established between your browser and Google's servers and personal data is subsequently transmitted to Google in the form of your IP address. This provides Google with information about the visit to our website and the advertisement and can link this information to your Google account.

Our legal basis for the processing of your personal data within the scope of DoubleClick and the setting of the cookie is your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can withdraw this consent at any time with effect for the future by changing the corresponding setting under the cookie settings. This does not affect the lawfulness of the data processing until the time of the withdrawal.

Google is a US company, which means that in the given context your personal data may be processed in the USA. The USA is an insecure third country for which there is no adequacy decision by the Commission pursuant to Article 46 of the GDPR, i.e. there is no adequate level of protection for personal data. In order to nevertheless ensure the security of your personal data during this transfer, the standard contractual clauses approved by the Commission for the transfer of personal data to third countries have been concluded as appropriate measures pursuant to Art. 46(2) lit. c GDPR. You can find more details on this in the information provided by Google.

The personal data will be stored as long as it is necessary to fulfill the purposes for which it was originally collected. For further information on data protection in connection with the use of DoubleClick and the associated use of cookies, please refer to the privacy policy of Google Inc.: https://policies.google.com/technologies/ads?hl=de.

On this website we use the function of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, further data is transmitted to Google, such as your IP address, date and time of the request, website from which the request comes, browser, and operating system and its interface.

This occurs regardless of whether you are logged into your Google account or whether there is no user account.

If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The legal basis for the processing is our legitimate interest in improving our offer, the visual and functional optimisation of the website as well as the provision of a function that facilitates the location of acceptance partners according to Art. 6 para. 1 lit. f GDPR. The data will be deleted as soon as our legitimate interest no longer exists, or we are obliged to delete the data due to statutory or legal orders.

Insofar as Google processes the personal data collected in this way for its own purposes, Google is the Controller for the processing within the meaning of Art. 4 No. 7 of the GDPR. For more information on the purpose and scope of data collection and processing by Google, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.

Google is a US company, which means that in the given context your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

We use Apple's Smart App Banners Inc. (1 Infinite Loop, Cupertino, California) on our website to inform you about our mobile app application. By selecting and clicking on the Smart App Banner, you will be taken directly to our in-house mobile app application in the Apple App Store.

For the redirection from our website to the Apple App Store, technically necessary data from you is processed to ensure the functionality of our Smart App Banners. This technically necessary data may also include personal data such as your IP address, which is transmitted to Apple. Apple processes further personal data from you in the event of a download of our mobile app application, which is related to your App Store account.

The legal basis for the data processing is our legitimate interest in the advertising our apps according to Art. 6 para. 1 lit. f GDPR.

You can of course object to data processing at any time. Your personal data processed by us will be erased immediately if it is no longer necessary for the purposes for which it was collected and no legal retention periods prevent erasure of the data.

Apple is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have implemented appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Apple's website.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected. For more information on data protection in connection with the use of Apple Smart App Banners, please refer to the privacy policy provided by Apple: https://www.apple.com/de/legal/privacy/data/ .

We use the Font Awesome widget from the company Fonticons Inc. (307 S Main St. Ste 202 Bentonville, AR, 72712-9214 United States) on our website to integrate the web font Font Awesome and its icons into our website. By using Font Awesome we are able to enrich displays and further contents of our website. Furthermore, the use of icons of the web font Font Awesome enables us to improve the loading speed as well as the clarity of our website. This is also the purpose of the processing of your personal data when using Font Awesome.

When using Font Awesome, a Content Delivery Network (CDN) is used to enable the loading of icons from an external server. When you enter our website, your browser establishes a connection to the servers of the Fonticons company in order to enable the loading of the icons. In doing so, Fonticons processes your personal data in the form of your IP address.

The legal basis for data processing is our legitimate interest in the process optimisation pursuant to Art. 6 para. 1 lit. f GDPR.

Fonticons is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have implemented appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the US is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected. For more information regarding data processing in the context of the use of Font Awesome, please refer to Fonticons' privacy policy: https://fontawesome.com/privacy .

We use the cookie consent management tool "OneTrust" of the company OneTrust Technology Limited (82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK)) on our website. The use of "OneTrust" enables us to obtain your consent from you when you call our website, to provide you with specific choices when granting your consent, and to document the consent options you choose. The use of "OneTrust" is necessary for us to fulfill our obligation to obtain consent and the associated documentation obligation. For this purpose, "OneTrust" places a cookie in your browser when you enter our website in order to be able to deliver the application correctly and to be able to guarantee its functionality. In the context of a use of "OneTrust", your personal data will be processed, e.g., your IP-address and the date and time of granting your consent or managing your preferences.

The personal data collected from you in this way will be processed by OneTrust Technology Limited by way of commissioned processing. Please note that OneTrust Technology Limited is a company based in the United Kingdom (UK), which means that there is a possibility that your personal data may be transferred to and processed in a third country of the EU. The UK is a third country with an adequacy decision by the EU Commission in the sense of Art. 45 GDPR, whereby an adequate level of protection with regard to the processing of your personal data in the UK has been measurably established. We have also concluded a data processing agreement with OneTrust Technology Limited pursuant to Art. 28 GDPR to ensure the security and integrity of your personal data as well as compliance with data protection.

We base the use of "OneTrust" on the legal basis of a processing for the fulfillment of legal obligations according to Art. 6 para. 1 lit. c GDPR (the legal obligation is to obtain consent according to Art. 6 para. 1 lit. a GDPR as well as § 25 TTDSG; fulfillment of documentation and accountability obligations according to Art. 5 para. 2 GDPR).

The OneTrust Cookie has a storage duration of one year. After that, your personal data will be erased.

For more information about OneTrust Technology Limited's privacy practices and how OneTrust Technology Limited treats your personal information, please visit OneTrust Technology Limited's Privacy Policy: https://www.onetrust.com/privacy/.  

For our customers, we want to make the start of using our online service as user-friendly as possible. Therefore, we use a user guidance service provided by our processor Userpilot Inc, 2035 Sunset Lake Road, Newark, Delaware 19702, USA.

The user guidance service provides you with additional information and instructions at some points during your interaction with our Online Services, such as clicking certain buttons or visiting a particular sub-site, to help you better navigate and understand how to use the Service. In addition, we use user prompts to inform you of new features within the Online Service. We also analyse whether the user guidance has helped you and to what extent an optimisation of the same is necessary.

The following types of data are processed in the process:

IP address, device type (mobile device or PC), operating system, browser version, country, your registration date for our online service, number of logins, sub-pages visited within the online service.

We transfer your personal data to the Userpilot server in the USA. We have concluded a data processing agreement and standard contractual clauses of the EU Commission with the processor Userpilot for the transfer of personal data to the USA.  

The legal basis for the user guidance and its analysis and optimisation is your consent pursuant to Art. 6 par. 1 lit. a GDPR.

We use the software solution "SendGrid" of the US company Twilio, Inc. (1801 California Street, Suite 500, Denver, CO 80202, USA) on our website. The use of SendGrid enables us to send you automated emails and thus to provide you with the content you contractually requested. For example, we use SendGrid to send you confirmation emails, transaction confirmations or emails with contractually relevant content. In the context of the use of SendGrid, it is necessary for us to process the following of your personal data:

• Master data
• Contract data
• Information relating to your product interests
• email address
• IP address

We would like to point out that Twilio Inc. is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Art. 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the EU Commission for the transfer of personal data to third countries.

We base the lawfulness of the use of the software solution "SendGrid" on the fulfillment of pre-contractual or contractual obligations pursuant to Art. 6 (1) lit. b GDPR.

For more information about Twilio Inc.'s privacy practices and how Twilio Inc. handles your personal information, please visit Twilio Inc.'s privacy policy: https://www.twilio.com/legal/privacy.

“Google reCaptcha" (hereinafter referred to as "reCaptcha") is a service of the provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using reCaptcha, we can verify whether the data entry on our website was made by a human user or by an automated program. For this purpose, each website visitor who enters our website is automatically analysed by reCaptcha.

In the process, various information such as the IP address or the time spent on the website as well as the mouse movements are forwarded to Google and analysed. This analysis takes place entirely in the background and does not make the users of the website aware of this analysis.

The legal basis for this data processing is our legitimate interest according to Art. 6 (1) (f) GDPR to protect our web offers from abusive automated spying and spam.

Google is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

For more information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/about/

We use the software solution "Google Analytics for Firebase" of the US company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website. The use of "Google Analytics for Firebase" enables us to link users to interactions on and around our website using so-called "instance IDs". Instance IDs" are unique identifiers that are assigned to a timestamp. These are assigned to users of our website and subsequently allow the user to be associated with the respective interaction. In the context of the use of "Google Analytics for Firebase", the following of your personal data are sometimes processed:

• IP address
• Number of users
• Number of sessions
• Session duration
• Operating system used
• Device model
• Region of access

We explicitly point out that we have no influence on the use of your personal data by Google. Nevertheless, we would like to inform you about the following in the context of the upcoming processing:

Google is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

We base the lawfulness of the use of "Google Analytics for Firebase" on the legal basis of obtaining the consent of the data subject pursuant to Art. 6 (1) lit. a GDPR and Section 25 TTDSG. You can, of course, withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out up to the time of the withdrawal remains unaffected.

For more information about Google LLC's privacy practices and how Google LLC handles your personal information, please visit Google LLC's privacy policy:

https://support.google.com/firebase/answer/9019185?hl=en#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article

1. purposes and legal bases of the processing

a. For the fulfilment of contractual obligations (Art. 6 para. (1) lit b GDPR).

Upon application for a customer relationship with UNION TANK Eckstein GmbH & Co KG, we process information provided by you for the conclusion of the contract and to assess the economic risk to be assumed by us.

Data processing within the scope of a business relationship

If a contract is concluded, we process your data to carry out the contractual relationship. The personal data processed here includes master data (e.g. company name, company name, address), data of a central contact person, as well as all data that we require from you for billing purposes (e.g. VAT ID, bank data) within the scope of the contractual relationship. This also includes processing processes that take place in connection with the sending of acceptance media.

The conclusion or execution of the contractual relationship is not possible without the processing of your personal data.

Use of data in case of late payment

In the event of default in payment, we may assign claims to third parties. All necessary data is transferred to the respective third party (e.g. collection company) to the required extent for the purpose of handling the collection procedure.

b. Ordering of products and services (Art. 6 para. (1) lit b GDPR).

When ordering and using products/services in the categories listed below, there may be a need to process further personal data in addition to the aforementioned data. These primarily include:

Acceptance media (service cards, toll boxes)

Vehicle-related data (e.g. vehicle owner or lessor, vehicle registration number), driver data (different shipping address or name when the service card is stamped).

Digital services (UTA exclusive customer area, e-invoicing, electronic data output)

Electronic contact data (e-mail address) for information about a new billing document or for the transmission of billing details or in the context of creating new users of the UTA customer exclusive area or in the case of using the feedback function within the UTA Stationsfinder APP. Within the app, we will also process your location data to show you the nearest acceptance point.

(Toll) Registration procedure

Customer master data for validation purposes (e.g. company master data), processing of all data requested by the acceptance system operator (vary per acceptance system).

Within the scope of registration procedures for the use of selected toll acceptance systems or when UNION TANK Eckstein GmbH & Co KG issues service cards of third parties, we process without exception the personal data that is required by the acceptance partner / system operator. In order to legitimise the information you provide to us during the registration process, it may be necessary to provide us with the relevant documents (e.g. vehicle registration document). Acceptance partners/system operators must be proven.

In order to be able to fully support you in the context of possible queries or in enforcement cases by the toll acceptance system operator or by national enforcement bodies, we also store all data submitted by you as part of the registration procedure internally.

credit management

When a credit note is issued (e.g. to a Mercedes ServiceCard), we share all relevant information about the consumption of this credit note with the company granting the credit note (e.g. Daimler AG). This is to inform you about offers within the validity period of the credit memo.

All processing of your personal data in the above-mentioned processing procedures for pre-contractual or contractual purposes is based on Art. 6 Para. 1 b of the GDPR.

c. Due to a justified interest of UNION TANK Eckstein GmbH & Co KG (Art.6 Para. 1 lit. f, GDPR).

We also process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us and third parties. These processing operations are carried out on the basis of Art. 6 para. 1 lit. f GDPR. These finishes are:

Assessment of the economic risk to be assumed (determination of creditworthiness)

To conclude a business initiation and to monitor an existing customer relationship - especially in the case of late payment - we make use of the support of credit agencies. These assess the potential risk of non-payment on the basis of available information (including personal data relating to you). The result will be personally reviewed by us and evaluated with regard to possible consequences for the business relationship by an employee of UTA.

A fully automated rating does not take place.

Advertising for own products and services

In the event that we have not been given a specific contact person for advertising purposes, we will use the data provided by the central contact person and inform you about products and services of UNION TANK Eckstein GmbH & Co KG and our affiliated companies within the framework of the contractual relationship.

You can revoke the transfer with effect for the future at any time.

Further processing of your data to protect our legitimate interest may be:

Measures for business management and further development of own products and services

Internal monitoring to control the existing business relationship.

Prevention

To prevent criminal offences, we monitor the usage behaviour and the use of your acceptance media.

Review and optimization of procedures for needs analysis and direct customer approach; incl. internal customer segmentation

d. On the basis of consents (Art. 6 para. 1 lit. a of the GDPR)

If you have given us your consent to process personal data for specific purposes, this processing is legal on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of consents that may have been given to us prior to the validity of the GDPR, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Newsletter registration for advertising purposes

Newsletters will only be sent to you on the basis of a separate consent.

(Personal) guarantees

In the case of personal guarantees by third parties (third-party guarantors), UNION TANK Eckstein GmbH & Co KG processes all necessary personal data together with information about the economic and financial circumstances of this third party.

e. For the fulfilment of legal obligations in connection with Art. 6 para. 1 lit. c of the GDPR

Within the framework of financial processes and to meet legal archiving requirements.

2. recipients or categories of recipients of the data;

Within the company, all departments that need access to your data in order to fulfil our contractual and legal obligations are granted access to it.

Contractual service providers and vicarious agents may also come into contact with your data. These partners are contractually bound to our compliance with data protection instructions within the scope of order processing and support UNION TANK Eckstein GmbH & Co KG in the implementation of the business relationship with you.

Among other things, we use contract processors for the services: Support/maintenance/development of EDP/IT applications, call centre services, data destruction and disposal, sending advertising material, website hosting, website design, letter shop, building security, address data validation, driving licence controls, process support (24/7), online authorisations, breakdown services.

In special constellations we process your personal data together with cooperation partners. Each party processes your data exclusively for a specific purpose and within the framework of shared responsibility. This contract construct is available in the context of:

• distribution partnerships / Models of cooperation:
  In models in which the cooperation partners involved are in an independent contractual relationship with you, we may exchange data within the cooperation. The respective processing of your data including the further processing of previously exchanged data by each cooperation partner is based on the direct contractual relationship with you. There is no further obligation to inform about the data processing by the cooperation partner at this point, since we can assume that you have been comprehensively informed about the processing of your data by the cooperation partner in the context of the separate contractual relationship with the cooperation partner. There is no authority to issue instructions to the respective cooperation partner.
• Activities with internal group companies or affiliated companies
• billing services
   

Third party service providers

Within the scope of fulfilling contractual obligations, we make use of external service providers in some cases. We use these for the services: Credit information, toll registration, logistics services, reimbursement services, collection procedures, billing of service payments in the expense reimbursement procedure

In all the cases mentioned above, we ensure that third parties only have access to the personal data necessary for the performance of individual tasks.

More recipients

In addition, we may transfer your data to other recipients, such as public authorities for the fulfilment of legal notification obligations such as social insurance carriers, tax authorities or law enforcement authorities.

Very important: Under no circumstances does UNION TANK Eckstein GmbH & Co KG sell your data to third parties.

Transmission of data to a third country

If we have your data processed by a service provider outside the EU/EEA area, it will only be processed if the third country has been confirmed an appropriate level of data protection by the EU Commission or if there are other appropriate data protection guarantees.

3. Duration of storage

Your data will be deleted as soon as they are no longer required for processing the above-mentioned purposes. Among other things, your data may be stored for the period during which claims can be asserted against our company (statutory limitation period - 3 years). In addition, we store your data if we are legally obliged to do so. These obligations are derived, among other things, from the HGB and the AO.

1. Purpose(s) of processing

In the context of the conclusion of a supplier contract or during pre-contractual negotiations with UNION TANK Eckstein GmbH & Co KG, we process your data to establish and implement the business relationship. The personal data processed here includes master data (e.g. company name incl. company name, address, data on geo localisation), contact person data (e-mail address, telephone/mobile phone number), as well as all data that we require from you for billing purposes (e.g. VAT ID, bank data) within the scope of the contractual relationship.

The conclusion or execution of the contractual relationship is not possible without the processing of your personal data.

To ensure data quality

Use of the e-mail address of contact persons provided by you to ensure an appropriate data quality.

All processing of your personal data in the above-mentioned processing procedures for pre-contractual or contractual purposes is based on Art. 6 Para. 1 b of the GDPR.

The transparent presentation of benefit payments and places of purchase compared to the Customers of UNION TANK Eckstein GmbH & Co. KG

Customer settlement documents (line item verification) or digital data output

The publication of data in electronic and analogue acceptance point overviews

Station Finder, UTA App, Petrol Station Directory.

For information of customers, business partners, service providers of UNION TANK Eckstein GmbH & Co. KG.

Overview of acceptance partners/locations or UTA acceptances.

Measures for business management and further development of the business relationship

Monitoring and controlling the acceptance partner relationship

2. Legal basis of processing

For the fulfilment of contractual obligations (Art. 6 para. 1 lit b GDPR).

For the fulfilment of legal obligations in connection with Art. 6 para. 1 lit. c GDPR

In addition, we may transfer your data to other recipients, such as public authorities for the fulfilment of legal notification obligations such as social insurance carriers, tax authorities or law enforcement authorities.

3. Processing on a legitimate interest of UTA

Due to a justified interest of UNION TANK Eckstein GmbH & Co KG (Art.6 para. 1 lit. f GDPR).

We also process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us and third parties. These processing operations are carried out on the basis of Art. 6 para. 1 lit. f GDPR.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR. Please find in section 4 of this statement a description how to exercise your rights.

4. Recipients of the personal data

Within the company, all departments that need access to your data in order to fulfil our contractual and legal obligations are granted access to it.

Contractual service providers and vicarious agents may also come into contact with your data. These partners are contractually bound to our compliance with data protection instructions within the scope of order processing and support UNION TANK Eckstein GmbH & Co KG in the implementation of the business relationship with you.

Among other things, we use contract processors for the services: Support/maintenance/development of IT applications, data destruction and disposal, website hosting, website design, building security, sign suppliers.

In special constellations we process your personal data together with cooperation partners. Each party processes your data exclusively for a specific purpose and within the framework of shared responsibility. This contract construct is available in the context of:

• distribution partnerships
• Activities with internal group companies or affiliated companies
• billing services
   

Third party service providers

Within the scope of fulfilling contractual obligations, we make use of external service providers in some cases.

In all the cases mentioned above, we ensure that third parties only have access to the personal data necessary for the performance of individual tasks.

More recipients

Customers receive your location data as information regarding the possible use of acceptance media.

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

5. Transfers to third countries

If we have your data processed by a service provider outside the EU/EEA area, it will only be processed if the third country has been confirmed an appropriate level of data protection by the EU Commission or if there are other appropriate data protection guarantees.

6. Storage duration

Your data will be deleted as soon as they are no longer required for processing the above-mentioned purposes. Among other things, your data may be stored for the period during which claims can be asserted against our company (statutory limitation period - 3 years). In addition, we store your data if we are legally obliged to do so. These obligations are derived, among other things, from the HGB and the AO.