1
/
13
Privacy
Policy
for
the
Hydrema
Telematics
DataPortal
and
 
App
I.
Name
and
address
of
the
responsible
party
The
responsible
party,
pursuant
to
the
General
Data
Protection
Regulations
and
various
national
data
protection
provisions
of
the
member
states
of
the
European
Union
and
other
legal
data
privacy
policies,
is:
A/S
HYDREMA
DISTRIBUTION
Gammel
Kirkevej
16
9530
Støvring
Danmark
Phone
:
+45
98
37
13
33
Email:
 
hydrema@hydrema.com
Website:
 
https://www.hydrema.com
Name
and
address
of
the
enforcing
data
controller
For
your
issues
and
questions
regarding
data
protection
laws
as
well
as
for
the
assertion
of
your
rights
as
the
data
subject
please
contact
our
data
controller
using
the
e-mail
address:
 
Privacy.telematics@hydrema.com
II.
Data
processing
in
general
1.
Scope
of
personal
data
processing
We
collect
and
process
our
user's
(data
subjects)
personal
information
(data)
solely
to
the
extent
necessary
to
maintain
an
operational
DataPortal
for
providing
our
products
and
services.
A
data
subjects'
consent
is
routinely
required
prior
to
collecting
and
processing
personal
information.
An
exception
applies
in
circumstances
where
it
is
not
possible
to
obtain
prior
consent
due
to
genuine
reasons
and
the
processing
of
data
is
permitted
by
law.
2.
Legal
basis
for
the
processing
of
personal
data
Once
a
data
subjects'
consent
for
processing
personal
data
has
been
obtained,
Article
6,
Section
1
(a)
of
the
EU
General
Data
Protection
Regulation
(GDPR)
serves
as
the
legal
regulation
for
processing
personal
data.
When
processing
personal
data,
required
for
the
performance
of
a
contract
whose
party
to
the
agreement
is
the
data
subject,
Article
6,
Section
1
(b)
of
the
GDPR
shall
apply.
Such
shall
also
apply
to
processing
activities
involving
the
performance
of
pre-contractual
measures.
To
the
extent
personal
data
processing
becomes
necessary
to
fulfil
a
legal
obligation
to
which
our
company
is
subject,
Article
6,
Section
1
(c)
of
the
GDPR
shall
apply.
In
the
event
crucial
concerns
regarding
the
interests
of
the
data
subject
or
another
natural
individual
require
the
processing
of
personal
data,
Article
6,
Section
1
(d)
of
the
GDPR
shall
apply.
Should
the
processing
be
necessary
to
safeguard
legitimate
interests
of
our
company
or
of
a
third
party
and
should
the
interests,
fundamental
rights
and
freedom
of
the
data
subject
not
outweigh
the
interests
of
our
company,
Article
6,
Section
1
(f)
of
the
GDPR
shall
apply
to
the
processing.
2
/
13
3.
Deleting
data
and
data
retention
Personal
information
regarding
the
data
subject
will
be
deleted
or
blocked
once
the
purpose
for
storing
no
longer
applies.
Furthermore,
data
may
be
stored
if
such
storage
has
been
stipulated
by
the
European
or
national
legislature
in
EU
regulations,
laws
or
other
provisions
under
which
the
responsible
party
is
bound.
Data
shall
also
be
blocked
or
deleted
in
the
event
a
storage
period,
as
stipulated
in
the
aforementioned
provisions,
expires,
unless
a
need
for
extended
storage
of
data
arises,
i.e.,
in
order
to
conclude
a
contract
or
meet
contractual
obligations.
III.
Proemion,
Provider
of
the
DataPortal
The
DataPortal
is
provided
as
Software
as
a
Service
(SaaS).
The
provider
is
Proemion
GmbH,
Donaustraße
14,
36043
Fulda.
The
DataPortal
is
a
service
that
can
be
used
to
process
telematics
data.
The
data
entered/transmitted
by
you
for
the
purpose
of
processing
will
be
stored
on
Proemion's
servers.
Possible
data
categories
are:
Company
data
vehicle
or
machine
information
GPS
data
user
profile
data
CU
data.
1.
Legal
basis
The
processing
of
data
is
based
on
a
contract
according
to
Article
6,
Section
1
(b)
of
the
GDPR.
Furthermore,
data
is
processed
on
the
basis
of
the
legitimate
interest
in
ensuring
the
security
and
integrity
of
the
system
pursuant
to
Article
6,
Section
1
(f)
of
the
GDPR.
If
a
corresponding
consent
was
requested
for
the
further
processing
of
additional
voluntary
data,
the
processing
of
this
data
is
based
on
Article
6,
Section
1
(a)
of
the
GDPR.
2.
Data
Retention
The
data
shall
be
deleted
once
these
are
no
longer
required
for
their
intended
purpose.
This
is
the
case
for
data
in
the
DataPortal
for
the
fulfilment
of
a
contract
or
for
the
implementation
of
pre-contractual
measures
when
the
data
is
no
longer
required
for
the
implementation
of
the
contract.
Even
after
the
conclusion
of
the
contract,
it
may
be
necessary
to
store
personal
data
of
the
contractual
partner
in
order
to
fulfil
contractual
or
legal
obligations.
3.
Data
Privacy
Agreement
Data
Privacy
Agreement
We
have
concluded
a
Data
Privacy
Agreement
with
Proemion
GmbH
in
which
we
oblige
Proemion
GmbH
(processor)
to
protect
our
customers'
data
and
not
to
pass
it
on
to
third
parties.
3
/
13
IV.
Providing
the
DataPortal
and
creating
log
files
1.
Description
and
scope
of
data
processing
Whenever
our
DataPortal
Login
page
is
accessed,
our
system
automatically
collects
data
and
information
from
the
computer
system
of
the
visiting
party.
The
following
data
is
collected:
Information
regarding
the
browser
type
and
current
browser
version
The
user's
operating
system
The
user's
internet
service
provider
The
user's
IP
address
Access
date
and
time
Websites
from
which
the
user's
computer
system
accesses
our
website
Websites
which
are
accessed
by
the
user's
computer
system
via
our
website
Username
Information
about
the
operations
(and
their
parameters)
performed
by
the
user
The
data
is
also
stored
in
the
log
files
of
our
computer
system.
This
data
is
not
stored
together
with
other
personal
user
data.
2.
Data
processing
compliance
The
legal
basis
for
the
temporary
storage
of
data
and
log
files
is
Article
6,
Section
1(f)
of
the
GDPR.
3.
Purpose
of
data
processing
The
temporary
storage
of
the
IP
address
by
the
computer
system
is
necessary
to
enable
the
DataPortal
to
be
transmitted
to
the
user's
computer.
For
this
purpose,
the
user's
IP
address
must
remain
stored
for
the
duration
of
the
session.
The
storage
in
log
files
is
necessary
to
ensure
DataPortal
operation.
We
also
use
the
data
to
optimize
the
DataPortal
and
to
ensure
the
security
of
our
information
technology
systems.
An
evaluation
of
the
data
for
marketing
purposes
is
not
performed
in
this
context.
These
objectives
also
include
our
legitimate
interest
in
data
processing
in
accordance
with
Article
6,
Section1
(f)
of
the
GDPR.
4.
Data
Retention
The
data
shall
be
deleted
once
these
are
no
longer
required
for
their
intended
purpose.
When
a
collection
of
data
occurs
for
the
purpose
of
providing
the
DataPortal,
ending
the
respective
session
results
in
such
data
being
deleted.
In
case
of
storage
of
data
in
application
logs,
we
delete
it
after
40
days
at
the
latest.
In
case
of
storage
of
data
in
access
logs,
we
delete
it
after
60
days
at
the
latest.
Additional
data
backup
is
available.
In
this
event,
the
personal
information
of
the
users
will
be
deleted
or
altered,
making
it
impossible
to
identify
the
contacting
client.
4
/
13
5.
Options
regarding
objections
and
deletion
The
collection
of
data
required
for
the
availability
of
the
DataPortal
and
the
storage
of
the
data
in
log
files
is
mandatory
for
the
operation
of
the
DataPortal.
Therefore,
the
user
does
not
have
the
option
to
reject
the
collection
of
relevant
data.
V.
Cookie
policy
1.
Description
and
scope
of
data
processing
Our
DataPortal
uses
cookies.
Cookies
are
small
data
files
that
are
stored
on
your
computer
or
other
device
when
you
visit
a
website.
Once
a
user
visits
the
DataPortal,
a
cookie
may
be
stored
on
the
user's
operating
system.
This
cookie
contains
a
characteristic
string
of
characters
which
uniquely
identifies
the
browser
on
subsequent
visits
to
the
DataPortal
.
We
use
cookies
to
improve
our
DataPortal
and
enhance
user
experience.
Several
of
our
DataPortal
features
require
visitor
browser
identification
with
each
new
page
to
navigate
around
our
DataPortal
.
We
require
cookies
and
local
browser
storage
for
the
following
applications:
Log
-in
information
Language
settings
Track
your
searches
User
preferences
Theming
Timezone
Last
visited
page
on
DataPortal
2.
Legal
regulations
regarding
data
privacy
Article
6,
Section
1
(f)
of
the
GDPR
regulates
the
processing
of
personal
data
regarding
cookies.
3.
Purpose
of
processing
data
The
purpose
of
using
technicallly
essential
cookies
is
to
simplify
your
visit
to
our
DataPortal.
Several
features
of
our
DataPortal
require
the
use
of
cookies.
It
is
essential
that
the
browser
is
recognized
even
in
the
event
of
navigating
to
a
new
page.
User
data
collected
for
technically
essential
cookies
are
not
used
to
create
user
profiles.
These
intentions
serve
as
our
legitimate
interest
for
the
processing
of
personal
data
in
accordance
with
Article
6,
Section
1(f)
of
the
GDPR.
4.
Data
Retention,
restricting
and
deleting
cookies
Cookies
are
stored
on
the
user's
computer
and
transmitted
to
our
DataPortal.
Therefore,
you
as
a
user
have
full
control
regarding
the
use
of
cookies.
By
changing
the
settings
in
your
internet
browser,
you
can
deactivate
or
limit
the
placement
of
cookies.
Previously
stored
cookies
can
be
deleted
at
any
time.
This
can
also
be
performed
automatically.
In
the
event
cookies
are
deactivated
for
our
DataPortal,
this
may
result
that
not
all
features
of
our
DataPortal
can
be
used
to
their
full
extent.
5
/
13
VI.
Register/Login
DataPortal
1.
Description
and
scope
of
data
processing
On
the
DataPortal
it
is
possible
to
log
in
by
entering
a
user
name
and
a
password.
The
registration
and
creation
of
the
user
data
is
carried
out
centrally
by
an
admin.
The
following
data
is
usually
stored
by
you
during
registration:
Name
First
name
Email
(=
username)
Password
Organization
Language
DataPortal
permissions
An
activity
log
is
created
for
logged-in
users.
2.
Data
privacy
compliance
The
legal
basis
for
processing
the
data
is
the
fulfilment
of
a
contract
(or
pre-contractual
measures)
pursuant
to
Art.
6
(1)
lit.
b
GDPR.
The
legal
basis
for
storing
additional
data,
such
as
activity
logging,
is
also
based
on
the
legitimate
interest
in
ensuring
the
integrity
of
the
DataPortal
pursuant
to
Art.
6
(1)
lit.
f
GDPR.
The
legal
basis
for
the
processing
of
additional
voluntary
data,
if
the
user
has
given
consent,
is
Art.
6
(1)
lit.
a
GDPR.
3.
Purpose
of
data
processing
Registration
of
the
user
is
necessary
for
the
fulfilment
of
a
contract
with
the
user
or
for
the
implementation
of
pre-
contractual
measures.
The
login
is
necessary
to
ensure
secure
access
to
the
data
in
the
DataPortal.
Furthermore,
the
user-specific
login
assigns
the
user
rights
within
the
DataPortal
and
allows
user
settings
to
be
saved.
4.
Data
Retention
The
data
shall
be
deleted
once
these
are
no
longer
required
for
their
intended
purpose.
This
is
the
case
for
the
data
stored
during
the
registration
process
for
the
fulfilment
of
a
contract
or
for
the
implementation
of
pre-contractual
measures
if
the
data
is
no
longer
required
for
the
implementation
of
the
contract.
Even
after
the
conclusion
of
the
contract,
there
may
be
a
need
to
store
personal
data
of
the
contractual
partner
in
order
to
fulfil
contractual
or
legal
obligations.
5.
Options
regarding
objections
and
deletion
You
can
have
the
data
stored
about
you
changed
at
any
time.
As
a
user,
you
have
the
option
to
cancel
your
registration
at
any
time.
However,
please
note
that
in
this
case,
the
telematics
services
may
no
longer
be
fully
usable.
The
end
user
must
send
a
request
to
delete
the
account
or
change
data
to
the
OEM.
The
OEM
will
forward
the
requests
for
deletion
or
data
modification
to
Proemion
Technical
Support,
by
phone
or
via
the
support
form
posted
on
Proemion's
homepage.
If
the
data
is
required
for
the
fulfilment
of
a
contract
or
for
the
implementation
of
pre-
contractual
measures,
early
deletion
of
the
data
is
only
possible
insofar
as
contractual
or
legal
obligations
do
not
prevent
deletion.
6
/
13
VII.
Register/Login
Mobile
App
The
following
personal
data
is
automatically
transferred
to
or
collected
by
Hydrema
when
logging
into
or
using
the
Mobile
Apps:
Email
(=
username)
Password
Date
and
time
of
the
request
Access
status
/
HTTP
status
code
If
you
download,
access,
or
use
our
Apps,
we
may
receive
and
store
certain
information
about
your
mobile
device(s)
automatically
using
automatic
data
collection
technologies.
The
information
about
your
mobile
device
is
not
stored
with
your
personal
data.
There
is
no
direct
association
between
the
information
about
your
mobile
device(s)
and
your
personal
data.
Upon
Mobile
App
activation,
we
automatically
gain
access
to
the
following
authorizations
via
the
user's
mobile
device
operating
system:
1.
Internets
access
Required
for
downloading
map
data.
The
map
constitutes
an
elementary
component
of
the
App.
Machines
are
displayed
on
a
map
indicating
their
latest
logged
position.
For
this
purpose,
sections
of
the
map
(parts
of
the
entire
world
map)
in
which
the
machines
are
located,
or
which
are
explicitly
retrieved
by
the
user
by
zooming
into
the
map,
are
downloaded.
Internet
access
is
also
required
for
bilateral
Hydrema
Data-Platform
communication.
Machine
data
is
stored
directly
onto
the
Hydrema
Data-Platform.
The
App
processes
this
data
to
make
it
available
to
the
user.
Access
is
granted
upon
successful
login
via
a
secure
interface.
2.
Network
status
information
These
are
retrieved
to
detect
whether
or
not
an
Internet
connection
can
be
established.
Network
status
information
is
also
required
to
ensure
App
stability
and
to
inform
the
user
in
the
event
of
connection
issues
to,
thus,
enable
the
user
to
independently
initiate
troubleshooting
measures
in
a
timely
manner.
3.
Alternative
option
upon
special
request:
'Biometric
information
Used
to
simplify
the
login
process.
The
user
can
opt
to
log-in
via
fingerprint
as
an
alternative
to
username
and
password.
Fingerprints
are
not
stored
by
the
App,
only
by
the
operating
system.
Through
this
authorization
the
App
acquires
permission
to
compare
the
fingerprint
with
the
fingerprint
stored
in
the
operating
system
and
thus
confirms
the
identity
in
the
event
of
a
positive
match.
4.
Local
storage
Certain
information
may
be
stored
locally
on
your
mobile
device
while
you
use
our
Apps
and
their
respective
features.
The
scope
of
locally
stored
information
varies
by
App.
While
Hydrema
does
not
transmit
information
stored
locally,
please
be
aware
that
any
information
stored
on
your
mobile
device
may
leave
your
mobile
device
through
automatic
backup
processes,
manual
download
from
your
mobile
device,
and
through
other
means
outside
of
Hydrema’s
control
.
7
/
13
VIII.
Rights
of
the
data
subject
In
the
event
your
personal
data
is
processed
by
us,
you
are
a
data
subject
as
defined
under
the
GDPR
and
you
are
entitled
to
the
following
rights
towards
the
responsible
party:
1.
The
right
to
access
of
information
You
may
request
confirmation
from
the
responsible
party
regarding
whether
personal
data
on
your
behalf
is
being
processed
by
him
.
In
the
event
of
such
processing,
you
may
request
the
following
information
from
the
responsible
party:
the
purpose
for
which
the
personal
data
are
being
processed;
the
categories
of
personally
identifying
information
being
processed;
the
recipients
or
categories
of
recipients
to
whom
the
personal
data
regarding
oneself
has
been
or
will
be
disclosed;
the
intended
duration
of
personal
data
storage
regarding
oneself
or,
in
the
event
specific
details
are
not
possible,
criteria
for
determining
the
retention
period;
the
right
to
exercise
the
rectification
or
erasure
of
personal
data
regarding
oneself,
a
right
to
limit
processing
by
the
responsible
party
and
a
right
to
object
to
such
processing;
the
right
of
appeal
with
a
supervisory
authority;
all
available
information
regarding
origin
of
the
data,
in
the
event
the
personally
identifiable
data
was
not
collected
from
the
data
subject;
the
existence
of
an
automated
data
processor,
including
profiling,
in
accordance
with
Article
22,
Section
1
and
4
of
the
GDPR
and,
at
least
in
these
events,
conclusive
information
regarding
the
logic
involved
as
well
as
the
scope
and
intended
consequences
of
such
processing
for
the
data
subject.
You
have
the
right
to
request
information
pertaining
to
whether
personal
data
concerning
you
is
being
disclosed
to
a
third
country
or
to
an
international
organization.
In
this
context,
you
may
request
to
be
informed
of
the
appropriate
safeguards
pursuant
to
Article
46
of
the
GDPR
as
it
relates
to
the
disclosure
of
information.
2.
The
right
to
rectification
You
have
a
right
to
rectification
and/or
completion
by
the
responsible
party
in
the
event
of
inaccurate
or
incomplete
processing
of
your
personal
data.
The
party
responsible
is
required
to
correct
the
data
without
delay.
8
/
13
3.
The
right
to
restrict
processing
You
may
request
the
restriction
of
personal
data
processing
regarding
yourself,
under
the
following
circumstances:
when
you
deny
the
accuracy
of
your
personally
identifying
data
for
a
time
period
in
which
the
responsible
party
is
able
to
verify
the
accuracy
of
the
personal
data;
processing
proves
to
be
unlawful
and
you
object
to
the
removal
of
the
personal
data
and
request
instead
the
restriction
of
personal
data
processing;
the
responsible
party
no
longer
requires
the
personal
data
for
the
purpose
of
processing,
but
you
need
them
for
the
establishment,
exercise
or
defence
of
legal
claims,
or
in
the
event
you
have
objected
to
the
processing
pursuant
to
Article
21,
Section
1
of
the
GDPR
and
it
has
not
yet
been
determined
whether
the
legitimate
grounds
of
the
responsible
party
override
your
interests.
In
the
event
the
processing
of
your
personal
data
has
been
restricted,
such
data
may,
with
the
exception
of
being
stored,
be
processed
only
with
your
consent
or
for
the
establishment,
exercise
or
defence
of
legal
claims
or
for
the
protection
of
the
rights
of
another
natural
or
legal
individual
or
for
reasons
of
substantial
public
interest
of
the
European
Union
or
a
member
state.
In
the
event
a
limitation
of
the
processing
restriction
has
been
imposed
in
accordance
with
the
above
circumstances,
you
will
be
informed
by
the
responsible
party
before
the
restriction
is
lifted.
4.
The
right
to
request
deletion
a)
Obligation
to
delete
You
may
request
the
responsible
party
to
delete
your
personal
data
without
unreasonable
delay,
and
the
responsible
party
is
obligated
to
delete
such
data
without
unreasonable
delay
in
the
event
one
of
the
following
reasons
apply:
Your
personal
data
is
no
longer
necessary
for
the
purpose
for
which
they
were
collected
or
otherwise
processed.
You
revoke
your
consent
for
which
the
processing
was
based
pursuant
to
Article
6,
Section
1
(a)
or
Article
9,
Section
2(a)
of
the
GDPR
and
there
remains
no
other
legal
basis
for
the
processing
of
data.
You
object
to
the
processing
pursuant
to
Article
21,
Section
1
of
the
GDPR
and
there
remain
no
overriding
legitimate
grounds
for
the
processing,
or
you
object
to
the
processing
pursuant
to
Article
21,
Section
2
of
the
GDPR.
The
personal
data
regarding
your
information
have
been
processed
unlawfully.
The
removal
of
the
personal
data
concerning
you
is
required
for
compliance
with
a
legal
obligation
under
European
Union
or
member
state
law
to
which
the
responsible
party
is
subject.
Your
personal
data
has
been
collected
in
connection
with
a
Society
Information
Services
offer
pursuant
to
Article
8,
Section
1
of
the
GDPR.
Information
provided
to
third
parties
In
the
event
the
responsible
party
has
made
your
personal
data
public
and
is
required
to
delete
it
pursuant
to
Article
17,
Section
1
of
the
GDPR,
the
responsible
party
shall
take
reasonable
steps,
including
technical
measures,
with
regard
to
available
technology
and
the
cost
of
implementation,
to
inform
those
data
controllers
which
process
the
personal
data
that
you,
as
the
data
subject,
have
requested
that
they
erase
all
links
to
or
copies
or
replications
of
such
personal
data.
9
/
13
b)
Exceptions
The
right
to
deletion
does
not
exist
insofar
as
the
processing
is
required
to
exercise
the
right
to
freedom
of
expression
and
information;
to
comply
with
a
legal
obligation
which
requires
processing
under
European
Union
or
Member
State
law
to
which
the
responsible
party
is
subject,
or
for
the
performance
of
a
task
carried
out
in
the
interest
of
the
public
or
in
the
exercise
of
official
authority
vested
in
the
responsible
party;
for
reasons
of
public
interest
in
the
scope
of
public
health
in
accordance
with
Article
9,
Section
2(h)
and
(i)
and
Article
9,
Section
3
of
the
GDPR;
For
archival
purposes
in
the
public
interest,
scientific
or
historical
research
purposes,
or
statistical
purposes
pursuant
to
Article
89,
Section
1
of
the
GDPR,
insofar
as
the
right
referred
to
in
Part
(a)
is
likely
to
render
impossible
or
seriously
prejudice
the
achievement
of
the
purposes
of
such
processing,
or
for
the
enforcement,
exercise
or
defence
of
legal
claims.
5.
The
right
to
be
informed
In
the
event
you
have
exercised
the
right
to
rectification,
deletion
or
restriction
of
processing
towards
the
responsible
party,
the
responsible
party
is
obligated
to
communicate
this
rectification
or
deletion
of
data
to
all
recipients
to
whom
the
personal
data
in
your
regards
have
been
disclosed,
unless
this
proves
impossible
or
involves
a
disproportionate
effort.
You
have
the
right
to
be
informed
in
regards
to
these
recipients
by
the
responsible
party.
6.
The
right
to
transferable
data
You
have
the
right
to
receive
the
personal
data
which
you
have
provided
to
the
responsible
party
in
a
structured,
common
and
machine-readable
format.
In
addition,
you
have
the
right
to
transmit
this
data
to
another
responsible
party
without
hindrance
from
the
responsible
party
to
whom
the
personal
data
was
supplied,
provided
that
the
processing
is
based
on
consent
pursuant
to
Article
6,
Section
1(a)
of
the
GDPR
or
Article
9,
Section
(a)
of
the
GDPR
or
on
a
contract
drawn
pursuant
to
Article
6,
Section
1
(b)
of
the
GDPR
and
the
processing
is
carried
out
with
the
help
of
automated
procedures.
In
exercising
this
right,
you
also
have
the
right
to
obtain
those
personal
data
concerning
you,
which
get
transferred
directly
from
one
responsible
party
to
another
responsible
party,
insofar
as
this
is
technically
feasible.
Freedom
and
rights
of
other
individuals
must
not
be
affected
by
this.
The
right
to
data
portability
does
not
apply
to
processing
of
personal
data
required
for
the
performance
of
a
task
carried
out
in
the
public
interest
or
in
the
exercise
of
official
authority
vested
in
the
responsible
party.
10
/
13
7.
Right
to
object
You
have
the
right
to
object
at
any
time,
on
grounds
relating
to
your
particular
situation,
to
the
processing
of
personal
data
relating
to
you
which
is
carried
out
on
the
basis
of
Article
6,
Section
1(e)
or
(f)
of
the
GDPR;
this
also
applies
to
profiling
based
on
these
provisions.
The
responsible
party
shall
no
longer
process
the
personal
data
concerning
you
unless
it
can
demonstrate
compelling
legitimate
grounds
regarding
the
processing
which
override
your
interests,
rights
and
freedom,
or
for
the
establishment,
exercise
or
defence
of
legal
claims.
You
have
the
option,
in
regard
to
the
use
of
Information
Society
Services,
irrespective
of
Directive
2002/58/EC,
to
exercise
your
right
to
object
by
means
of
automated
procedures
using
technical
specifications.
8.
Right
to
revoke
ones'
consent
to
the
privacy
policy
You
have
the
right
to
revoke
your
consent
under
data
protection
law
at
any
time.
The
revocation
of
consent
does
not
affect
the
lawfulness
of
the
processing
carried
out
on
the
basis
of
the
consent
until
it
is
revoked.
You
may
send
the
revocation
either
by
mail,
email
or
fax
to
the
responsible
party.
9.
Automated
decision
regarding
individual
cases,
including
profiling
You
have
the
right
not
to
be
subject
to
a
decision
based
solely
on
automated
processing
-
including
profiling
-
which
poses
legal
ramifications
for
you
or
any
similarly
significant
manner
of
impact
on
you.
This
does
not
apply
in
the
event
the
decision
is
required
for
the
conclusion
or
performance
of
a
contract
between
you
and
the
responsible
party,
is
permitted
by
legislation
of
the
European
Union
or
the
Member
States
to
which
the
responsible
party
is
subject
and
that
legislation
maintains
appropriate
measures
to
safeguard
your
rights
and
freedom
and
your
legitimate
interests,
or
is
done
with
your
express
consent.
However,
these
decisions
may
not
be
based
on
specific
categories
of
personal
data
pursuant
to
Article
9,
Section
1
of
the
GDPR,
unless
Article
9,
Section
2(a)
or
(g)
of
the
GDPR
applies
and
appropriate
measures
have
been
taken
to
protect
the
rights
and
freedom
and
your
legitimate
interests.
With
regard
to
the
cases
referred
to
in
(1)
and
(3),
the
responsible
party
shall
take
reasonable
steps
to
safeguard
the
rights
and
freedom
of,
and
the
legitimate
interests
of
the
data
subject,
which
shall
include,
at
least,
the
right
to
obtain
the
intervention
of
an
individual
on
the
part
of
the
responsible
party,
to
express
his
or
her
point
of
view
and
to
challenge
the
decision.
10.
Right
to
file
a
complaint
with
a
regulatory
authority
Without
affecting
any
other
administrative
or
judicial
remedy,
you
have
the
right
to
file
a
complaint
with
a
supervisory
authority,
in
particular
in
the
Member
State
of
your
residence,
place
of
work
or
the
place
of
the
alleged
infringement,
in
the
event
you
consider
the
processing
of
personal
data
relating
to
you
infringes
the
GDPR.
The
supervisory
authority
to
which
the
complaint
has
been
submitted
shall
inform
the
plaintiff
of
the
status
and
outcome
of
the
filed
complaint,
including
the
option
of
a
judicial
appeal
pursuant
to
Article
78
of
the
GDPR.
11
/
13
IX.
SSL
encryption
This
site
uses
SSL
encryption
for
security
purposes
and
to
protect
the
disclosure
of
confidential
content,
such
as
the
inquiries
you
send
to
us
as
site
operator.
You
will
recognize
an
encrypted
connection
by
the
fact
that
the
browser
address
bar
changes
from
"http://"
to
"https://"
and
by
the
lock
symbol
in
your
browser
tool
bar.
In
the
event
SSL
encryption
is
activated,
the
data
you
disclose
to
us
cannot
be
read
by
third
parties.
X.
Amazon
Web
Services
The
DataPortal
implements
Amazon
Web
Services
for
provision
of
cloud
computing
and
the
routing
of
data.
Provider
is
Amazon
Web
Services,
Inc.,
410
Terry
Avenue
North,
Seattle
WA
98109,
United
States.
Hereinafter
referred
to
as
„Amazon
Web
Services“.
Amazon
Web
Services
is
a
service
that
can
be
used
for
a
wide
range
of
cloud
computing
purposes.
The
data
you
create/transmit
for
the
purpose
of
cloud
computing
and
the
routing
of
data
is
stored
on
the
servers
of
Amazon
Web
Services.
For
more
information
about
the
features
of
Amazon
Web
Services
please
visit:
 
https://aws.amazon.com/de/
11.
Legal
basis
Article
6,
Section
1(f)
of
the
GDPR
regulates
the
processing
of
the
data.
The
DataPortal
operator
has
a
legitimate
interest
in
keeping
configuration
of
the
DataPortal
available,
as
it
is
part
of
the
core
functionality,
as
well
as
in
keeping
off-site
backups
of
telematics
data
for
troubleshooting.
If
a
corresponding
consent
was
requested
for
the
further
processing
of
additional
voluntary
data,
the
processing
of
this
data
is
based
on
Article
6,
Section
1
(a)
of
the
GDPR.
You
may
revoke
your
consent
at
any
time.
The
lawfulness
of
the
data
processing
operations
already
carried
out
remains
unaffected
by
the
revocation.
12.
Data
retention
The
data
that
you
have
deposited
with
us
for
Amazon
Web
Services
will
be
stored
for
up
to
60
days
after
the
deletion
request
has
been
processed
and
then
deleted.
You
can
find
more
details
in
the
Amazon
Web
Services
data
protection
regulations
at
:
 
https://aws.amazon.com/de/privacy/
13.
Data
Privacy
Agreement
The
provider
of
the
DataPortal
has
concluded
a
Data
Privacy
Agreement
with
Amazon
Web
Services
in
which
he
obliges
Amazon
Web
Services
to
protect
the
customers'
data
and
not
to
pass
it
on
to
third
parties.
XI.
Google
Maps
The
DataPortal
implements
Google
Cloud
Services
for
maps
and
other
location-related
services.
Provider
is
Google
Ireland
Limited
(„Google“),
Gordon
House,
Barrow
Street,
Dublin
4,
Ireland
(hereinafter
referred
to
as
„Google“).
Google
Cloud
Services
is
a
service
that
provides
maps
and
for
a
wide
range
of
cloud
computing
purposes.
The
data
you
create/transmit
for
the
purpose
of
use
is
stored
on
the
servers
Google.
For
more
information
about
the
features
of
Google
please
visit:
 
https://cloud.google.com/
12
/
13
1.
Legal
basis
Article
6,
Section
1(f)
of
the
GDPR
regulates
the
processing
of
the
data.
The
DataPortal
operator
has
a
legitimate
interest
in
displaying
location
data
on
maps
and
using
other
location
services
like
reverse
geo-coding,
timezones,
etc.
If
a
corresponding
consent
was
requested
for
the
further
processing
of
additional
voluntary
data,
the
processing
of
this
data
is
based
on
Article
6,
Section
1
(a)
of
the
GDPR.
You
may
revoke
your
consent
at
any
time.
The
lawfulness
of
the
data
processing
operations
already
carried
out
remains
unaffected
by
the
revocation.
You
can
find
more
details
in
the
Google
data
protection
regulations
at
:
https://policies.google.com/privacy?hl=de
 
.
2.
Data
Privacy
Agreement
The
provider
of
the
DataPortal
has
concluded
a
Data
Privacy
Agreement
with
Google
in
which
he
obliges
Google
to
protect
the
customers'
data
and
not
to
pass
it
on
to
third
parties.
XII.
Mapbox
The
DataPortal
implements
Mapbox
for
maps
and
other
location-related
services.
Provider
is
Mapbox,
Inc.
740
15th
Street
NW,
5thFloor,
Washington
DC
20005
(hereinafter
referred
to
as
„Mapbox“).
Mapbox
is
a
service
that
provides
maps
and
other
location-related
data.
The
data
you
create/transmit
for
the
purpose
of
displaying
maps
and
other
location-related
data
is
stored
on
the
servers
of
Mapbox.
For
more
information
about
the
features
of
Mapbox
please
visit:
 
https://www.mapbox.com/
1.
Legal
basis
Article
6,
Section
1(f)
of
the
GDPR
regulates
the
processing
of
the
data.
The
DataPortal
operator
has
a
legitimate
interest
in
displaying
location
data
on
maps
and
using
other
location
services
like
reverse
geo-coding,
timezones,
etc.
If
a
corresponding
consent
was
requested
for
the
further
processing
of
additional
voluntary
data,
the
processing
of
this
data
is
based
on
Article
6,
Section
1(a)
of
the
GDPR.
You
may
revoke
your
consent
at
any
time.
The
lawfulness
of
the
data
processing
operations
already
carried
out
remains
unaffected
by
the
revocation.
You
can
find
more
details
in
the
Mapbox
data
protection
regulations
at
:
 
https://www.mapbox.com/legal/privacy
2.
Data
Privacy
Agreement
The
provider
of
the
DataPortal
has
concluded
a
Data
Privacy
Agreement
with
Mapbox
in
which
he
obliges
Mapbox
to
protect
the
customers'
data
and
not
to
pass
it
on
to
third
parties.
XIII.
Sentry
The
DataPortal
implements
Sentry
for
reporting
faults
from
the
browser
running
DataPortal
for
further
analysis
and
fixing.
Provider
is
Functional
Software,
Inc.
dba
Sentry,
45
Fremont
Street,
8th
Floor
San
Francisco,
CA
94105
(hereinafter
referred
to
as
„Sentry“).
Sentry
is
a
service
that
can
be
used
to
collect
fault
information
from
browser-
based
applications.
The
data
you
create/transmit
for
the
purpose
of
using
the
DataPortal
is
stored
on
the
servers
of
Sentry.
For
more
information
about
the
features
of
Sentry
please
visit:
 
https://sentry.io/welcome/
13
/
13
1.
Legal
basis
Article
6,
Section
1(f)
of
the
GDPR
regulates
the
processing
of
the
data.
The
DataPortal
operator
has
a
legitimate
interest
in
collecting
faults
from
DataPortal
to
enhance
the
user
experience.
If
a
corresponding
consent
was
requested
for
the
further
processing
of
additional
voluntary
data,
the
processing
of
this
data
is
based
on
Article
6,
Section
1(a)
of
the
GDPR.
You
may
revoke
your
consent
at
any
time.
The
lawfulness
of
the
data
processing
operations
already
carried
out
remains
unaffected
by
the
revocation.
2.
Data
retention
The
data
that
you
have
deposited
with
us
for
Sentry
will
be
stored
for
up
to
90
days
and
then
deleted.
You
can
find
more
details
in
the
Sentry
data
protection
regulations
at
:
 
https://sentry.io/privacy/
3.
Data
Privacy
Agreement
The
provider
of
the
DataPortal
has
concluded
a
Data
Privacy
Agreement
with
Sentry
in
which
he
obliges
Sentry
to
protect
the
customers'
data
and
not
to
pass
it
on
to
third
parties.
------------------------------------------------------------
Version
1.0
Støvring,
Denmark,
June.15.2021