Information on data protection in accordance with the Art. 13 General Data Protection Regulation (GDPR) in the EU

1.1 Collection of general data and information

Our website collects a series of general data and information with each call of the website. This general data and information is stored in the log files of the server.

The following personal data can be recorded:

(1) browser types and versions used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system arrives at our website (so-called referrer),

(4) the sub-websites that are accessed via an accessing system on our website,

(5) the date and time of an access to the website, (6) an Internet Protocol (IP) address,

(6) the Internet service provider of the accessing system and

(7) other similar data and information that serve to avert danger in the event of attacks on our IT-systems.

When using this general data and information, we do not draw any conclusions about your person. This information is rather required in order to

(1) deliver the contents of our website correctly,

(2) optimize the content of our website and the advertising for it,

(3) ensure the long-term functionality of our information technology systems and the technology of our website, and

(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This collected data and information is evaluated statistically, on the one hand, and on the other hand, with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by you.

1.2 Contact (via e-mail, phone and contact forms)

On our website we offer you the possibility to contact us in different ways and on different topics. For this purpose, you can either contact us by e-mail or use the forms provided by us on the website.

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number, if applicable, and the content of the message) will be processed by us in order to answer your questions. The personal data will be used exclusively to handle your inquiry.

By sending the e-mail or submitting the contact form, you give us your consent to process the personal data for the handling of your inquiry.

We process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future by exercising your withdrawal via the form provided for this purpose. If you withdraw your consent, we will immediately delete the personal data relating to you. In this case, it will no longer be possible for us to further handle your inquiry. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We delete the data accruing in this context after we have handled your inquiry or restrict the processing if there are legal retention obligations to further store the personal data.

1.3 Download of information material

On our website we offer the possibility to download information material on various topics (e.g., driving bans). For this purpose, you can use the forms provided to request a download link. By submitting the form, you consent to us using the personal data to send you a download link and to contact you for information purposes (advertising).

Insofar as you enter a telephone number, you further consent to us contacting you for information purposes (e.g., advertising) via this telephone number. The entry of a telephone number is voluntary and is not required for the download!

You can withdraw your consent at any time with effect for the future by contacting us at the above address or by means of a request via the form provided for this purpose. Should you be contacted by us, you have the option to inform us not to be contacted again and thus withdraw your consent. This shall not affect the lawfulness of the data processing until the time of withdrawal.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected or until you withdraw your consent.

1.4 Callback function

On our website, you have the option of requesting a callback from one of our employees. Through this function we enable you to contact us quickly and directly.

When you contact us to arrange a callback, the data you provide (your name, company name, telephone number and your request) will be stored by us to enable this callback. All information is voluntary and will be used to address you personally and to be able to clarify your corresponding request.

By entering the phone number and the associated confirmation, you agree to be called back. If you provide us with further personal data via the callback function, this is done on a voluntary basis. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future via the form provided for this purpose. This shall not affect the lawfulness of the data processing until the time of withdrawal.

We delete the data collected from you in this context after storage is no longer necessary and no legal retention periods prevent deletion.

Cookies

1. Piano Analytics
 

As part of the operation of our website, we use the analysis tool "Piano Analytics" from the provider Piano Software Inc (111 S Independence Mall East, Suite 950, Philadelphia, PA 19106). The use of the "Piano Analytics" analysis tool enables us to collect and store usage information from users of our website in anonymised form using a measurement method. We use the "hybrid measurement" method of "Piano Analytics", which enables us to use both conventional tracking processes and non-personalised reach measurements. Accordingly, we would like to inform you about the processing of your personal data as follows;

1.1 Processing as part of the tracking function
 

The "Piano Analytics" service sets analysis cookies within your browser as part of the use of the tracking function. Cookies are small text files that are stored in your Internet browser or by the Internet browser on your computer system. When you visit our website, a cookie may be stored on your computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. 
 

In this context and as part of the use of the "Piano Analytics" analysis tool, your personal data will be processed accordingly. In particular, the following of your personal data is affected by processing:

• IP address
• Browser information
• operating system
• Date and time of access
• Data relating to interaction with our website   

We base the use of the tracking function of "Piano Analytics" on the legal basis of consent pursuant to Art. 6 para. 1 lit. a GDPR. You naturally have the right to withdraw your consent at any time with effect for the future. The lawfulness of the processing of your personal data up to the time of revocation remains unaffected.
 
 

1.2 Carrying out reach measurements
 

As part of the use of Piano Analytics, we are also able to carry out reach measurements by means of a local log file analysis. Reach measurements involve the processing of non-personal data for the creation of summarised statistics. For this purpose, the data automatically transmitted by your browser to our server when you visit our website, which has no personal reference, is separated and processed. In contrast to the use of cookies, this data does not make it possible to recognise you personally. Accordingly, the individual data used for this purpose cannot be traced back to you as the data subject.
 

We would like to point out that we carry out the possibility of range measurement without further use of external third-party services. In addition, the non-personalised usage data collected is neither merged nor used to recognise the user or for other purposes.
 

The implementation of a reach measurement using such data, which is transmitted to our server by your browser when you access our website and stored on it, does not require consent due to the exemption regulation of § 25 para. 2 no. 2 German Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG). Accordingly, we base the processing that takes place as part of the implementation of reach measurement on the pursuit of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR (optimisation of our website, generation of insights, creation of usage statistics).
 

We are aware of the transfer of your personal data to a third country (here: USA) associated with the use of "Piano Analytics" and the associated risks. In order to ensure the security and integrity of your personal data in the context of this transfer, we have concluded an order processing contract with Piano Analytics Inc. in accordance with Art. 28 GDPR,  including the modular standard contractual clauses of the European Commission. In the case of self-certification of the provider Piano Software Inc. under the EU-U.S. Data Privacy Framework, this applies in addition.
 

We only store your personal data for as long as it is required to fulfil the original purpose for which it was collected. If the original purpose of collection no longer applies, e.g. if you withdraw your consent, we will delete your personal data unless we are obliged to continue storing your personal data due to statutory retention periods imposed on us. The storage period for your personal data has a duration of 25 months. 
 

Further information regarding the handling of your data and data protection by Piano Software Inc. can be found here: https://piano.io/privacy-policy/

We place the highest value on the security and confidentiality when processing your personal data. Therefore, we use among others the solution(s) listed below to meet the highest standards of data security.

Use of Secure Sockets Layer (SSL)

Within the scope of our website, we use Secure Sockets Layer (SSL) to ensure confidential and encrypted transmission of your data. This makes it difficult or even impossible for third parties to read or manipulate your data during transmission. Thus, an SSL certificate is stored on our website, which the browser can identify as the intended source and subsequently decrypt. The use of such SSLs subsequently protects your personal data during a visit to our website and associated activities.

Within our website we use the following SSL encryption:

• DigiCert EV
• DigiCert SSL
• SSL by Default

The legal basis for data processing is UTA's legitimate interest in processing data for purposes of product and legal security as well as the prevention of fraudulent or abusive attacks according to Art. 6 para. 1 lit. f GDPR.

The personal data shall remain stored for as long as it is required to achieve the purposes for which it was originally collected.

1. iOS

You have decided to use the fuel station finder App. In connection with the use of this application (app), you have read the privacy policy of Apple Inc. (https://www.apple.com/legal/privacy/en-ww/) is accepted. In addition, we inform you about access rights for certain services of the app that are active on your mobile device.

Geo position

Your geo position is determined using the search function within the app in order to be able to show you the UTA stations. This only happens if the app is active in the foreground. As soon as the app is not used, i.e. in the background, we do not determine a geo position. If you have activated the "Report automatically" function, the iOS will continue to determine the geo position.

Routing

This function transmits information via the Apple API. The start and destination of the route are processed. Using the route determined, the app finds possible filling stations (or POIs) along the route.

Push service

If you have activated the push function, current information is made available within the "News" section by means of a so-called "push token".

Equipment identification

This feature checks the exact device you are using to display content to your phone correctly. No IMEI or UDID number is requested.

Statistical evaluations

Statistical data (e.g. frequency of use, download figures, number of new users) are transferred to the "Flurry" service. The privacy policy for this service can be found here: developer.yahoo.com/flurry/legal-privacy/tos.html

2. Android

You have decided to use the fuel station finder App. In connection with the use of this application (app), you have read the privacy policy of Google Inc. (https://policies.google.com/privacy?hl=en ) accepted. In addition, we inform you about access rights for certain services of the app that are active on your mobile device.

When using the app you have the choice between the online or offline version. When using the offline variant, no usage data is transferred.

In order for the online version to be technically implemented, we list the various access authorizations in connection with your mobile device below.

android.permission.INTERNET

In connection with the access authorization, the following queries are made when the data is retrieved by a backend ("eJump"):

System language: Language of the user (required so that texts of the "News" section and "Service numbers" can be displayed under "More".)

Device ID: This makes it possible to deliver device-specific content. No IMEI or UDID number is requested.

Routing

This service transmits data via the Google API. Data about the start and destination is processed. As a result, routes can be calculated.

android.permission.WRITE_EXTERNAL_STORAGE

This access authorization temporarily stores data and images on the device, such as "Favorites", image elements such as icons or images under "News".

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

The search for the stations in the vicinity is performed locally on the device. Geo coordinates are not transmitted.

Statistical evaluations

Statistical data (e.g. frequency of use, download figures, number of new users) are transferred to the "Flurry" service. The privacy policy for this service can be found here: developer.yahoo.com/flurry/legal-privacy/tos.html

UTA EasyFuel® Driver Management

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the UTA EasyFuel® Driver Management (hereinafter referred to as "web app"). This information is addressed to the data subjects (hereinafter also referred to as "drivers" or "you") whose personal data is provided to UTA for processing. The "Customer" (usually your employer) has the possibility to register your driver account for the registration of the UTA EasyFuel® service in the UTA Driver Management.

Purpose(s) of processing

During the activation process:

By activating your driver account to use the UTA EasyFuel® service within Driver Management, we process the following personal data about you:

(1) Last name, first name

(2) Vehicle registration number

(3) Mobile number

(4) Email address of the respective user of the UTA EasyFuel® mobile app

(5) Card number

We use this data to contact you in a personalised way and to register you to use the UTA EasyFuel® service, as well as to enable you to activate your account in the UTA EasyFuel® mobile app. The personal data we process about you is based on the information provided by the customer who registered you as a driver in the UTA EasyFuel® system. The email address provided also represents the username for logging into the UTA EasyFuel® mobile app. Accordingly, the responsibility for the accuracy of your personal data belongs to the responsible employee of the customer who made the entry.

While using the UTA customer service section:

In addition, when you access the website to activate your account, technical data is automatically collected that we need to process to enable the website to function properly. We automatically process the following personal data:

(1) the browser type and version you use,

(2) the operating system used by the accessing system,

(3) the IP address,

(4) and the time of access.

We also reserve the right to process your personal data for the following purposes:

(1) Improvement and optimisation of the services and functions

(2) Prevention and investigation of misuse and errors

(3) Information (also in personalised form) about product-related faults, failures, improvements, updates, etc.

(4) Sending surveys and feedback forms to improve UTA services

(5) Administration of acceptance media (creation, blocking, removal)

(6) Processing of requests

Legal basis of processing

The legal basis for the processing of your personal data in the context of registration is the fulfilment of the contract both with the customer (your employer) and with you pursuant to Art. 6 para. 1 lit. b GDPR. With the activation of your account, a direct contractual relationship between you and UTA regarding the use of the UTA EasyFuel® mobile app is established in addition to the contract with the customer (your employer).

The legal basis for the processing of your personal data is the fulfilment of the contract according to Art. 6 para. 1 lit. b GDPR.

If we process your personal data for legal purposes, this processing is based on the legal basis Art. 6 para. 1 lit. c GDPR.

Processing on a legitimate interest of UTA

Furthermore, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this data processing is to maintain and improve the proper functioning of the UTA EasyFuel® services.

Recipients of the personal data

In the course of registering for the use of the UTA EasyFuel® services, processors acting on behalf of UTA will come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

If UTA transfers personal data to the USA or any other unsafe third countries in the context of the integration and use of the Services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfill the purposes for which the data was originally collected. Following the fulfillment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

The processing period corresponds to the term of the UTA EasyFuel® user contract. After termination of the user contract, UTA will delete your data in accordance with the data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

None

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the customer self-service portal myUTA (hereinafter referred to as "myUTA" or “portal”). This information is addressed to the data subjects (hereinafter also referred to as "user" or "you") whose personal data is provided to UTA for processing within myUTA. The "Customer" (usually your employer) has the possibility to register you as a user of the portal.

Purpose(s) of processing

In connection with the use of myUTA provided by us, we collect and process your data exclusively for specified purposes. These may result from technical necessities, contractual requirements or explicit user requests. In detail, these are:

• Technical data

Certain information is already processed automatically as soon as you visit myUTA. We have listed in detail below which of your personal data is processed.

As part of your use of the portal, we automatically collect necessary technical data that is required for the use of the application. This includes the IP address used, MAC address, internal device ID, version of your operating system and the time of access to myUTA.

The following data is automatically transmitted to us and processed by us :

(1) to provide you with the Service and related features;

(2) to prevent and remedy fraud, abuse and malfunctions.

• Creating a new account (account details)

When creating a new account, you transmit the personal data entered to UTA. The data will be stored by UTA for as long as your user account is maintained. Afterwards, the data will be deleted; if necessary, after a legal retention period (see below). Personal data is processed for the purpose of concluding a contract and contacting you.

• Company name
• Name (first name / surname)
• Company address
• E-mail address
• Telephone number
• Bank details
• Contact person data
   

• Account management

Within your user profile, you have the option to change your master and contact details as well as reset your password. Furthermore, you can change your consent preferences for commercial communication in this area.

• Password forgotten function

If you have forgotten your password, you have the option to reset your password and request a new one. To do this, you must enter your email address stored in our system, which we will then process for the password forgotten function.

• User administration

Within the portal you have the possibility to manage users. Here, you can create new users, edit existing users, or remove them. The personal data processed when creating a new user are:

• salutation
• first name
• surname
• email address
• phone number

Furthermore, you can set a new user as Admin. In the Admin role, a user can manage other users.

• Management of company data

In MyUTA you can manage your company data at any time. You can change the name, the trade register number, and the address of your company. You can also change the tax number and bank information.

• Card ordering

You can order UTA service cards via MyUTA (driver- and vehicle- related cards). When ordering a driver card, you must specify the first and last name as well as the name to be embossed on the ordered service card. Furthermore, you have the option of specifying either a PIN generated randomly or a requested PIN. In the latter case, you must enter your required PIN.

• Preferred petrol station / tariff changes

Within our platform, you can define and change your preferred petrol station yourself. Should you wish to change your tariff, you can select from the available tariffs.  

• Service card management

You can manage the UTA service cards of your employees in the portal. For example, you can set a credit limit that is valid for a month, a day, or a transaction. You can differentiate between petrol stations and other acceptance partners. You can also set the maximum number of transactions per service card.

In addition, you can freeze and block the UTA cards of your employees (and vice versa). You can also set that UTA service cards can only be used at certain times.

• Feedback function

Your feedback is important to us. That is why we provide you with a feedback function. Within the scope of this function, you can either report a bug to us or share your feedback and suggestions for improvement. We will only use the content of your feedback to improve our service and will not use it for any other purpose. You may not receive a reply from us. Please do not use the feedback function for questions of a general nature or regular contact.

Legal basis of processing

Within the scope of the use of myUTA, UTA processes personal data exclusively for a specific purpose and based on a legal basis.

The processing of personal data takes place for:

(1) account and data management (user account)

(2) user administration

(3) ordering and administration of UTA service cards

(4) customer care

(5) provision of interest-based commercial communication

(6) Ensuring system security and protection against misuse of our systems

The processing of data within your usage of myUTA is based on Art. 6 para. 1 lit. b GDPR for the performance of the contract.

Insofar as we obtain your consent to address you in advertising, for customer satisfaction surveys, etc., this processing is based on the legal basis of Art. 6 para. 1 lit. a GDPR.

If UTA is subject to a legal obligation which makes the processing of personal data necessary, the processing is based on Art. 6 para. 1 lit. c GDPR.

Automated decision-making in individual cases including profiling (pursuant to Art. 22 GDPR) shall not take place.

Processing on a legitimate interest of UTA

In order to prevent and remedy fraud, misuse and malfunctions in the context of the use of myUTA, we collect and process technical information. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

Recipients of the personal data

Within the framework of the operation of myUTA, processors commissioned by UTA come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or international organisation

When using the Google Analytics, SendGrid and Userpilot services, your personal data is transferred to the USA. UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage.

The processing period generally corresponds to the duration of the business relationship with UTA. After the end of the business relationship, UTA will delete your data in accordance with the data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

• Use of cookies

myUTA use cookies. Cookies are text files that are stored on computer systems. When you visit a website, a cookie may be stored on your operating system. Such a cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again.

We use cookies to make myUTA more user-friendly. Certain elements require that the calling browser can be identified even after the web application is called up again.

The following data is stored in the cookies and transmitted to the web application:  

(1) Language settings

(2) Login information

We also use cookies in our online services that enable an analysis of your use of the application.

The following data can be transmitted in this way:

(1) Frequency, of calling up the online service.

(2) Analysis of the interaction with the online services

Your data collected in this way is pseudonymised by technical procedures.

When visiting myUTA, you will be informed about the use of cookies for analysis purposes (e.g. Google Analytics or Userpilot) and asked for your consent to the processing of the personal data used. During this step, you will have the opportunity to obtain details of the processing from the data protection information. You can revoke your consent at any time with effect for the future, as described below. This revocation will not affect the lawfulness of the previous processing.

Legal basis

Art. 6 para. 1 lit. f GDPR (legitimate interest) for technically absolutely necessary cookies.

Art. 6 para. 1 lit. a GDPR (consent) for e.g. Google Analytics.

Purpose of storage

The purpose behind the use of technically essential cookies is to make it easier for you to use myUTA. Certain functions of the portal cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognised when you visit myUTA again.

Objection / removal option

By changing the settings of your browser, you can deactivate cookies or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for myUTA, this may mean that it is no longer possible to use all the functions of the portal.

• Use of third party technologies

myUTA is using technologies provided by third parties (Google Analytics, User Pilot, SendGrid).

In the event that you would like further information on this technology, please refer to Section VIII of the statement for this information.

(Other)

As part of MyUTA, we have links to our social media pages. Please refer to this privacy policy for information on the processing of your personal data in this context.

UTA hereby informs you about the use of your personal data which is provided to us in connection with the use of the UTA SmartCockpit® App.

In principle, it is also possible to use the app without providing personal data. If you want to use special functions of the app, the processing of personal data may be necessary.

Purpose(s) of processing

UTA collects and processes your data exclusively for specific purposes. These may also arise from technical necessities, contractual requirements or explicit user requests. For technical reasons, certain data must be collected and stored when using the App (e.g. push token, device platform and App version).

Within the scope of the App provided by UTA, UTA processes the personal data described below:

• Geolocation data (location data of the device which we have linked to a vehicle according to your specifications).
  
  During the initiation of the app, you as the user decide whether to activate the functionality for processing geolocation data. This is deactivated by default.
  
  The data flow into the UTA SmartCockpit® Web Application is dependent on
  
  - Activation of the function (geolocation) in the mobile device,
  - Activation of data transfer from the mobile device to the UTA SmartCockpit® Web Application,
  - Assignment of the mobile device to the vehicle in the UTA SmartCockpit® App.
  
  In case of an inquiry, we collect your current location via GPS in order to provide you with quick information about your immediate surroundings (proximity search) and to offer you the possibility to plan routes from your current position. Data on your location will be used to process your request and will be transmitted to the UTA SmartCockpit® Web Application. The transmission of your location data takes place via an encrypted connection using HTTPS. Your location data is used in the UTA SmartCockpit® Web Application to enable the user of the UTA SmartCockpit® Web Application to plan a route from the current position of a vehicle, as well as for subsequent analysis.
  Based on the geolocation data, UTA shall under no circumstances carry out profiling according to Art. 22 GDPR or measures to monitor the performance and behaviour of individual SmartCockpit® App users. If the GPS reception is disturbed, the positioning is automatically carried out via WLAN or radio masts. In this case, the geolocation may be less accurate. If the GPS function is deactivated, the last known position of the mobile device is displayed.
   

• Activating the App
  
  Within the scope of activating the UTA SmartCockpit® App, it is necessary that the customer number and the telephone number of the App user are processed in the App in order to create a permanent connection between the UTA SmartCockpit® Web Application and the associated App. This is necessary in order to be able to select vehicles, plan routes and receive planned routes from the UTA SmartCockpit® Web Application when using the App. In addition, the so-called Driver ID is processed.
   

• Using the push function towards the App
  
  When using the push function from the UTA SmartCockpit® Web Application towards the App, it is also necessary to process Vehicle ID and Push Token. Note: The Push Token is an App-specific token that is automatically generated by Goolge Firebase.
   

• Using the map functionality
  
  There is a difference between iOS and Android for the use of the map functionality. Android uses Google Maps, while iOS uses Apple Maps.
  Due to a used functionality (Layer) there is no transmission of geolocation data to Google, respectively iOS. UTA has the geolocation data processed within the scope of a regulated order processing.
  UTA has the geolocation data processed by Qivalon for display on the map within the scope of a regulated order processing.
  Prerequisite for the use of this function is an existing Internet connection via WLAN or mobile data. This may result in additional costs which are beyond the control of UTA.
   

• Analysis data
  
  In order to continuously improve your user experience, we collect statistics on the use of the App. For this purpose we use the analysis tool Google Analytics Firebase. This enables us to ensure that our app is designed to meet your needs and is continuously optimized. On the other hand, we use the tracking measures to record the use of our app statistically and evaluate it for the purpose of optimizing our offer for you. All data is processed anonymously.
  In standard tracking the following data is analysed: Number of active users, number of application crashes, user interaction, information about the target group and app usage. In addition, an event-based tracking is carried out in which the number of app activations, registered vehicles, planned routes, started routes and accepted missions are stored and evaluated. In addition, the number of app starts, the status of the app (opened in the background or foreground) and the number of app deletions are recorded and evaluated in this event-based tracking. Furthermore, the tracking of changes in settings regarding the radius, price projection, ignoring of motorway filling stations and the display of traffic information including the respective set parameters are also included.  Within the app, you as a user can make settings accordingly. These can be found in Route Planning or under the menu item Settings.
   

• Technical access authorisation to your Device
  
  For technical reasons access to the Internet is necessary. Access to the location of the device is also necessary for planning routes or radius searches from the current position of the vehicle. This is also one of the prerequisites for using the geolocation function, if desired and activated.
   

Legal basis of processing

Within the framework of the UTA SmartCockpit® App, UTA processes personal data purely for a specific purpose and based on a legal basis.

Location data shall be processed on the basis of the consent granted in the App in accordance with Art. 6 para. 1 lit. a GDPR. The functionality can be switched off at any time with future effect by the App user under 'Settings'. The functionality is then terminated and no more location data is collected or transmitted to the UTA SmartCockpit® Web Application. For the transmission of location data to the UTA SmartCockpit® Web Application it is essential that the mobile device accesses the Internet.

The processing of personal data within the scope of the use of the card functionality and technically required access authorisations is based on Art. 6 para. 1 lit. b GDPR and is exclusively for the purpose of providing contractually agreed services. The possibility of accessing the Internet is dependent on the provision of services. The availability of access to the Internet is beyond the control of UTA. Accordingly, UTA shall not assume any responsibility for the UTA SmartCockpit® App not functioning as agreed due to the lack of availability of or access to the Internet.

If UTA is subject to a legal obligation, which makes the processing of personal data necessary, the processing shall be based on Art. 6 para. 1 lit. c GDPR.

Processing on a legitimate interest of UTA

None

Recipients of the personal data:

In the context of the operation of the UTA SmartCockpit® App, contractually commissioned processors commissioned by UTA come into contact with personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation:

UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

The customer number, the driver's telephone number and the driver ID are permanently stored in the app in order to guarantee the continuous connection of the app with the UTA SmartCockpit® web application. In addition, the respective connected vehicle ID is temporarily stored for the duration of the connection of the vehicle with the App and the push token for a maximum of 6 months.

The data will be automatically deleted when the App is uninstalled.

Depending on the contract term of the UTA SmartCockpit® Web Application, UTA may store data collected via your mobile device for fulfilment of the contract.

In case of an objection to data processing, UTA shall treat the data in accordance with Art. 17 GDPR.

Cookies

We do not use any cookies within the app.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA SmartConnect Driver management

In the following, UTA informs you about how your driver data is processed within the framework of the use of the fleet management service UTA SmartConnect (https://www.telepasskmaster.com/).

Purpose(s) of processing

Driver data:

In order to offer the use of UTA SmartConnect to our customers (your employer), we allow our customers' fleet managers to create driver data for the purpose of fleet management and administration. The fleet manager has the possibility to record the following categories of personal data regarding you:

• Name (first, last)
• ID code
• fuel card information
• idApp (used to create access to the app)
• SMS contact
• Driving licence
• Alternative means of communication (first and second alternative; email or phone)
• Port authorisation number

Location, journey details and vehicle data:

We process the data required by your fleet manager to fulfil its task in order to enable the use of our fleet management service. Such fleet management includes, for example, the following functions:

• Planning the most favourable route
• Optimisation of fuel consumption and petrol station use
• Optimisation of the route to service points
• Informing the driver about possible traffic jams, etc.
• Resource management

For this purpose, we process the following personal data:

• Routes planned for you
• Vehicle used
• Vehicle related data (registration number, model, engine temperature, fuel level, consumption, etc.)
• Distance driven (daily, in total)
• GPS location data (Current location)
• Trip status data (time of vehicle moving, time of vehicle in "stop with key" state, time in "stop" state, total runtime of the engine, and the time period of each status (e.g. 10:00-a.m. to 10:15 a.m. "stop"))
• If applicable, video data, via the autostrade // per italia camera system (this data is not stored but used as a live feed).

News, Notes function:

As part of our services, it is possible for the fleet manager to send messages to you as a driver via the fleet function. We process the messages sent in this way, as well as the messages sent by you to the fleet manager, to enable you to use the contact function between the fleet manager and the driver. In addition, the fleet manager may make notes in your driver profile. This content is also assigned to you as personal data. The categories of personal data processed about you in this way are determined by the content of the messages or notes.

Tax and Customs Electronic Services Portal (PUESC)
 

In the following, we would like to inform you in detail about the data processing within the scope of using the "Tax and Customs Electronic Services Portal" (PUESC). 

 

Processing by your employer on the SmartConnect platform
 

In accordance with the national legal framework of the EU member state Poland, the provision of legally required information to the Polish Tax Administration (Warsaw, 00-916, 12 Świętokrzyska St.) is necessary within the scope of the transit of goods subject to declaration in the territory of the Polish state for reasons of a tax or customs inspection. The transmission of the required information and documents to the Polish Tax Administration is carried out by using the so-called "Tax and Customs Electronic Services Portal (PUESC)" system.

To comply with this legal obligation using the PUESC system, it is necessary to register your employer's vehicle fleet within the PUESC system. After registration, a so-called "PUESC-ID" is transmitted to the fleet manager of your company, by means of which individual vehicles of the fleet can be identified. This PUESC ID can be further linked by the fleet manager within SmartConnect to a specific vehicle of the fleet, whereby the legally required information concerning the respective vehicle is automatically transmitted to the PUESC system when driving on the territory of Poland. This information includes the personal data listed in this section of this Privacy Policy, such as: 

• Company data
• Vehicle data
• Mission data
• OBU ID
• GPS location data (timestamp, speed, direction)

 

The use of the PUESC system is necessary due to legal obligations of your employer. Accordingly, the processing is carried out on the legal basis under data protection law for the compliance with a legal obligation of your employer (transfer of the corresponding personal data) pursuant to Art. 6 para. 1 lit. c GDPR.
We store the data collected from you in this way only as long as it is required to achieve the purposes for which it was originally collected, or your employer instructs us to do so. If this purpose ceases to apply, your personal data will be erased unless we are obliged to continue storing it due to statutory retention periods.

Processing by Polish state authorities

The personal data transmitted to the Polish tax authorities within the framework of the legal requirements using the PUESC system are processed by them for the purposes of tax and customs law verification and evaluation. We expressly point out that we have no possibility to influence the processing activities of the Polish Tax Administration or other Polish state authorities and institutions. Nevertheless, we would like to inform you about the circumstances of processing of your personal data by relevant bodies:

Within the framework of complying with legal requirements of the Polish state, there is an obligation to transmit corresponding information, which may also include your personal data, to the Polish tax administration using the PUESC system. In addition to the Polish tax authorities, the following Polish institutions may also be recipients of your personal data:

• State authorities
• Public services
• Courts
• Prosecutor's Office
 

The processing of data transferred within the framework of the use of the PUESC system is carried out under the control of the Head of the National Tax Administration (Warsaw, 00-916, 12 Świętokrzyska St.). The transfer of the received personal data by the respective recipient to non-EU third countries can further not be excluded. 

Further information regarding the handling of data protection in the context of the use of PUESC can be found here: https://puesc.gov.pl/en/polityka-prywatnosci

 

Legal basis of processing

The processing is carried out on the legal basis under data protection law, which has been determined by your employer. As a rule, this will be Art. 6 para. 1 lit. b GDPR in conjunction with. § 26 BDSG.

The legal base for the transfer of your personal data to the Polish Tax Administration in the course of using the Tax and Customs Electronic Services Portal (PUESC) by your employer will be Art. 6 para. 1 lit. c GDPR.
 

We process your personal data based on a data processing agreement concluded with your employer (our customer) within the meaning of Art. 28 GDPR.

Processing on a legitimate interest of UTA

None

Recipients of the personal data

Provider of the SmartConnect platform:

• Telepass S.p.A., Via A. Bergamini, 50, Rome (RM), Italy
• K-Master S.r.l, Via A. Bergamini, 50, Rome (RM), Italy

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

If UTA transfers personal data to unsafe third countries in the context of the integration and use of the Services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreement.

Storage duration

We only store the data you provide in this way for as long as it is necessary to achieve the purposes for which it was originally collected or if your employer instructs us to do so. In the case of your driver information, the processing will take place accordingly until the termination of our contractual relationship with your employer or until you are no longer working as a driver for that employer and your account is deleted.

In the case of personal data relating to your location, journey details and vehicle data, processing will continue accordingly until the termination of our contractual relationship with your employer or until you are no longer working as a driver for the employer and your account is deleted.

Cookies

None

Other

In the event that you as an employee wish to make use of your data protection rights, please assert them vis-à-vis your employer (controller within the meaning of Art. 4 No. 7 GDPR). Should UNION TANK Eckstein GmbH & Co. KG (UTA) receive such a request from you, UTA will forward this request to your employer.

User information UTA SmartConnect

In the following we inform you about the processing of your personal data by using the UTA service UTA SmartConnect (https://www.telepasskmaster.com/)

Purpose(s) of processing

Collecting general data and information:

The SmartConnect application collects a series of general data and information each time you as data subject or an automated system visits the website. This general data and information is stored in the server's log files. The following data may be collected:

(1) the browser types and versions used,

(2) the operating system used by the accessing system,

(3) the sub-websites that are accessed via an accessing system on our website,

(4) the date and time of an access to the website,

(5) an Internet protocol address (IP address),

(6) the Internet service provider of the accessing system and

(7) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, UTA does not draw any conclusions about the data subject. Rather, this information is needed

(1) to deliver the contents of our website correctly,

(2) to optimise the contents of our website as well as the advertising for these,

(3) to ensure the long-term operability of our information technology systems and the technology of our website, and

(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

Therefore, UTA analyses anonymously collected data and information with the aim of increasing the data protection and data security of our company, so that we can target an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Data processing in particular:

In the following, we would like to inform you in detail about the data processing that takes place when using UTA SmartConnect due to the functions and services provided by us.

1. Account (Log-In and Management)

In order to be able to offer the use of the SmartConnect service and to ensure the access restriction to your user account and thus the security of the service for you as our customer, we process your log-in information (e-mail address, password) accordingly.

You can change your password in the options at any time.

In addition, we process an ID assigned to you (ID-APP) for the purpose of addressing you and identifying your account.

Also, you have the option of providing your e-mail address and telephone number for contact purposes. An entry in this regard is not necessary for the use of our service, accordingly the input fields are not mandatory fields. The name (surname and first name) that we process from you is provided by you on your own responsibility, you may also use a pseudonym.

2. Fleet management

We process the settings you have made within the framework of fleet management in order to be able to offer you the contractually assured services, to organise your fleet according to your wishes. In addition, we process data collected within the scope of our service to enable you to analyse the fleet managed by you in order to make decisions regarding the route and economic planning on this basis.

For this purpose, we process the following data:

• Scheduled route planning, vehicle maintenance, equipment maintenance etc.
• Drivers and vehicles under your responsibility
• Vehicle data (registration number, model, engine temperature, distance driven, current route, fuel level, consumption, etc.)
• GPS location data
• Customers
• Suppliers
• equipment
• Point of interest (locations specified by you)F
   

3. Inputs made (messages, notes)

As part of our services, it is possible for you to send messages to your drivers via the fleet function. We process the messages you send in this way, as well as the messages addressed to them, to enable you to use the function of contacting your drivers. In addition, you can make notes regarding your drivers. This content is also assigned to you as personal data. We offer you this function in order to store brief information on individual drivers in our system at your request. The categories of personal data are determined by the content of the messages or notes.

You do not have the possibility to opt out of this data processing, as this data is necessary to provide you with our service.

4. Google maps

As part of SmartConnect, we use the Google maps service. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have requested the corresponding sub-page of our website.

In addition, only the technically necessary data is transferred. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button.

For further information on the processing of personal data by Google, please refer to section VII of this statement.

Legal basis of processing

All processing of personal data (account data, fleet data, messages and notifications) takes place within the framework of the use of UTA SmartConnect. The processing activities are based on the legitimate interest of your employer in accordance to Art. 6 para. 1 lit. f GDPR.

Processing on a legitimate interest of UTA

The processing in connection with the technical and functional provision of UTA SmartConnect including the Google maps functionality is carried out by UTA on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

We have a legitimate interest in ensuring the functionality and error-free operation of the service and in being able to offer a service that is in line with the market interests, whereby this legitimate interest outweighs your rights and interests in protecting your personal data within the meaning of Art. 6 para.1 lit. f GDPR.

Recipients of the personal data

Provider of the SmartConnect platform:

• Telepass S.p.A., Via A. Bergamini, 50, Rome (RM), Italy
• K-Master S.r.l, Via A. Bergamini, 50, Rome (RM), Italy

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfers to a third country or an international organisation

In the context of the use of the Google Maps function integrated in SmartConnect, a transfer of personal data to a third country (USA) or to an international organisation cannot be ruled out.

UTA is aware of this and guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In general, we only store the data you provide in this way for as long as it is necessary to achieve the purposes for which it was originally collected.

In the case of

(1) providing the website, the data are deleted with finishing the web session.

(2) storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

(3) your log-in information, as well as your name and the ID assigned to you, the processing will take place accordingly until the termination of our contractual relationship with your employer (or you personally if you are purchasing our service as a sole trader). Or as soon as you are no longer active in the function as a fleet manager and your account is deleted. The same applies to your phone number and e-mail address for contact purposes. However, you can delete this data at any time if you wish.

You have the possibility to object/remove this data processing with regard to your contact email address and your phone number, as well as your name, by removing the information from your profile, insofar as this is permitted by your employer.

(4) personal data relating to your fleet management, the processing will take place accordingly until the termination of our contractual relationship with your employer (or you personally insofar as you obtain our service as a sole trader), or as soon as you are no longer active in the function as fleet manager and your account is deleted. You do not have the option to delete your account, as this data is necessary to provide you with our service.

(5) Google maps functionality the data will be deleted as soon as our legitimate interest no longer exists, or we are obliged to delete the data due to statutory or legal orders.

With the exception of the data mentioned under no. 3 above, you have no possibility to decide against the storage of your data, as this data is necessary to provide you with our service.

Cookies

UTA SmartConnect does not use cookies for the provision of the service.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

Together with our parent company Edenred S.A., UNION TANK Eckstein GmbH & Co. KG is carrying out a pro-gramme aimed at determining customer satisfaction with UTA products and services and deriving needs for improvement. For this purpose, UTA uses a solution that makes it possible to manage surveys, analyse survey results and classify customer feedback (programme).

Purpose(s) of processing

Within the framework of the programme, UTA processes company data as well as data of a named contact person. All of this data is based on information that you have provided to us as part of the new customer pro-cess. In detail, the data processed are:

• of a contact person (first name, last name, gender, personalised company e-mail address, if applicable)

• from the company (company name, company headquarters (city, country), central communication data (e-mail address, telephone number))

• from the digital visitor (IP address, device information, browser information, language, etc.)

UTA's purposes for processing your personal data within the programme are as follows:

1. researching customer needs, customer satisfaction and trends in the provision of products and services, includ-ing

• creating standard customer profiles and categorising the information.
• trend analysis through segmentation, filtering, profile comparison and tracking over time
• personalisation of customer interactions, especially in terms of the interaction progression
• supporting the identification of customised offers based on customer feedback

2. identification of improvement opportunities

• identification of improvement opportunities for offered products and services based on customer feedback
• identifying maintenance needs in an operational state (tracking of IT incidents, verifying proper func-tioning of equipment, assisting with troubleshooting)

3. ensuring safety and traceability

• technical support
• account management & user authentication
• security monitoring: access and activity logging
   

Legal basis of processing

The processing activities described under 1 and 2 are based on your consent given to UTA pursuant to Art. 6 para. 1 lit. a GDPR.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

An automated decision in individual cases including profiling (Art. 22 GDPR) does not take place.

Processing on a legitimate interest of UTA

We collect and analyse technical information and usage data on a pseudonymised basis in order to continu-ously improve the platform used within the framework of the programme and the processes operated as well as to protect the IT systems used (3.). The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Recipients of the personal data

Within the company, all departments receive access to your personal data that absolutely need this access to fulfil their tasks.

Contractually obligated service providers and vicarious agents also come into contact with your data. These partners are contractually obliged to comply with data protection requirements within the framework of an agreement and support UTA in the performance of this task.

Within the programme, UTA is supported by:

• Medallia, a SaaS solution provider that provides maintenance and technical support in addition to the tech-nical platform for the programme.
• Edenred S.A to ensure the proper functioning of the programme. In this context, Edenred S.A., as the parent company of UTA, has basic access to all personal data processed within the framework of the programme. Edenred will not process your personal data for purposes other than those mentioned above.
• SalesForce, Inc., a CRM solutions provider. Their survey data and results are stored in Salesforce. Access to the data by the provider is not excluded.
  
   

Very important: Under no circumstances will UTA sell your personal data to any third party.

Transfer to a third country or an international organisation

It is ensured that your personal data within the framework of the programme is processed without exception on servers in the EU/EEA area (Frankfurt am Main, Germany or Amsterdam, the Netherlands).

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfil the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted without delay, insofar as no legal retention periods require further storage.

In the case of data collected within the framework of the programme, UTA processes these data:

• for a period of 3 years.
  After this period, they will be deleted by means of an automatic routine.

After termination of the programme, UTA will delete this data in accordance with data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory period of limitation), in order to be able to fulfil any claims you may have against UTA.
• For documents relevant to invoices, there is a 10-year retention period.
• For commercial and business related correspondence, emails and other digital documents, there is a 6-year retention period.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Cookies

Within the programme we use cookies.

We use cookies to collect your geolocation and connection data as part of the programme. This enables us to determine your needs and interests and to personalise our content. Before we use cookies, we obtain your consent in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with. § 25 para. 1 TTDSG. You can withdraw your consent at any time. The information contained in cookies (geolocation and connection data) is stored for 13 months.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA EasyFuel® app

In the following we inform you about the use of your personal data which is provided to us in connection with the use of the UTA EasyFuel® app (hereinafter referred to as "EasyFuel® app"). This information is addressed to the data subjects (hereinafter also referred to as “driver” or "you") whose personal data is provided to UTA for processing. The "Customer" (usually your employer) has the possibility to register your driver account for activating you to use the EasyFuel® app within the UTA EasyFuel® Driver Management.

Purpose(s) of processing

Scope of the processing of personal data by using the UTA EasyFuel® app

UTA collects and processes your data exclusively for specific purposes, which may result from technical necessities, contractual requirements, or express user requests.

Within the scope of the UTA EasyFuel® App provided by UTA, UTA processes the personal data designated below:

• Data collected during download

When you download the app, certain required information is transmitted to the app store you have selected (e.g., Google Play or Apple App Store); in particular, the username, email address, customer number of your account, time of download, payment information, and individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.

• Automatically collected data

As part of your use of the app, we automatically collect certain data that is required for the use of the app. This includes

(1) the internal device ID,

(2) the version of your operating system,

(3) and the time of access.

This data is automatically transmitted to us, but not stored,

• to provide you with the Service and related features;
• to improve the functions and performance features of the App; and
• to prevent and remedy misuse and malfunctions.
   

• Permissions

The following permissions are required for our app:

• Internet access: Required to process contactless transaction authorisation, for your authentication, to access the details of your use of our service and to show nearby gas stations.
• GPS data: Required to determine your location and display nearby gas stations.  
   

• Preferences

When using the App, the User has the option on his/her profile to consent to the use of his/her personal data for optional purposes. The user can select here that his/her personal data will be used by UTA to

(1) keep the user updated regarding new UTA products and offers;

(2) to send the user the UTA newsletter;

(3) to send the user surveys and feedback opportunities to improve UTA services.

• Account data

The account data of the drivers (first name, last name, email address, ID number) are processed for contacting you in a personalized manner. In addition, processing takes place in the context of this contact in order to provide technical updates/information (bug fixes, new versions, etc.).

Your personal data will also be processed to assign you a corresponding fuel card, to enable the customer to manage his fleet via the fuel cards and to enable you to use the UTA EasyFuel® services via the app.

Although the input fields for your account details are mandatory, it is the customer's responsibility to enter the names themselves. Pseudonyms can also be entered in these fields instead of your name.

The setting of a driver-related card is not obligatory and is made by the customer for his employees (drivers), insofar as the customer wishes such an assignment.

In this context, the customer has the task of informing the employee about the data processing within the scope of our service offer and the UTA EasyFuel® app.

• Log-in data

In order to be able to offer the use of the UTA EasyFuel® app and to ensure the access restriction to your driver account and thus the security of the services for our customers, we process your log-in information (email address, password) accordingly.

You are always able to reset or adjust your password in the options of the UTA EasyFuel® app.

• reCaptcha

For the UTA EasyFuel® app, we use "Google reCaptcha". For further detailed information on the processing of personal data in connection with the use of this service, please view into Section VIII of this statement.

• Language

The UTA EasyFuel® app processes your language so that you can be contacted in a language that you are able to understand. The language input is done by employees of the customer or by you when using the UTA EasyFuel® app. Accordingly, the responsibility for the accuracy of the information regarding your language belongs to the customer or with you as the user of this app.

• UTA EasyFuel® service station search

When you install the app, you decide whether to enable the geolocation data processing feature. This function is disabled by default. If you want to use the service station search function, we record the current location of the mobile device via GPS. The location data is used in the UTA EasyFuel® app to plan a route from the current position of your device (e.g., smartphone) to a selected service station nearby.

• Using the map function

For the use of the Map function, when using a mobile device with Android operating system, Google Maps is applied, and when using a mobile device with iOS operating system, Apple Maps is applied. On the map you can find gas stations where it is possible to authorize the transaction with the UTA fuel card. If you have authorized the UTA EasyFuel® app to access your location, your location data will be transferred to the respective map operator while using the map function.  

• Approval of contactless transactions in UTA EasyFuel®.  

The UTA EasyFuel® app offers you the function for contactless approval of transactions (also referred to as transaction authorisation directly at the pump). When you use the contactless transaction authentication function, we process the following personal data:

(1) The master data of the customer (first name, last name, address),

(2) the identification of the authorizing medium (Card-BIN) or the driver (if a fuel card has been linked to him/her),

(3) Date and time of transaction authorisation,

(4) purchased product and its quantity, release dates,

(5) Status of the transaction authorisation success.

When a transaction authorisation is initiated, the abovementioned transaction-related data is passed on to the recipient and stored in the system.

• Contact

Insofar that you contact us by utilizing the “Call Us”-Function, we will be processing the following data:

• Phone number
• Customer data for identification
• Content of your message

We process this data solely for the purpose of answering your inquiry.

Legal basis of processing

UTA only processes personal data for specific purpose(s) and related to existing legal basis. In connection with the use of the UTA EasyFuel® app, UTA processes your personal data on the basis of:

• Your preferences

This data processing is based on the consent of the user pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn with effect for the future at any time by unchecking the corresponding boxes in the app under the user profile.

Within the framework of the UTA EasyFuel® App, UTA processes personal data exclusively for a specific purpose and In accordance to a specific legal basis.

The processing of location data is based on the consent given within the mobile app pursuant to Art. 6 para.1 lit. a GDPR. You can stop the processing of location data at any time with effect for the future by deactivating the function. This deactivation does not affect the lawfulness of the data processing using the location data that has taken place up to this point.

The processing of personal data within the scope of the UTA EasyFuel® services for the use of the

• Management of account and master data (user account)
• Contactless transaction (transaction-related data)

is carried out in accordance with Art. 6 para.1 lit. b GDPR exclusively for the provision of the contractually agreed services.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing is carried out In accordance to Art. 6 para.1 lit. c GDPR.

An automated decision in individual cases including profiling (Art. 22 GDPR) does not take place.  

UTA will under no circumstances carry out profiling within the meaning of Art. 22 GDPR on the basis of the geo-location data or measures to monitor the performance and behavior of individual users of the UTA EasyFuel® App.

Processing on a legitimate interest of UTA

For the functionality of the app, as well as the continuous improvement of the same, we collect technical information and analysis data on a pseudonymized basis. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest that constitutes the legal basis is:

• Provide you with the Service and related features;
• To improve the functions and performance features of the app; and
• To prevent and correct misuse and malfunctions.  

Furthermore, within the scope of using the UTA EasyFuel® App, it collects automatically data based on our legitimate interest according to Art. 6 para.1 lit. f GDPR.

We have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service that is in line with the market interests, whereby this legitimate interest outweighs your rights and interests in protecting your personal data within the meaning of Art. 6 para.1 lit. f GDPR.

Recipients of the personal data

In the course of the operation of the UTA EasyFuel® App, processors on behalf of UTA come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

If UTA transfers personal data to the USA or any other unsafe third countries in the context of the integration and use of the Services, UTA guarantees the lawfulness of the data transfers by including the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in the Data Processing Agreements.

Storage duration

In principle, your personal data will only be processed for as long as it is required to fulfill the purposes for which the data was originally collected. Following the fulfillment of the purposes, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

The storage of the telephone number, first name, last name and language is done according to the specifications of the customer (the UTA EasyFuel® user). The start of the retention period corresponds to the start of the term of the UTA EasyFuel® user contract. The end of the retention period corresponds to the end of the contract term or with regard to individual data records upon your instruction. After termination of the user contract, UTA will delete your data in accordance with data protection regulations and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (statutory limitation period) in order to be in a position to satisfy any claims you may have against UTA.
• There is a 10-year retention period for documents relevant to accounting.
• There is a 6-year retention period for commercial and business correspondence, emails and other digital documents.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

The transmitted geo-location data processed in the app is stored for a maximum period of 14 days.

Cookies

When using our app Google reCAPTCHA automatically places a functional Cookie (_GRECAPTCHA) to ensure the spam protection. This Cookie is a so-called Session Cookie, which will be deleted as soon as the session is ended and the App is closed. If you are logged in to your Google account on the device you are using reCAPTCHA might read the information stored in these Cookies. The legal basis for the setting of the cookie consists in § 25 (2) Nr. 2 TTDSG, as the spam protection by reCAPTCHA utilizing the Cookie is necessary to ensure the function of the app.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UTA eCharge® is a service offered by UTA for the purchase of products and services in the field of electromobility, in particular for fleet management and to enable the billing and authorisation of transactions for charging processes for electric vehicles.

In the following, UNION TANK Eckstein GmbH & Co. KG ("UTA", "we" or "us") informs you about the processing of your personal data in the context of the use of UTA eCharge®.

The information is aimed at both customer/fleet managers and drivers using the service.

Purpose(s) of processing

UTA collects and processes your data exclusively for certain purposes resulting from technical necessities, contractual requirements or explicit user requests.

For the administration of this data on the part of the users as well as UTA and its service providers, your data will be stored in the form of a user account (hereinafter referred to as "account"). For you as a user, it is possible to record, partially view and edit this data via correspondingly provided user interfaces on the internet (in the version "web app") and as mobile apps on the smartphone (in the version "app").

For further information on the processing, in particular with regard to the (technical) functionality and features of the mobile app used, please refer to ChargePoint's Privacy and Cookie Policy: https://de.chargepoint.com/privacy_policy?instance=EU&locale=en

Within the scope of the UTA eCharge® service provided by UTA, UTA processes the personal data referred to below:

Registration process

If your employer orders a service card with the UTA eCharge® option, this card will first be sent to your employer’s Fleet Manager. The Fleet Manager will subsequently make the card available to you. In doing so, he or she must enter your full name, e-mail address and telephone number in the UTA customer exclusive area. You will then receive a specific invitation link with which you can create a personal user profile which will be connected with your employer for settlement purposes.

After that, you need to register through the web app or the mobile app to use UTA eCharge®. The registration process involves processing your personal data, specifically the following:

(1) Company name
(2) Driver name (first and last name)
(3) Email address
(4) Phone number
(5) Username
(6) Address (street, house number, postcode, city, region/state, country)
(7) Acknowledgement of data protection information
(8) Card ID (card serial number)
(9) RFID UID (serial number of RFID chip of the card)
(10) Individual card name
(11) Consent to the General Terms and Conditions of ChargePoint
(12) Acknowledgement of the eCharge data protection information of UTA
(13) Vehicle information (such as vehicle model, year of manufacture, colour)
(14) Information on the need for a home charger (only in the case of home charging)
(15) Information on the installation and charging location (type of charging infrastructure, street, house number, postcode, town, region/state, country -- only in the case of home charging)

If it is stated under (14) that a home charger is required, a check of your home address will be carried out in cooperation with our partner to determine the installation options.

These personal data are processed in order to provide you with the contractually agreed services within the scope of the UTA eCharge® offering.

The processing of these aforementioned personal data is initially carried out by ChargePoint, with this company also acting as a distinct Controller within the meaning of data protection law. The data are then forwarded to UTA for further data processing. For more information, please refer to the ChargePoint data protection information: https://de.chargepoint.com/privacy_policy?instance=EU&locale=en

Contacting (sending a reminder e-mail) with information on how to activate the UTA eCard

UTA reserves the option to contact you directly as a driver if your registration in the ChargePoint portal remains unfulfilled after ordering an eCard.

• Contact

Insofar as you contact us in connection with a service request, we will process the following data:

(1) Customer data
(2) Personal data of the driver (incl. case-specific information, cf. clause 3.1 regarding the registration process)
(3) Content of the message

We process your data exclusively for the purpose of responding to your request.

• Charging sessions

We process your information concerning charging operations for the purpose of providing our service and improving our ability to support you in case of errors or irregularities. For these purposes, we process the following personal data:

(1) Type of charging session
(2) Company name
(3) Driver name (First and last name)
(4) Information on the charging station and its operator (e.g., location, station name)
(5) Date, time and duration of the charging session
(6) Information on current and power type
(7) Energy consumption (kWh)
(8) Costs of the charging session (gross and net)
(9) VAT rate (%) and amount
(10) Currency

If your employer provides you with a home charging solution with reimbursement option, the use of such equipment will entail the processing of the following personal data:

(11) Name of the organisation
(12) Employer ID
(13) Employer name
(14) Driver verification details
(15) ID of the home charging station (if applicable)
(16) Home tariff (per kWh)

In addition, we use the information on charging processes to create internal statistics and analyses in order to optimise our services based on user behaviour. For this purpose, we will anonymise the personal data.

• Restrictions placed on driver-related service cards (for fleet managers)

For certain services, we offer you the possibility to set limits for different cards (frequency of use, transaction limit [monthly, daily], times of use, etc.). In addition, you have the option of temporarily blocking, suspending, or cancelling cards. If the card is assigned to a specific user, this information may, under certain circumstances, constitute personal data.

The data are used to limit the use of the card according to your settings and to provide you with information about the limits you have set.

• Communication preferences

When using your account, you have the option to consent to the use of your personal data for optional purposes. In this context, you can select in your account the extent your personal data are used by UTA to:

(1) Keep you informed about new UTA products and offers;

(2) Send you the UTA Newsletter;

(3) Send you surveys and opportunities to provide feedback in order to improve UTA service offerings.

• Workplace/depot charging

Within the scope of your interest in a solution for "charging at the workplace", our partner processes your personal data as a contact person as well as the company-related data collected by you on its own responsibility as controller. The data marked as mandatory in the registration process within the procurement of the charging infrastructure project must be collected for a successful contact and settlement; the collection of all other data is voluntary. The following data will be processed during registration:

(1) Company name

(2) Salutation, first name, last name

(3) Email address

(4) telephone number

(5) Address

(6) Website

(7) Location category

(8) Industry

(9) Fleet related information

(10) Current service provider used for charging infrastructure (optional)

(11) Date of installation (optional)

All processing operations here take place under the responsibility of ChargePoint in a direct relationship between you/your company and ChargePoint.

Legal basis for the processing

Within the context of UTA eCharge®, UTA will process personal data on a legal basis exclusively for the following purposes:

(1) Collection, comparison and supplementing of driver data on the basis of the cooperation partner's database within the context of the UTA eCharge® service

(2) Management of account and master data (account)

(3) Use of the transaction overview

(4) Fleet management (management of drivers’ and service cards by the customer)

(5) Provision of information and notifications about our products

(6) Processing of requests and support cases

(7) Authorisation of transactions

(8) Billing and invoicing

(9) Prevention of cases of misuse and fraud

(10) Arranging charging infrastructure solutions

The processing of personal data within the context of the UTA eCharge® services takes place in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the purpose of providing the contractually agreed services.

Insofar as UTA is subject to a legal obligation according to which the processing of personal data is required, the processing shall be carried out on the basis of Art. 6 para. 1 lit. c GDPR.

Insofar as we obtain your consent (e.g. to send advertising emails), the processing is based on Art. 6 para. 1 lit. a GDPR.

There are no automated decisions individual cases, including profiling (Art. 22 GDPR).

Processing on a legitimate interest of UTA

For the continuous improvement of UTA eCharge® services as well as for the protection of your IT systems, we collect and analyse technical information and usage data in a pseudonymised form on the legal basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to:

(1) Provide you with our services and related features;

(2) Improve the performance and process flows of our solutions;

(3) Prevent and remedy the consequences of misuse and malfunctions.

Recipients of personal data

In the course of operating the UTA eCharge® service, processors acting on behalf of UTA or controllers will come into contact with personal data of customers and drivers. This refers to the following service providers:

UTA will not sell or pass on your personal data to any third parties under any circumstances unless there is a legal obligation to do so, or you have separately consented to this.

Transfer to a third country or an international organisation

UTA will transfer your personal data to companies in third countries or to international organisations.  UTA has ensured (where applicable, with its cooperation partners in the area of the UTA eCharge® service) that a legal basis exists for this transfer and that the service providers will act in compliance with the data protection rules applicable to UTA. In particular, the transfer of personal data is based on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR published by the EU Commission.

Storage duration

In principle, your personal data will only be processed for as long as it is necessary to fulfil the purposes for which the data were originally collected. After this purpose has been fulfilled, your personal data will be deleted immediately, insofar as no legal retention periods require further storage of the data.

As far as information concerning telephone number, first name, last name and language is concerned, storage follows the specifications of the customer or the UTA eCharge® user. The commencement of the storage period corresponds to the commencement of the term of the UTA eCharge® user contract. The storage period ends when the contractual term ends or - as far as individual data records are concerned - as per your instruction. After the termination of the user contract, UTA will erase the data in accordance with data protection regulations and will only continue to store personal data which are subject to statutory retention periods. The retention periods are as follows:

(1) 3 years (statutory limitation) with a view to the fulfilment of any claims you may have against UTA.

(2) For accounting-relevant documents, the retention period is 10 years.

(3) For commercial and business correspondence, emails and other digital documents, the retention period is 6 years.

In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR.

Transmitted geolocation data stored in the app are stored for a maximum of 14 days.

Cookies

None.

Other

If your company or you as an individual are located in a country other than Germany, you are free to contact your local supervisory authority. The contact information for the supervisory authority responsible for you can be found in section V of this statement.

UNION TANK Eckstein GmbH & Co. KG (UTA, we, us) hereby informs you about the processing of your personal data which you provide to us in connection with your online registration and the associated application for a business relationship with UTA. This information is addressed to the data subjects (hereinafter also referred to as "users" or "you") whose personal data is provided to UTA for processing within the online registration and the order of UTA service cards.

Purpose(s) of the processing 

We collect and process data that you enter during online registration exclusively for specified purposes. These may result from technical necessities, contractual requirements or explicit user requests. In detail, these are:

• Technical data

  
  Certain information is already processed automatically as soon as you access our online services. We have listed in detail below which of your personal data is processed.

  
  As part of your use of the online service, we automatically collect necessary technical data that is required for the use of the application. This includes the IP address used, MAC address, internal device ID, version of your operating system and the time at which the online service was called up.

  
  This data is automatically transmitted to us and processed by us:

  
  (1) to provide you with the Service and related features and to develop them on an ongoing basis;
  (2)nto prevent and correct fraud, misuse and malfunctions.

• Requesting a business relationship with UTA

  
  When requesting a business relationship with UTA via online registration, you transmit personal data (mandatory, voluntary) to UTA. The data will be stored by UTA for as long as we need it within the framework of the customer onboarding process. Afterwards, the data will be (a) stored for the purpose of executing the contract in case a business relationship is established (b) deleted in case that no business relationship is established; if applicable, after a legal retention period (see below). Personal data is processed for the purpose of concluding the contract, establishing the business relationship and contacting you.
   

  • Contact person data (title, first and last name)

  • Communication data of the contact person (email address, telephone number)

  • Company data (company name, company address incl. postcode and country)

  • Business data (VAT ID, tax ID, company registration number)* 

  • Number of UTA service cards required

  • Card personalisation data in case you wish to receive personalised service cards - this requires the conclusion of an order processing agreement with UNION TANK Eckstein GmbH & Co. KG*

  • Bank data (IBAN, BIC, bank name)

  • Information about your company creditworthiness

  • Your experience/your use of the online registration process (tracking)
    
     

    Data marked with a star *) in the above list is voluntary on your part.

2. Legal basis for the processing of personal data

In the course of your online registration, UTA processes personal data exclusively for a specific purpose and based on a legal basis.

The processing of personal data is carried out for the purpose of:

• Processing your request for a business relationship with UTA
• Assessment of the potential economic risk - credit report
• Contacting you/your company
• Establishing a business relationship with you/your company
• Ordering UTA Service Cards
• Personalization of UTA Service Cards - if applicable
• Provision of interest-based advertising incl. surveys
• Ensuring system security and protection against misuse of our systems

The processing of data within the online registration by UTA is based on Art. 6 para. 1 lit. b GDPR for pre-contractual measures.

Insofar as we obtain your consent to address you in advertising, for customer satisfaction surveys, etc., this processing is based on the legal basis of Art. 6 para. 1 lit. a GDPR.

If UTA is subject to a legal obligation which makes the processing of personal data necessary, the processing is based on Art. 6 para. 1 lit. c GDPR. 

In the case of personalisation of Service Cards, this processing is based on the legal basis of Art. 28 GDPR (data processing).

Automated decision-making in individual cases including profiling within the meaning of Art. 22 GDPR (negative legal effect or similar significant impairment) does not take place.

3. Legitimate interests 

In order to ensure that UTA processes the correct company data from you/your company, we offer a functionality during the online registration which, as a result of the collection of the company data, offers you a selection of companies from which you can choose the correct company data. UTA's interest in the correctness of the data transmitted to UTA is based on the legal basis Art. 6 para. 1 lit. f GDPR.
 

Within the framework of the initiation of the business relationship with your company, UTA determines the potential risk of a payment default on the basis of the available information (including the personal data concerning you) by means of the support of credit agencies. Art. 6 para. 1 lit. f GDPR constitutes the legal basis for the processing by UTA for this purpose.
Verification results that would lead to a rejection of your registration request will be personally reviewed by us and evaluated with regard to possible consequences for the requested business relationship by an employee of UTA.
 

In order to prevent and remedy fraud, misuse and malfunctions within the scope of use during the online registration process, we collect and process technical information. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

4. Recipients of the personal data
 

Within the scope of your online registration, service providers commissioned by UTA will come into contact with the personal data provided by you. In detail, these are the following service providers:

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so or you have separately consented to this.

5. Transfer to a third country or to an international organization
 

During an online registration, the services of Salesforce and Twilio are used. These may process your personal data in the USA. We generally base the transfer of your personal data on standard contractual clauses of the EU Commission.

6. Duration of data storage
 

In general, your personal data will only be processed for as long as it is necessary for the fulfilment of the purposes for which the data was originally collected. Following the fulfilment of the purposes, your personal data will be deleted without delay, insofar as no legal retention periods require further storage.
 

As a result of a positive course of business initiation, UTA processes the data collected from you to establish and execute the business relationship. For further details on the processing of your personal data within the scope of a business relationship with UTA, please refer to clause X 10.1 of this data protection declaration.
 

The processing period generally corresponds to the duration of the initiation of the business relationship with UTA. After the end of the business relationship, UTA will delete your data in accordance with the provisions of data protection law and will only continue to store personal data for which there is a legal retention period. The retention periods are as follows:

• 3 years (legal period of limitation) in order to be able to fulfil any claims you may have against UTA. 

• There is a 10-year retention period for documents relevant to accounting. 

• There is a 6-year retention period for commercial and business correspondence, emails, and other digital documents.
   

  In the event of an objection to the processing of the data, the treatment of the data by UTA shall be governed by Art. 17 GDPR. 

Cookies

Cookies are used within the scope of the online registration process. Further details can be found under clause VI.2 in this data protection declaration.

Status: 04 August 2023

We use various tools on our website for the processes and presentation of our website. These tools and their respective functions are shown below.

We use "DoubleClick" from Google to be able to show you personalised advertising when you use our website. DoubleClick" makes it possible to place relevant advertisements for users by setting cookies. This optimisation of advertising is also the purpose of the processing of your personal data by "DoubleClick".

When used, DoubleClick uses a cookie ID to prevent multiple display of advertisements. Due to the marketing tools used here, a connection is established between your browser and Google's servers and personal data is subsequently transmitted to Google in the form of your IP address. This provides Google with information about the visit to our website and the advertisement and can link this information to your Google account.

Our legal basis for the processing of your personal data within the scope of DoubleClick and the setting of the cookie is your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can withdraw this consent at any time with effect for the future by changing the corresponding setting under the cookie settings. This does not affect the lawfulness of the data processing until the time of the withdrawal.

Google is a US company, which means that in the given context your personal data may be processed in the USA. The USA is an insecure third country for which there is no adequacy decision by the Commission pursuant to Article 46 of the GDPR, i.e. there is no adequate level of protection for personal data. In order to nevertheless ensure the security of your personal data during this transfer, the standard contractual clauses approved by the Commission for the transfer of personal data to third countries have been concluded as appropriate measures pursuant to Art. 46(2) lit. c GDPR. You can find more details on this in the information provided by Google.

The personal data will be stored as long as it is necessary to fulfill the purposes for which it was originally collected. For further information on data protection in connection with the use of DoubleClick and the associated use of cookies, please refer to the privacy policy of Google Inc.: https://policies.google.com/technologies/ads?hl=de.

On this website we use the function of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, further data is transmitted to Google, such as your IP address, date and time of the request, website from which the request comes, browser, and operating system and its interface.

This occurs regardless of whether you are logged into your Google account or whether there is no user account.

If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The legal basis for the processing is our legitimate interest in improving our offer, the visual and functional optimisation of the website as well as the provision of a function that facilitates the location of acceptance partners according to Art. 6 para. 1 lit. f GDPR. The data will be deleted as soon as our legitimate interest no longer exists, or we are obliged to delete the data due to statutory or legal orders.

Insofar as Google processes the personal data collected in this way for its own purposes, Google is the Controller for the processing within the meaning of Art. 4 No. 7 of the GDPR. For more information on the purpose and scope of data collection and processing by Google, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.

Google is a US company, which means that in the given context your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

We use Apple's Smart App Banners Inc. (1 Infinite Loop, Cupertino, California) on our website to inform you about our mobile app application. By selecting and clicking on the Smart App Banner, you will be taken directly to our in-house mobile app application in the Apple App Store.

For the redirection from our website to the Apple App Store, technically necessary data from you is processed to ensure the functionality of our Smart App Banners. This technically necessary data may also include personal data such as your IP address, which is transmitted to Apple. Apple processes further personal data from you in the event of a download of our mobile app application, which is related to your App Store account.

The legal basis for the data processing is our legitimate interest in the advertising our apps according to Art. 6 para. 1 lit. f GDPR.

You can of course object to data processing at any time. Your personal data processed by us will be erased immediately if it is no longer necessary for the purposes for which it was collected and no legal retention periods prevent erasure of the data.

Apple is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have implemented appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Apple's website.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected. For more information on data protection in connection with the use of Apple Smart App Banners, please refer to the privacy policy provided by Apple: https://www.apple.com/de/legal/privacy/data/ .

We use the Font Awesome widget from the company Fonticons Inc. (307 S Main St. Ste 202 Bentonville, AR, 72712-9214 United States) on our website to integrate the web font Font Awesome and its icons into our website. By using Font Awesome we are able to enrich displays and further contents of our website. Furthermore, the use of icons of the web font Font Awesome enables us to improve the loading speed as well as the clarity of our website. This is also the purpose of the processing of your personal data when using Font Awesome.

When using Font Awesome, a Content Delivery Network (CDN) is used to enable the loading of icons from an external server. When you enter our website, your browser establishes a connection to the servers of the Fonticons company in order to enable the loading of the icons. In doing so, Fonticons processes your personal data in the form of your IP address.

The legal basis for data processing is our legitimate interest in the process optimisation pursuant to Art. 6 para. 1 lit. f GDPR.

Fonticons is a US company, which means that in the given context your personal data may be processed in the US. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have implemented appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the US is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries.

Personal data will remain stored for as long as it is necessary to achieve the purposes for which it was originally collected. For more information regarding data processing in the context of the use of Font Awesome, please refer to Fonticons' privacy policy: https://fontawesome.com/privacy .

We use the cookie consent management tool "OneTrust" of the company OneTrust Technology Limited (82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK)) on our website. The use of "OneTrust" enables us to obtain your consent from you when you call our website, to provide you with specific choices when granting your consent, and to document the consent options you choose. The use of "OneTrust" is necessary for us to fulfill our obligation to obtain consent and the associated documentation obligation. For this purpose, "OneTrust" places a cookie in your browser when you enter our website in order to be able to deliver the application correctly and to be able to guarantee its functionality. In the context of a use of "OneTrust", your personal data will be processed, e.g., your IP-address and the date and time of granting your consent or managing your preferences.

The personal data collected from you in this way will be processed by OneTrust Technology Limited by way of commissioned processing. Please note that OneTrust Technology Limited is a company based in the United Kingdom (UK), which means that there is a possibility that your personal data may be transferred to and processed in a third country of the EU. The UK is a third country with an adequacy decision by the EU Commission in the sense of Art. 45 GDPR, whereby an adequate level of protection with regard to the processing of your personal data in the UK has been measurably established. We have also concluded a data processing agreement with OneTrust Technology Limited pursuant to Art. 28 GDPR to ensure the security and integrity of your personal data as well as compliance with data protection.

We base the use of "OneTrust" on the legal basis of a processing for the fulfillment of legal obligations according to Art. 6 para. 1 lit. c GDPR (the legal obligation is to obtain consent according to Art. 6 para. 1 lit. a GDPR as well as § 25 TTDSG; fulfillment of documentation and accountability obligations according to Art. 5 para. 2 GDPR).

The OneTrust Cookie has a storage duration of one year. After that, your personal data will be erased.

For more information about OneTrust Technology Limited's privacy practices and how OneTrust Technology Limited treats your personal information, please visit OneTrust Technology Limited's Privacy Policy: https://www.onetrust.com/privacy/.  

For our customers, we want to make the start of using our online service as user-friendly as possible. Therefore, we use a user guidance service provided by our processor Userpilot Inc, 2035 Sunset Lake Road, Newark, Delaware 19702, USA.

The user guidance service provides you with additional information and instructions at some points during your interaction with our Online Services, such as clicking certain buttons or visiting a particular sub-site, to help you better navigate and understand how to use the Service. In addition, we use user prompts to inform you of new features within the Online Service. We also analyse whether the user guidance has helped you and to what extent an optimisation of the same is necessary.

The following types of data are processed in the process:

IP address, device type (mobile device or PC), operating system, browser version, country, your registration date for our online service, number of logins, sub-pages visited within the online service.

We transfer your personal data to the Userpilot server in the USA. We have concluded a data processing agreement and standard contractual clauses of the EU Commission with the processor Userpilot for the transfer of personal data to the USA.  

The legal basis for the user guidance and its analysis and optimisation is your consent pursuant to Art. 6 par. 1 lit. a GDPR.

We use the software solution "SendGrid" of the US company Twilio, Inc. (1801 California Street, Suite 500, Denver, CO 80202, USA) on our website. The use of SendGrid enables us to send you automated emails and thus to provide you with the content you contractually requested. For example, we use SendGrid to send you confirmation emails, transaction confirmations or emails with contractually relevant content. In the context of the use of SendGrid, it is necessary for us to process the following of your personal data:

• Master data
• Contract data
• Information relating to your product interests
• email address
• IP address

We would like to point out that Twilio Inc. is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Art. 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the EU Commission for the transfer of personal data to third countries.

We base the lawfulness of the use of the software solution "SendGrid" on the fulfillment of pre-contractual or contractual obligations pursuant to Art. 6 (1) lit. b GDPR.

For more information about Twilio Inc.'s privacy practices and how Twilio Inc. handles your personal information, please visit Twilio Inc.'s privacy policy: https://www.twilio.com/legal/privacy.

“Google reCaptcha" (hereinafter referred to as "reCaptcha") is a service of the provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using reCaptcha, we can verify whether the data entry on our website was made by a human user or by an automated program. For this purpose, each website visitor who enters our website is automatically analysed by reCaptcha.

In the process, various information such as the IP address or the time spent on the website as well as the mouse movements are forwarded to Google and analysed. This analysis takes place entirely in the background and does not make the users of the website aware of this analysis.

The legal basis for this data processing is our legitimate interest according to Art. 6 (1) (f) GDPR to protect our web offers from abusive automated spying and spam.

Google is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

For more information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/about/

We use the software solution "Google Analytics for Firebase" of the US company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website. The use of "Google Analytics for Firebase" enables us to link users to interactions on and around our website using so-called "instance IDs". Instance IDs" are unique identifiers that are assigned to a timestamp. These are assigned to users of our website and subsequently allow the user to be associated with the respective interaction. In the context of the use of "Google Analytics for Firebase", the following of your personal data are sometimes processed:

• IP address
• Number of users
• Number of sessions
• Session duration
• Operating system used
• Device model
• Region of access

We explicitly point out that we have no influence on the use of your personal data by Google. Nevertheless, we would like to inform you about the following in the context of the upcoming processing:

Google is a US company, which means that your personal data may be processed in the USA. We are aware of the transfer of your personal data to a third country without an adequacy decision pursuant to Article 45 GDPR and have taken appropriate safeguards pursuant to Article 46 GDPR to ensure lawful and secure processing of your personal data. The transfer of your personal data to the USA is based on the standard contractual clauses approved by the Commission for the transfer of personal data to third countries. Additional information on this can be found on Google's website.

We base the lawfulness of the use of "Google Analytics for Firebase" on the legal basis of obtaining the consent of the data subject pursuant to Art. 6 (1) lit. a GDPR and Section 25 TTDSG. You can, of course, withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out up to the time of the withdrawal remains unaffected.

For more information about Google LLC's privacy practices and how Google LLC handles your personal information, please visit Google LLC's privacy policy:

https://support.google.com/firebase/answer/9019185?hl=en#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article

Facebook Fanpage
 

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), operate our own Facebook fan page at https://www.facebook.com/UTADeutschland/. As the operator of this Facebook page, we are joint controller with the provider of the social network Facebook of the provider Meta Platforms Inc. (Deborah Crawford 1601 Willow Road Menlo Park, California 94025, USA, hereinafter also: Meta), in the sense of Article 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both joint controllers.

We have concluded an agreement with Meta on joint controllership under data protection law (Page Controller Addendum). With this agreement, Meta recognizes the joint controllership regarding so called insights data and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. The agreement also determines that Facebook is the primary contact for the exercise of data subjects' rights (Art. 15 - 22 GDPR). As the provider of the social network, Facebook alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. However, should our support be required, you are welcome to contact us at any time as stated in our privacy notice.

• Use of Insights and cookies
   

  In connection with the operation of this Facebook fan page, we use Meta's Insights function to obtain anonymized statistical data on the users of our Facebook fan page. Meta provides information about Insights and Facebook Fanpages, for example, via its privacy notice. 

  Meta also uses cookies and other similar storage technologies in connection with visits to our and other Facebook pages. For more information about Meta's use of cookies, please see their Cookie Policy.
   

• Comments and messages; participation in competitions
   

  On our Facebook page, you also have the opportunity to comment on and rate our posts and to contact us via private messages or to participate in competitions.
   

• Purpose(s) of the processing
   

  The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain aggregated statistics that Meta compiles based on visits to our Facebook fan page. The purpose of this is to control the marketing of our activity. For example, it allows us to learn about the profiles of visitors who like our Facebook page or use applications on the page so that we can provide them with more relevant content and develop features that may be of greater interest for them.

  In addition, to help us better understand how our Facebook Page can better achieve our business goals, demographic and geographic analyses are also created and provided to us based on the information collected. We may use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Facebook on multiple devices, the collection and analysis can also be carried out across devices if the visitors are registered and logged into their own profiles.

  The visitor statistics created are only transmitted to us in anonymized form. We have no access to the underlying data.

  Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products and services. In this context, we may receive further information, for example due to user comments, private messages or because they follow us or share our content. The processing is solely for the purpose of communicating and interacting with them.
   

• Legal basis for the processing
   

  The processing of users' personal data is based on our legitimate interests in optimizing the presentation of our company and products (Art. 6 para. 1 lit. f GDPR) as well as in the case answering product application questions based on a (pre-) contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR.

  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by using the form provided by us (data protection web form). 
   

• Possibility of objection
   

  Facebook users can influence the extent to which their user behavior may be recorded when they visit our Facebook page under the settings for advertising preferences 

  Further options are offered by the Facebook settings or the form for the right to object.

X Fanpage
 

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), use a X fan page under the name twitter.com/uta_deu. In the following, we would like to inform you about the processing of your personal data on our X fan page.

• Processing of personal data by X
   

  X is a service provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. We would like to point out that you are responsible for using the services provided by X Corp. and all associated functions (e.g., sharing and rating content). 

  Information on the data processing carried out by X Corp. and the corresponding purposes pursued can be found in the data protection declaration of X Corp. 
  
  You can find X's data protection declaration here: https://twitter.com/en/privacy. We have no influence on the type and scope of the data processed by X Corp.  or its transfer to third parties. We have no means of control in this regard.

  Your data is collected and processed by X Corp. Your personal data will be transferred, regardless of your place of residence, to the United States, Ireland and any other country in which X Corp. conducts business. Data that you have voluntarily provided to X will be processed by X Corp. (e.g., name and username, email address, telephone number or the contacts in your address book) if you upload them. 

  In addition, X Corp. evaluates the content you share. As a result, X Corp. identifies the topics and content in which you are interested. It also processes confidential messages that you send to other X users. GPS data, information on wireless networks or your IP address are used to determine your location and to send you corresponding content, usually advertising. 

  The evaluation may be carried out with the help of various analysis tools, such as Google Analytics. The use of such analysis tools by X is not subject to our control or influence. If such analysis tools are used by X Corp., we were not informed about the use of such tools. Consequently, X Corp. has not been instructed, assisted or supported by us in the use of such analysis tools. Furthermore, the results of such analysis are not made available to us. Only anonymized information about the response generated by tweets (clicks, likes, etc.) is visible to us. The use of analysis tools on our X account cannot be switched off and there are no other options to prevent such use.  

  X also receives data from visitors who do not have a X account when they view content on X. This log data includes the IP address, the type of browser used, the operating system, information about the website previously visited and the pages you viewed, location, mobile provider, cookies or search terms and the terminal device used.

  You have the option of restrict the processing of your data by X. To do this, you can open the general settings of your X account and change your privacy settings under "Data protection and security". 

  You can check and customize your privacy settings here: https://twitter.com/personalization .

  Additional help is available at: 

  https://support.twitter.com/articles/105576# 

  https://help.twitter.com/en/search?q=data%20protection
  
   

  You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that X only has limited access to your contact data, location data, calendar data or photos, etc. These setting options differ depending on the operating system used on your mobile device. 
   

  Further information and assistance is available at:
   

  • https://support.twitter.com/articles/20172711# (possibility to view your own data processed by X).

  • https://twitter.com/your_twitter_data (information about X’s inferences to you)

  • https://support.twitter.com/forms/privacy (form to receive further information from X)

  • https://support.twitter.com/articles/20170320# (possibility to download your own X archive)
     

• General information on the processing of personal data by us 
   

  If we process your personal data on X, it will not be collected via our X account. There is no transfer of data to X, such as IP addresses, due to the embedding of tweets on homepages or similar. However, we may retweet tweets from you, reply to tweets from you or write tweets that refer to you or your X account. In this respect, your public data on X may be made available to followers of our site.

  Data is only passed on to public authorities in the event of overriding legal provisions. If we publish images of individuals, this is done via consent (legal basis: Art. 6 para. 1 lit. a GDPR), on the basis of a contractual agreement (legal basis: Art. 6 para. 1 lit. b GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 para. 1 lit. f GDPR).
   

• Purpose(s) of the processing
   

  We use our X page to communicate with our customers, interested parties and X users and to inform them about us and our products and services. In this context, we may receive further information, e.g., due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. 
   

• Legal basis for the processing

  The processing of users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when answering product application questions based on a (pre-)contractual relationship according to Art. 6 para. 1 lit. b GDPR.

  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by using the form provided by us (data protection web form). 

XING page
 

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA") use a XING page of the provider New Work SE (Am Strandkai 1, 20457 Hamburg, Germany). With these data protection provisions, we would like to inform you about how we process your personal data via our XING social media profile https://www.xing.com/pages/uniontankecksteingmbh-co-kg and who has access to the data you have provided.
 

Data about you may be collected via this social media profile through cookies, regardless of whether you have an account with XING or not. Cookies are regularly stored on the user's terminal device when visiting a XING page, including this profile. The information stored in the cookies is received, recorded and processed by XING, in particular when the user visits XING services, services provided by other members of the group of companies and services provided by other companies using XING services. In addition, other entities such as XING partners or even third parties may use cookies on the XING services to provide services to companies advertising on XING. For more information on XING's use of cookies, please refer to their privacy policy.
 

Cookies are primarily set in order to be able to display personalized advertising to visitors to XING websites, for example. This is done by displaying ads on our XING profile to the user from XING's advertising partners whose websites the user had previously visited. In addition, cookies enable statistics to be compiled on the use of a social media profile, so that XING and UTA can track the use of a social media profile. 
 

The collection of your data through cookies in the context of the use of the social media profile is neither legally nor contractually required. Nor is this necessary for the conclusion of a contract. There is therefore no obligation to transmit your data to XING. However, the non-transmission of your data (e.g. by blocking cookies) has the consequence that we cannot offer you our social media profile or only to a limited extent.
 

XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are offered by the XING settings or the form for the right to object.
 

The processing of information by means of the cookies used by XING can also be prevented by not allowing cookies from third-party providers or those from XING in your own browser settings.
 

Further details on the use of cookies by XING can be found in the Data Policy.
 

• Purpose(s) of the processing
   

  UNION TANK Eckstein GmbH & Co. KG operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information and to communicate with users.
   

• Legal basis(s) for the processing
   

  The processing of users' personal data is based on our legitimate interests in optimising the presentation of our company and contacting potential applicants (Art. 6 para.  1 lit. f GDPR).

  Your personal data will only be stored by us for as long as it is required to achieve your collection purpose. You have the right to object to the described processing pursuant to Art. 21 GDPR. You can submit your objection to the offices named by us in this data protection declaration.
   

LinkedIn Page
 

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), use a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland at https://www.linkedin.com/company/uta_edenred/. 
 

We have concluded a data protection joint controller agreement (Page Controller Addendum) with LinkedIn Ireland Unlimited Company. With this agreement, LinkedIn Ireland Unlimited Company acknowledges joint controllership regarding the described processing procedures and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches.
 

When visiting our site, LinkedIn as the data controller party collects personal data of the user, for example, through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this site who are not logged in or registered with LinkedIn. Information about data collection and further processing by LinkedIn can be found in LinkedIn's privacy policy.
 

UTA cannot track which user data LinkedIn collects. UTA also does not have full access to the collected data or your profile data. UTA can only see the public information of your profile. You decide what this information is in your LinkedIn settings.
 

If our site offers a chat function, UTA will use your data when using the chat function to respond to your inquiry.
 

• Purpose(s) of the processing
   

  UNION TANK Eckstein GmbH & Co. KG operates this LinkedIn page in order to present itself to users of LinkedIn as well as other interested persons who visit this LinkedIn page, to present information regarding recruiting and entry-level opportunities at UNION TANK Eckstein GmbH & Co. KG and to communicate with the users. 

  Furthermore, we use the service and customer support information collected via LinkedIn to contact you in order to provide you with the requested information and offers.

  UTA processes anonymous statistics provided by LinkedIn regarding Page usage and utilization. The following information is provided:
   

  • Followers: number of people following UTA - including growth and development over a defined time frame.

  • Reach : number of people who see a specific post. Number of interactions on a post. This can be used, for example, to determine which content is better received by the community than others.

  • Ad performance: How many people were reached and interacted with a post or paid ad.

These statistics, from which we cannot draw any conclusions about individual users, are used by UTA to constantly improve its online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.
 

UTA receives personal data via LinkedIn when you actively share it with us via a personal message on LinkedIn. We use your data (e.g. first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.

• Legal basis for the processing
   

  The processing of users' personal data is based on our legitimate interests, in an optimized company presentation and contacting potential applicants (Art. 6 para. 1 lit. f GDPR).

Instagram page
 

When you visit our Instagram page https://www.instagram.com/uta_deutschland/ and your browser allows cookies to be stored, Meta Platforms Inc. (Deborah Crawford 1601 Willow Road Menlo Park, California 94025, USA) stores information in the form of small text files in your browser's memory (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that embeds Meta technologies. For more information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard, please refer to the information on Instagram cookies.
 

We would like to point out that Meta is able to track your user behavior (across devices for registered users) on other websites beyond the Instagram platform by means of the cookies used. This applies both to users registered with the Instagram platform and to users not registered there.
 

We would also like to point out that we have no influence on the data processing carried out by Meta in connection with cookies. Visiting our Instagram page is also possible if you configure your browser so that no cookies are stored by the Instagram platform. Information on how to adjust the settings for cookies in your browser can usually be found in the help section of the browser you use.
 

If you are registered or logged in to the Instagram or Facebook platform and want to avoid Meta being able to associate your visit to our Instagram page with your Instagram or Facebook user account, you should log out of Facebook or disable the "stay logged in" feature, delete the cookies present on your device, and exit and restart your browser.
 

We have concluded a data protection joint controller agreement (Page Controller Addendum) with Meta. With this agreement, Meta acknowledges joint controllership with regard to the described processing operations and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. You can then also assert your data subject rights there. 

• Data processing during interactions on our Instagram page
   

  Our Instagram page offers you the opportunity to respond to and comment on our posts, view our Stories, participate in Story interactions, and send us private messages. Please carefully consider what personal information you share with us through our Instagram page. If you would like to avoid Meta processing any personal data you submit to us, please contact us through other means.
   

  In addition to the content you submit, information about your profile, likes and posts will be visible to us depending on your privacy settings.
   

• Purpose(s) of the processing
   

  We use our Instagram page to communicate with our customers, prospective customers and Instagram users and to inform them about us and our products and services. In this context, we may receive further information, e.g., based on user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. 
   

  Statistical purposes:
   

  We have set up our Instagram page as a business profile and use anonymized page statistics ("Instagram Insights") provided by Meta Platforms Inc. to provide us with insights about visitors to our Instagram page and their interactions with our Instagram page and its content. We do not contribute to the decision on the means and purposes of processing event data used to generate page statistics. The statistics include the following information:
   

  • Reach , page views, time spent on video posts.

  • Interactions such as tagging a post with "like," commenting, or sharing posts

  • Demographics such as age, gender, and location.
     

We use this data to identify trends. It is not possible for us to link back to individuals who triggered these events.

• Legal basis for processing
   

  Our legitimate interest is in particular our business interest in sharing information with our users and being able to communicate with them. The processing of users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when answering product application questions based on a (pre-)contractual relationship according to Art. 6 para. 1 lit. b GDPR.
   

  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. 
   

  We process the data you provide in this context and which may be accessible to us in order to protect our legitimate interests in contacting and communicating with our interested parties, which outweigh our interests in the context of a balancing of interests. This is also our legitimate interests in the data processing according to Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
   

Note on data processing by YouTube
 

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and offers other users the opportunity to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, so that not only complete films and TV shows, but also music videos, trailers and amateur videos prepared by users can be accessed via the internet portal.
 

We, UNION TANK Eckstein GmbH & Co. KG (hereinafter referred to as "UTA"), use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Information about what data is processed by Google, and for what purposes, can be found in Google's privacy policy.
 

We have no influence on the type and scope of the data processed by Google, the way in which it is processed and used, or the transfer of this data to third parties. We also have no effective control options in this respect. By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and transferred to, stored and used in the United States, Ireland and any other country in which Google does business, regardless of your country of residence. It is transferred to Google-affiliated companies and to other trusted companies or individuals who process it on Google's behalf.  
 

Google processes your voluntarily entered data such as name and user name, e-mail address and telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. On the other hand, Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location based on GPS data, information on wireless networks or your IP address in order to send you advertising or other content. For evaluation, Google may use analysis tools such as Google Analytics. We have no influence on the use of such tools by Google and have not been informed about such potential use. If tools of this type are used by Google for our YouTube channel, we have neither commissioned this nor supported it in any other way.   
 

We are also not provided with the data obtained during the analysis. In addition, we have no way to prevent or disable the use of such tools on our YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called "log data" may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. You have options to restrict the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers privacy settings specific to YouTube. You can find out more about this in the guide to data protection in Google products from Google.
 

For more information on these points, see Google's privacy policy under the term "Privacy Settings". For more information, please see Google's Privacy Help.
 

• Purpose(s) of the processing
   

  We use our YouTube channel to communicate with our customers, prospective customers and YouTube users and to inform them about us and our products and services. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. This processing is solely for the purpose of communicating and interacting with you. 
   

  In addition, we have integrated YouTube videos from our YouTube channel directly on our website to increase the user-friendliness of our website and thus improve the user experience. Although we have activated YouTube's advanced privacy settings in this context, it cannot be ruled out that your personal data may be affected by processing, e.g., by the setting of cookies.  
   

  As already described, there is no tracking of your behavior by UTA when you use YouTube. However, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we may respond to your publications under "Discussions". The data freely published and disseminated by you on YouTube will thus be included by us in our offer and made available to our followers.  
   

• Legal basis for the processing
   

  The processing of users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when answering product application questions based on a (pre-)contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR. 
   

  Our legitimate interest is in particular our business interest to share information with our users and to be able to communicate with them, as well as for customer retention.
   

  Should you wish to participate in one of our competitions, you are free to do so. In such a case, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. 
   

  Furthermore, we base the processing of your personal data in the context of the integration of YouTube videos on our website by setting cookies on obtaining consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 TTDSG. Of course, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out up to the time of the revocation remains unaffected. You can submit your withdraw to the offices named by us in this data protection notice.
   

• Recipients of personal data
   

  The transfer of your personal data to the USA is in accordance with the GDPR. Google has submitted to the standard contractual clauses as a data importer and we have taken additional measures to comply with the data protection requirements. Here you can find more information about Google's compliance with data protection regulations: https://cloud.google.com/security/compliance?hl=en
   

YouTube video integration in extended data protection mode 
 

On our website, we have integrated components from YouTube and use YouTube's extended data protection mode. Enhanced privacy mode allows us to embed YouTube videos without using cookies that track user behaviour. This means that no activity data is collected to personalise the user experience. Instead, video recommendations are contextual and relate to the current video. Videos played in enhanced privacy mode do not affect your browsing experience on YouTube.
 

If you are logged in to YouTube at the same time, YouTube recognises which specific sub-website of our website you have visited when you call up a sub-website that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. 
 

YouTube and Google receive information via the YouTube components that you have visited our website if you are logged into YouTube; this happens regardless of whether you have clicked on a YouTube video or not. If you do not wish this information to be transferred to YouTube and Google in this way, you can prevent this transfer by logging out of your YouTube account before accessing our website.
 

The privacy policy published by YouTube is available here - it provides information on the collection, processing and use of personal data by Google and YouTube. Information on the extended data protection mode can be found here.
 

The transfer of your personal data to the USA is in accordance with the GDPR. Google has submitted to the standard contractual clauses as a data importer and we have taken additional measures to comply with the data protection requirements. Here you can find more information about Google's compliance with data protection regulations: https://cloud.google.com/security/compliance?hl=en
 

Note on data processing for Google company profile (Google My Business)
 

You can find our company as an entry in "Google My Business". This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). 
 

If you find us via the My Business page set up by Google, we would like to point out that the functions are not provided by us. In particular, interacting with our profile (reviewing, sharing, calling, rating, showing address) may result in Google collecting both your IP address and possibly other information. Furthermore, the data collected by Google may be further processed by Google, possibly also in third countries. You can find more information here in Google's privacy policy.
 

We cannot exclude the possibility that the data you provide when interacting with our Google profile may be used, viewed and evaluated by Google. Therefore, contact with us should be established by other means than via Google, or direct contact should be sought as soon as possible. 
 

Google provides us with statistical information about the interaction with our profile. We do not collect any other data, in particular personal data, via Google My Business.
 

General information on social media channels used by UTA
 

The general information presented below refers to all social media channels used by UTA. 
 

• Possibility to object
   

  You can object to the processing of your personal data by the respective channel provider via the above-mentioned links. 

  Furthermore, you can object to the processing of your personal data by us via our contact options.
   

• Duration of data storage
   

  Your data will be deleted when the purpose ceases to exist, unless there is a duty to retain the data.
   

• Transfer to a third country or to an international organization
   

  It cannot be ruled out that user data is processed on systems outside the European Union. Google, LinkedIn, Xing, Twitter and META (Facebook) have submitted to the standard contractual clauses and have thus undertaken to comply with the data protection standards of the EU.  

  Note: UTA itself does not pass on any personal data that we receive via our social media channels.

1. purposes and legal bases of the processing

a. For the fulfilment of contractual obligations (Art. 6 para. (1) lit b GDPR).

Upon application for a customer relationship with UNION TANK Eckstein GmbH & Co KG, we process information provided by you for the conclusion of the contract and to assess the economic risk to be assumed by us.

Data processing within the scope of a business relationship

If a contract is concluded, we process your data to carry out the contractual relationship. The personal data processed here includes master data (e.g. company name, company name, address), data of a central contact person, as well as all data that we require from you for billing purposes (e.g. VAT ID, bank data) within the scope of the contractual relationship. This also includes processing processes that take place in connection with the sending of acceptance media.

The conclusion or execution of the contractual relationship is not possible without the processing of your personal data.

Use of data in case of late payment

In the event of default in payment, we may assign claims to third parties. All necessary data is transferred to the respective third party (e.g. collection company) to the required extent for the purpose of handling the collection procedure.

b. Ordering of products and services (Art. 6 para. (1) lit b GDPR).

When ordering and using products/services in the categories listed below, there may be a need to process further personal data in addition to the aforementioned data. These primarily include:

Acceptance media (service cards, toll boxes)

Vehicle-related data (e.g. vehicle owner or lessor, vehicle registration number), driver data (different shipping address or name when the service card is stamped).

Digital services (UTA exclusive customer area, e-invoicing, electronic data output)

Electronic contact data (e-mail address) for information about a new billing document or for the transmission of billing details or in the context of creating new users of the UTA customer exclusive area or in the case of using the feedback function within the UTA Stationsfinder APP. Within the app, we will also process your location data to show you the nearest acceptance point.

(Toll) Registration procedure

Customer master data for validation purposes (e.g. company master data), processing of all data requested by the acceptance system operator (vary per acceptance system).

Within the scope of registration procedures for the use of selected toll acceptance systems or when UNION TANK Eckstein GmbH & Co KG issues service cards of third parties, we process without exception the personal data that is required by the acceptance partner / system operator. In order to legitimise the information you provide to us during the registration process, it may be necessary to provide us with the relevant documents (e.g. vehicle registration document). Acceptance partners/system operators must be proven.

In order to be able to fully support you in the context of possible queries or in enforcement cases by the toll acceptance system operator or by national enforcement bodies, we also store all data submitted by you as part of the registration procedure internally.

credit management

When a credit note is issued (e.g. to a Mercedes ServiceCard), we share all relevant information about the consumption of this credit note with the company granting the credit note (e.g. Daimler AG). This is to inform you about offers within the validity period of the credit memo.

All processing of your personal data in the above-mentioned processing procedures for pre-contractual or contractual purposes is based on Art. 6 Para. 1 b of the GDPR.

c. Due to a justified interest of UNION TANK Eckstein GmbH & Co KG (Art.6 Para. 1 lit. f, GDPR).

We also process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us and third parties. These processing operations are carried out on the basis of Art. 6 para. 1 lit. f GDPR. These finishes are:

Assessment of the economic risk to be assumed (determination of creditworthiness)

To conclude a business initiation and to monitor an existing customer relationship - especially in the case of late payment - we make use of the support of credit agencies. These assess the potential risk of non-payment on the basis of available information (including personal data relating to you). The result will be personally reviewed by us and evaluated with regard to possible consequences for the business relationship by an employee of UTA.

A fully automated rating does not take place.

Advertising for own products and services

In the event that we have not been given a specific contact person for advertising purposes, we will use the data provided by the central contact person and inform you about products and services of UNION TANK Eckstein GmbH & Co KG and our affiliated companies within the framework of the contractual relationship.

You can revoke the transfer with effect for the future at any time.

Further processing of your data to protect our legitimate interest may be:

Measures for business management and further development of own products and services

Internal monitoring to control the existing business relationship.

Prevention

To prevent criminal offences, we monitor the usage behaviour and the use of your acceptance media.

Review and optimization of procedures for needs analysis and direct customer approach; incl. internal customer segmentation

d. On the basis of consents (Art. 6 para. 1 lit. a of the GDPR)

If you have given us your consent to process personal data for specific purposes, this processing is legal on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of consents that may have been given to us prior to the validity of the GDPR, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Newsletter registration for advertising purposes

Newsletters will only be sent to you on the basis of a separate consent.

(Personal) guarantees

In the case of personal guarantees by third parties (third-party guarantors), UNION TANK Eckstein GmbH & Co KG processes all necessary personal data together with information about the economic and financial circumstances of this third party.

e. For the fulfilment of legal obligations in connection with Art. 6 para. 1 lit. c of the GDPR

Within the framework of financial processes and to meet legal archiving requirements.

2. recipients or categories of recipients of the data;

Within the company, all departments that need access to your data in order to fulfil our contractual and legal obligations are granted access to it.

Contractual service providers and vicarious agents may also come into contact with your data. These partners are contractually bound to our compliance with data protection instructions within the scope of order processing and support UNION TANK Eckstein GmbH & Co KG in the implementation of the business relationship with you.

Among other things, we use contract processors for the services: Support/maintenance/development of EDP/IT applications, call centre services, data destruction and disposal, sending advertising material, website hosting, website design, letter shop, building security, address data validation, driving licence controls, process support (24/7), online authorisations, breakdown services.

In special constellations we process your personal data together with cooperation partners. Each party processes your data exclusively for a specific purpose and within the framework of shared responsibility. This contract construct is available in the context of:

• distribution partnerships / Models of cooperation:
  In models in which the cooperation partners involved are in an independent contractual relationship with you, we may exchange data within the cooperation. The respective processing of your data including the further processing of previously exchanged data by each cooperation partner is based on the direct contractual relationship with you. There is no further obligation to inform about the data processing by the cooperation partner at this point, since we can assume that you have been comprehensively informed about the processing of your data by the cooperation partner in the context of the separate contractual relationship with the cooperation partner. There is no authority to issue instructions to the respective cooperation partner.
• Activities with internal group companies or affiliated companies
• billing services
   

Third party service providers

Within the scope of fulfilling contractual obligations, we make use of external service providers in some cases. We use these for the services: Credit information, toll registration, logistics services, reimbursement services, collection procedures, billing of service payments in the expense reimbursement procedure

In all the cases mentioned above, we ensure that third parties only have access to the personal data necessary for the performance of individual tasks.

More recipients

In addition, we may transfer your data to other recipients, such as public authorities for the fulfilment of legal notification obligations such as social insurance carriers, tax authorities or law enforcement authorities.

Very important: Under no circumstances does UNION TANK Eckstein GmbH & Co KG sell your data to third parties.

Transmission of data to a third country

If we have your data processed by a service provider outside the EU/EEA area, it will only be processed if the third country has been confirmed an appropriate level of data protection by the EU Commission or if there are other appropriate data protection guarantees.

3. Duration of storage

Your data will be deleted as soon as they are no longer required for processing the above-mentioned purposes. Among other things, your data may be stored for the period during which claims can be asserted against our company (statutory limitation period - 3 years). In addition, we store your data if we are legally obliged to do so. These obligations are derived, among other things, from the HGB and the AO.

1. Purpose(s) of processing

In the context of the conclusion of a supplier contract or during pre-contractual negotiations with UNION TANK Eckstein GmbH & Co KG, we process your data to establish and implement the business relationship. The personal data processed here includes master data (e.g. company name incl. company name, address, data on geo localisation), contact person data (e-mail address, telephone/mobile phone number), as well as all data that we require from you for billing purposes (e.g. VAT ID, bank data) within the scope of the contractual relationship.

The conclusion or execution of the contractual relationship is not possible without the processing of your personal data.

To ensure data quality

Use of the e-mail address of contact persons provided by you to ensure an appropriate data quality.

All processing of your personal data in the above-mentioned processing procedures for pre-contractual or contractual purposes is based on Art. 6 Para. 1 b of the GDPR.

The transparent presentation of benefit payments and places of purchase compared to the Customers of UNION TANK Eckstein GmbH & Co. KG

Customer settlement documents (line item verification) or digital data output

The publication of data in electronic and analogue acceptance point overviews

Station Finder, UTA App, Petrol Station Directory.

For information of customers, business partners, service providers of UNION TANK Eckstein GmbH & Co. KG.

Overview of acceptance partners/locations or UTA acceptances.

Measures for business management and further development of the business relationship

Monitoring and controlling the acceptance partner relationship

2. Legal basis of processing

For the fulfilment of contractual obligations (Art. 6 para. 1 lit b GDPR).

For the fulfilment of legal obligations in connection with Art. 6 para. 1 lit. c GDPR

In addition, we may transfer your data to other recipients, such as public authorities for the fulfilment of legal notification obligations such as social insurance carriers, tax authorities or law enforcement authorities.

3. Processing on a legitimate interest of UTA

Due to a justified interest of UNION TANK Eckstein GmbH & Co KG (Art.6 para. 1 lit. f GDPR).

We also process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us and third parties. These processing operations are carried out on the basis of Art. 6 para. 1 lit. f GDPR.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR. Please find in section 4 of this statement a description how to exercise your rights.

4. Recipients of the personal data

Within the company, all departments that need access to your data in order to fulfil our contractual and legal obligations are granted access to it.

Contractual service providers and vicarious agents may also come into contact with your data. These partners are contractually bound to our compliance with data protection instructions within the scope of order processing and support UNION TANK Eckstein GmbH & Co KG in the implementation of the business relationship with you.

Among other things, we use contract processors for the services: Support/maintenance/development of IT applications, data destruction and disposal, website hosting, website design, building security, sign suppliers.

In special constellations we process your personal data together with cooperation partners. Each party processes your data exclusively for a specific purpose and within the framework of shared responsibility. This contract construct is available in the context of:

• distribution partnerships
• Activities with internal group companies or affiliated companies
• billing services
   

Third party service providers

Within the scope of fulfilling contractual obligations, we make use of external service providers in some cases.

In all the cases mentioned above, we ensure that third parties only have access to the personal data necessary for the performance of individual tasks.

More recipients

Customers receive your location data as information regarding the possible use of acceptance media.

Under no circumstances will UTA sell or pass on your personal data to other third parties, unless there is a legal obligation to do so, or you have separately consented to this.

5. Transfers to third countries

If we have your data processed by a service provider outside the EU/EEA area, it will only be processed if the third country has been confirmed an appropriate level of data protection by the EU Commission or if there are other appropriate data protection guarantees.

6. Storage duration

Your data will be deleted as soon as they are no longer required for processing the above-mentioned purposes. Among other things, your data may be stored for the period during which claims can be asserted against our company (statutory limitation period - 3 years). In addition, we store your data if we are legally obliged to do so. These obligations are derived, among other things, from the HGB and the AO.