-
What We DoWith our integrated fleet services, you get the entire fleet management and leasing market from a single source and can purchase, finance, manage and sell your fleet cost-effectively. And you only ever pay for what you actually use.Overview
-
ResourcesWe have a lot to share. Browse our resources library for current insights, data, strategies, and success stories from our own experts in their respective fields.Overview
-
About UsWhen Holman was founded in 1924, we set something positive in motion. Our consistent focus on people and our commitment to integrity make us who we are today.Overview
Join Our TeamWe’re not just in the automotive business, we’re in the people business. Join us for the ride.Browse Careers
Privacy Policy Holman Insights® App
Data Privacy information related to the use of the Holman Driver Insights® App
Holman GmbH, Liebknechtstraße 33, 70565 Stuttgart (hereinafter referred to as “Holman”), e-mail: [email protected], telephone: 0049 (0) 711-6676-0, Fax: 0049 (0)711-6676-17101, places great importance to the protection of personal data.
According to Article 4 No. 1 GDPR, personal data is all information that relates to an identified or identifiable natural person; An identifiable person is a natural person who, directly or indirectly, in particular by means of association with an identifier such as a name, an identification number, location data, an online identifier or with one or more specific characteristics, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified. For example, a name or e-mail address is considered personal.
Data processing by Holman
Holman makes the Holman Driver Insights® App (hereinafter also referred to as the “Mobile App”) available to its business customers through various app stores, as part of its mutual contractual relationship with such customers. The purpose is to support the fleet management of the customer companies.
Customers may only be enterprises within the meaning of § 14 German Civil Code, Holman does not provide the mobile app to consumers.
The business customers can make the mobile app available to their employees for use in the context of their employment contracts. The customer decides for itself whether or not, and if so, which personal data is collected and processed with the Mobile App. Holman has no discretion in this respect and processes the personal data provided only for the business purposes of the customer and with the means and functionalities of the mobile app that the customer itself selects and actually uses. Holman processes the personal data entered into the mobile app by the customer as processor of the customer in accordance with Article 28 GDPR.
Data protection information by the data controller within the meaning of Article 13 GDPR
The business customer responsible for data protection law must independently and completely inform the data subjects in accordance with Article 13 of the EU General Data Protection Regulation (GDPR), insofar and to the extent that this is necessary and has not already been done in any other way, e.g. In the context of employment relationships with its affected employees or in the context of other contractual relationships with other affected persons. Often, information about the privacy of the business customer can be found on their websites. The data protection information provided by the data processor Holman serves to enable the business customer responsible for data protection to fulfill its information obligations and to supplement its data protection information if necessary.
Name and contact details of the person responsible for the data processing (i.e. the controller)
The business customer is the data controller (i.e. the person responsible for the data protection is the business customer that uses the mobile app developed by Holman).
The data controller must also provide the data subjects with its name and contact details within the scope of his or her information obligations under Article 13 GDPR. This information is often found in the imprint on the websites of the business customer.
Contact details of the data protection officer of the data controller
If the data controller has appointed a company data protection officer, he can be contacted via the contact details of the data protection officer of the data controller. This information is often found in the privacy sections of the business customer’s web pages.
Contact details of the company data protection officer of the data processor Holman
Data protection requests can also be sent by e-mail to [email protected] to the data protection officer of the data processor Holman. They do not replace any requests made by data subjects to exercise their data subjects’ rights to the controller, provided that the controller is obliged to do so under the EU General Data Protection Regulation. Such requests must be made directly to the data controller. Notwithstanding this, Holman may forward such requests to the controller to the extent legally permissible and necessary without any commitment to a specific deadline for forwarding. In case of doubt, affected persons must contact the person responsible directly.
Purposes of data processing, legal basis, storage period
The processing of personal data collected when using the Driver Insights® Mobile App, takes place only in compliance with the applicable data protection regulations and to the required extent.
This Privacy Statement applies only to the use of data in the relationship between you and Holman.
The following explains what personal information is collected while using our Mobile App and how it is used.
A) Download the Mobile App from the Apple App Store
To use our Mobile App, you must download it from the Apple Inc., CA, USA App Store.
The Apple App Store is operated by Apple Inc. and companies cooperating with Apple Inc. There are separate Apple Inc. terms of use and privacy statements for use of the App Store, which the user may be required to accept. Holman is not responsible for, nor can Holman influence, these policies and data processing by or at Apple Inc. and its cooperation partners. This applies in particular to the collection and processing of login and payment information at the App Store and the associated device information.
Holman is not affiliated with, nor does it represent, the operators of the App Store.
By downloading and using this Mobile App, you also agree and acknowledge that the operators of the App Stores are not obliged to provide any support or maintenance with respect to the Mobile App. All rights and obligations regarding the use of the Mobile App exist only between you and Holman in accordance with the applicable terms of use.
B) Download the Mobile App from the Google Play Store
In order to use our Mobile App, you must download it from the App Store of Google Inc., CA, USA.
The Google Play Store is operated by Google Inc. and companies cooperating with Google Inc. There are separate terms of use and privacy statements for the use of the Play Store by Google Inc., which the user may have to accept. Holman is neither responsible for these regulations and data processing by or with Google. Inc. and its affiliates, nor can Holman influence them. This applies in particular to the collection and processing of login and payment information at the Play Store and the associated device information.
Holman is not affiliated with the operators of the Play Store, nor does it represent them.
By downloading and using this Mobile App, you also acknowledge that the Play Store operators are not obliged to provide any support or maintenance of the Mobile App. All rights and obligations regarding the use of the Mobile App exist only between you and Holman acc. The applicable terms of use.
C) Data collection and processing on the terminal
If you use our Mobile App, you must first log in via a login dialog and enter your access data. In the login dialog, we ask you for your e-mail address (user name) and password.
With the Mobile App, you can view and administer the most important information and tools relating to your company car via mobile radio or WLAN as a company car driver for Holman customers.
Our mobile app processes the below under §3.d. Personal data mentioned for the purposes only
- The functions used in each case and
- To prevent fraud and abuse.
The legal basis for processing according to No. 1 is Article 6 (1) (b) GDPR (fulfillment of the contract) and Article 6 (1) (f) GDPR (legitimate interests) according to No. 2.
After the Mobile App has been terminated, no user data is stored on the end device, so that no information can be passed into foreign hands even if the device is shared or lost. Only at the next start/if necessary the registration process of the mobile app and the next connection to the secure servers of Holman GmbH are synchronized again data to the end device. The other personal data will be stored on your mobile device until the app or cache is deleted.
D) Data collection and processing on Holman GmbH servers
All data referred to in letter 2. C) and listed below will be exchanged with the Mobile APP via our secure servers encrypted via SSL. On our secure servers, every access is temporarily stored in a log file The following data is recorded and stored until automated deletion:
- IP address of the requesting device
- Date and time of access
- Service methods used
- Name of the user
- User’s email address
- Mobile phone number
- Telephone number
- Private and employer address
- Location data
This data is processed for the following purposes
- Enable the use of the mobile app
- Administration of the network infrastructure
- Appropriate technical and organizational measures for IT system and information security, taking into account the state of the art
- Ensure user-friendliness of use
- Optimize the mobile app
- Provision of fleet management services in accordance with Framework agreement (regarding Holman Driver Insights®.
The legal basis for the above processing is:
- For the processing of contact with our web servers in accordance with Article 6(1)(b) GDPR (requirement for the fulfillment of the Mobile App usage contract), Article 1-2
- For the processing according to Article 3 (6) (1) (c) GDPR (legal obligation to implement technical and organizational measures to secure data processing pursuant to Article 32 GDPR) and Article 6 (1) (f) GDPR (legitimate interests for data processing for network and information security) and for
- The processing in accordance with point 4-5 Article 6 (1) (f) GDPR (legitimate interests). The legitimate interests of our data processing are to design and optimize our offer in a user-friendly manner.
- The processing operations referred to in point 5: Article 6(1)(b) GDPR (the fulfillment of a contract). This relates to the framework agreement for fleet management between Holman and the user’s employer.
The aforementioned data will be deleted at the latest after the permissible retention period in accordance with the case on current laws. Insofar as data is processed for longer periods. for purposes according to sections 2-4 above, it will be anonymized or deleted if storage is no longer required for the respective purpose.
In addition, your data will be deleted from Holman’s servers as soon as your employer terminates the contractual relationship with Holman and all contractual relationships have been finally settled.
E) No further processing
In addition to the above-mentioned cases, personal data will not be processed, unless you expressly consent to further processing in advance, e.g. to receive a newsletter.
Cookies
We use cookies when using our Mobile App. Cookies are small text files that are automatically stored locally in the cache of your web browser on your device when you use the Mobile App. The cookie stores information that arises in connection with the specific terminal device used, e.g. Saved language settings or screen resolutions. However, this does not mean that we will be immediately aware of your identity.
The use of cookies serves on the one hand to make the use of the Mobile App more pleasant for you, for technical session control and to enable certain functions, e.g. The transfer of data into forms despite a click on the mobile app.
We use so-called session cookies to recognize that you have already visited individual parts of the mobile app within a session and to enable session control, e.g. To save form entries during the session.
The data processed by cookies are necessary for the aforementioned purposes to safeguard our legitimate interests and third parties in accordance with Article 6(1)(f) GDPR.
Plug-ins from Google Inc.
Furthermore, we show addresses in the display of the mobile app, which can be found via Google Maps in the browser. The route can also be calculated via Google Maps if desired.
Google Inc., CA, USA and companies cooperating with Google Inc. use plug-ins for Google Maps and route calculation. These are technically operated in the USA or other countries outside the EU, the European Economic Area and Germany, but are partly offered via national companies. If you use such a plug-in with our mobile app, your device/web browser/app establishes a direct connection to the servers of Google Inc. or their cooperation partners in the respective country. This means that the recipient of the connection receives at least the information that you have visited a specific, identifiable app/website with Google Maps, and possibly also further information that your web browser or your used terminal device disclose. The content of the plug-in is loaded and integrated by your end device directly by the provider. If you are registered and logged in with the provider in question, your visit may also be assigned to your user account via your end device.
The purpose and scope of the described data collection and use by Google Inc. or its cooperation partners are primarily marketing measures. Details about this and your rights and settings for the protection of your privacy can be found directly with the respective provider in their privacy policy (see www.google.com).
Disclosure to third parties, processors, recipient categories
A transfer of your personal data to third parties, i.e. other natural or legal persons except the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor, takes place only for the following purposes:
- You have given your express and voluntary consent in accordance with Article 6(1)(a) GDPR to:
- According to Article 6(1)(b) GDPR, the transfer is necessary for the processing of contractual relationships with you, e.g. To the suppliers or recipients of a good or service you have named.
- There is a legal obligation to pass on data in accordance with Article 6 (1) (c) GDPR, e.g. To financial or law enforcement authorities.
- According to Article 6(1)(f) GDPR, the disclosure is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data; such disclosure can, for example, be In the event of attacks on our IT systems, be sent to government agencies and law enforcement agencies.
Our websites are operated by our parent company Automotive Rentals, Inc. in New Jersey, USA (“Holman US”) as processors on servers in the USA in accordance with Article 28 GDPR. Holman US has hosted Media Temple, Inc, 6060 Center Drive, 5th Floor, Los Angeles, CA 90045, USA. There is no adequate level of data protection within the meaning of the GDPR in the USA and there is no adequacy decision by the European Commission for the USA. However, we have concluded with Holman US the EU standard data protection clauses within the meaning of Article 46 GDPR, which can be requested in a copy at [email protected].
Holman remains responsible under data protection law even if contract processors are involved. We do not intend to transfer your personal data to a third country.
Access permissions to the end device
Within the scope of the processing purposes described above, the Mobile App has the following access rights to the terminal used: Internet connection, Wi-Fi, mobile communications, web browser components, location services.
Rights of the data subject
You have the right:
- In accordance with Article 15 GDPR, to request information about your personal data processed by us. In particular, you can provide information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, if possible, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, unless they have been collected from you, as well as the existence of automated decision making, including profiling and, where appropriate, meaningful information on their details,
- In accordance with Article 16 GDPR, to request the correction of incorrect or complete your personal data stored by us without delay,
- In accordance with Article 17 GDPR, to request the deletion of your personal data stored by us if
- They are no longer necessary for the purposes for which they have been collected or otherwise processed;
- Your consent. On which the processing was based in accordance with Article 6(1)(a) or Article 9(2)(a), and where there is no other legal basis for processing,
- You object to the processing in accordance with Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to processing for the purpose of direct advertising, including related profiling, in accordance with Article 21(2);
- The personal data has been processed unlawfully;
- The erasure of the personal data necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject;
- The personal data relating to information society services offered have been collected in accordance with Article 8(1) GDPR (consent of a child).
- The right to deletion does not exist if the processing is necessary
- The exercise of the right to freedom of expression and information,
- To fulfill a legal obligation, for reasons of public interest in the field of public health or for archival purposes in the public interest; or
- To assert, exercise or defend legal claims.
- Pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data, insofar as
- The accuracy of the data is disputed by you,
- The processing is unlawful, but you refuse to delete it,
- We no longer need the data, but you need it to assert, exercise or defend legal claims
- You have objected to the processing in accordance with Article 21 GDPR.
- In accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- In accordance with Article 7(3) GDPR, to revoke your once-given consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future if there is no other legal basis for this and
- In accordance with Article 77 GDPR, complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.
Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, If there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right of revocation or objection, you can contact us under the above-mentioned contact details and send us, for example. Send an email.
Data security
We use the widely used SSL (Secure Socket Layer) method to communicate mobile apps with our servers. In combination with the highest encryption level supported by your browser. Typically, this is a 256-bit encryption. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the status bar of your web browser.
In addition, we use appropriate technical and organizational measures to secure data processing, in particular to protect your data against manipulation or unauthorized access. In doing so, we take into account the state of the art. Our security measures are adapted to the technological development.
Links to third-party offerings
Our mobile app may contain links to offers from other providers. Please note that this Privacy Statement applies only to Holman’s Mobile App. We do not control or control that other providers comply with the applicable data protection regulations.
Validity and currentness of the data protection declaration
The Privacy Statement is currently valid and dated by 12/20/2019. Due to changes in the legal framework, the further development of our mobile app, the implementation of new technologies or due to changes in legal or regulatory requirements, it may be necessary to change this privacy statement with effect for the future. The current data protection declaration can be retrieved and stored or printed by you at any time.
Severability clause
Should individual provisions of this data protection declaration be or become invalid or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions. The same applies in the event of gaps.
