• Name and contact details of the person responsible for processing

These information obligations apply to the processing of personal data by the person responsible: Holman GmbH, Liebknechtstraße 33, D-70565 Stuttgart, (hereinafter “Holman”), e-mail:  [email protected] . Telephone: 0049 (0)711-6676-0, Fax: 0049 (0)711-6676-17101.

 

We attach great importance to the protection of your personal data. According to Article 4 No. 1 GDPR, personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified. For example, your name or email address are considered personal.

 

1. Contact details of the company data protection officer

The company data protection officer of the person responsible can be reached at the above address of the person responsible, for the attention of Mr. Paul Elion, telephone +49 (0) 6196 700 1117, or mobile +49 (0) 172 8644 893, or by e-mail  [email protected] to reach.

 

1. Purposes of data processing, legal basis, storage period

The processing of the personal data collected when using the Insights Mobile App is only carried out in compliance with the applicable data protection regulations and to the required extent.

This privacy policy applies solely to the use of data between you and Holman.

The following explains what personal data is collected while using our mobile app and how exactly it is used.

 

1. a) Download the mobile app from the Apple App Store

 

In order to be able to use our mobile app, you must download it from the App Store of Apple Inc., CA, USA.

The Apple App Store is operated by Apple Inc. and companies cooperating with Apple Inc. Apple Inc. has its own terms of use and data protection declarations for the use of the App Store, which the user may have to accept. Holman is not responsible for these regulations and data processing by or at Apple Inc. and its cooperation partners, nor can Holman influence them. This applies in particular to the collection and processing of registration and payment information in the App Store and the associated device information.

Holman is also not affiliated with the operators of the app store and does not represent them.

By downloading and using this mobile app, you also acknowledge that the operators of the app stores are not obliged to provide any support or maintenance for the mobile app. All rights and obligations relating to the use of the Mobile App are solely between you and Holman in accordance with the applicable Terms of Use.

1. b) Download the mobile app from the Google Play Store

 

In order to be able to use our mobile app, you must download it from the app store of Google Inc., CA, USA.

The Google Play Store is operated by the company Google Inc. and companies cooperating with Google Inc. Google Inc. has its own terms of use and data protection declarations for the use of the Play Store, which the user may have to accept. Holman is responsible for these regulations and data processing by or with Google. Inc. and its affiliates is not responsible and Holman cannot influence them. This applies in particular to the collection and processing of registration and payment information for the Play Store and the associated device information.

 

Holman is also not affiliated with the operators of the Play Store and does not represent them.

By downloading and using this mobile app, you also acknowledge that the operators of the Play Stores are not obliged to provide any support or maintenance for the mobile app. All rights and obligations relating to the use of the Mobile App are solely between you and Holman in accordance with the applicable Terms of Use.

 

1. c) Data collection and processing on the end device

 

If you use our mobile app, you must first register via a registration dialog and enter your access data. In the login dialog we ask you for your e-mail address (user name) and your password.

 

As a company car driver for Holman customers, you can use the mobile app to view and manage the most important information and tools relating to your company car via mobile phone or WLAN.

 

Our mobile app processes the data set out below under §3.d. mentioned personal data only for the purposes

1. To enable the functions used in each case as well as
2. To prevent fraud and abuse.

 

The legal basis for processing according to No. 1 is Article 6 Paragraph 1 Letter b GDPR (performance of a contract) and according to No. 2 Article 6 Paragraph 1 Letter f GDPR (legitimate interests).

 

After closing the mobile app, no user data is stored on the end device, so that no information gets into the wrong hands even if the device is passed on or lost. Only at the next start/possibly Registration process of the mobile app and the next connection to the secure servers of Holman GmbH, data is synchronized again on the end device. The remaining personal data is stored on your mobile device until the app or the cache is deleted.

1. d) Data collection and processing on servers of Holman GmbH

 

All data referred to under point 2. c) and below are exchanged with the Mobile APP via our secure server in encrypted form via SSL. Each access is temporarily stored in a log file on our secure servers. The following data is recorded and stored until it is automatically deleted:

• IP address of the requesting device
• Date and time of access
• Service Methods Used
• User’s name
• Email address of the user
• Mobile phone number
• phone number
• Private and employer address
• location data

 

This data is processed for the following purposes

1. Enabling Use of the Mobile App
2. Administration of the network infrastructure
3. Appropriate technical and organizational measures for IT system and information security, taking into account the state of the art
4. Ensuring user-friendliness of use
5. Optimization of the mobile app
6. Provision of fleet management services in accordance with the framework agreement (regarding Holman Insights.

 

The legal bases for the above processing are:

• for processing for contact with our web servers according to numbers 1-2 Article 6 paragraph 1 letter b DSGVO (necessity for the fulfillment of the mobile app user contract relationship),
• for processing according to number 3 Article 6 paragraph 1 letter c DSGVO (legal obligation to implement technical and organizational measures to secure data processing according to Article 32 DSGVO) and Article 6 paragraph 1 letter f DSGVO (legitimate interests in data processing for network and information security ) also for
• the processing according to numbers 4-5 Article 6 paragraph 1 letter f DSGVO (legitimate interests). The legitimate interests of our data processing are to make our offer user-friendly and to optimize it.
• processing according to number 5: Article 6 paragraph 1 letter b. GDPR (the performance of a contract). This concerns the framework agreement for fleet management between Holman and the user’s employer.

 

The data mentioned above will be deleted at the latest after the permissible storage period according to the case law on current law. If data is processed longer for purposes according to numbers 2-4, it will be anonymised or deleted if storage is no longer required for the respective purpose.

Otherwise, your data will be deleted from Holman’s servers as soon as your employer terminates the contractual relationship with Holman and all contractual relationships have been finally settled.

 

1. e) No further processing

 

Beyond the cases mentioned above, personal data will not be processed unless you expressly consent to further processing in advance, e.g. to receive a newsletter.

 

4. cookies

 

When using our mobile app we use cookies. Cookies are small text files that are automatically stored locally in the cache of your web browser on your end device when you use the mobile app. Information is stored in the cookie that arises in connection with the specific end device used, e.g. saved language settings or screen resolutions. However, this does not mean that we are immediately informed of your identity.

 

The use of cookies serves on the one hand to make the use of the mobile app more pleasant for you, for technical session control and to enable certain functions, e.g. the transfer of data in forms despite a click on the mobile app.

 

We use so-called session cookies to recognize that you have already visited individual parts of the mobile app within a session and to enable session control, e.g. to save form entries during the session.

 

The data processed by cookies are required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Letter f GDPR.

 

5. Plugins from Google Inc.

 

We also show addresses in the display of the mobile app, which can be found in the browser using Google Maps. If desired, the route can also be calculated using Google Maps.

 

Google Inc., CA, USA and companies cooperating with Google Inc. use plug-ins for Google Maps and route calculation. These are technically operated in the USA or other countries outside the EU, the European Economic Area and Germany, but are sometimes offered via national companies. If you use such a plug-in with our mobile app, your end device/web browser/app establishes a direct connection with the servers of Google Inc. or their cooperation partners in the respective country. As a result, the recipient of the connection receives at least the information that you have visited a specific, identifiable app/website with Google Maps, and possibly also other information that your web browser or the device you are using reveals. The content of the plug-in is loaded and integrated directly from the provider on your end device. If you are registered with the relevant provider and logged in, your visit via your device may also be assigned to your user account.

 

The purpose and scope of the data collection and use described by Google Inc. or its cooperation partners are primarily marketing measures. You can read details about this and your rights and setting options for protecting your privacy directly from the respective provider in their data protection declaration (see www.google.com ).

 

 

 

6. Disclosure to third parties, processors, categories of recipients

 

A transfer of your personal data to third parties, ie other natural or legal persons other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data, only occurs for the purposes listed below:

• You have given your express and voluntary consent in accordance with Article 6 Paragraph 1 Letter a GDPR,
• According to Article 6 paragraph 1 letter b DSGVO, the transfer is necessary for the processing of contractual relationships with you, e.g. to suppliers or recipients of goods or services named by you.
• There is a legal obligation to pass on data in accordance with Article 6 Paragraph 1 Letter c GDPR, e.g. to financial or law enforcement authorities.
• According to Article 6 paragraph 1 letter f GDPR, the transfer is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data; such a transfer can take place, for example, in the event of attacks on our IT systems to state institutions and law enforcement agencies.

 

In accordance with Article 28 GDPR, our websites are operated by our parent company Automotive Rentals, Inc. in New Jersey, USA (“Holman US”) as a processor on servers in the USA. Holman US has subcontracted hosting to Media Temple, Inc, 6060 Center Drive, 5th Floor, Los Angeles, CA 90045, USA. In the USA there is no adequate level of data protection within the meaning of the GDPR and there is no adequacy decision by the European Commission for the USA. However, we have concluded the EU standard data protection clauses within the meaning of Article 46 GDPR with Holman US, copies of   which can be requested from [email protected] .

 

Even if processors are involved, Holman remains the controller under data protection law. We do not intend to transfer your personal data to a third country.

 

7. Access permissions to the end device

Within the scope of the processing purposes described above, the mobile app has the following access rights to the end device used: Internet connection, WLAN, mobile radio, web browser components, location services.

 

8. data subject rights

 

You have the right:

• to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period if possible, the existence of a right to correction, deletion, restriction of processing or objection, the Existence of a right of appeal, the origin of your data, if not collected from you, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details,
• in accordance with Article 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us,
• in accordance with Article 17 GDPR to request the deletion of your personal data stored by us if
  • these are no longer necessary for the purposes for which they were collected or otherwise processed,
  • your consent. on which the processing pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a was based, and there is no other legal basis for the processing,
  • you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to processing for the purpose of direct marketing, including related profiling, pursuant to Article 21(2),
  • the personal data have been unlawfully processed,
  • the deletion of the personal data is required to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject,
  • the personal data were collected in relation to information society services offered in accordance with Article 8 Paragraph 1 GDPR (consent of a child).
• There is no right to erasure if processing is necessary
  • to exercise the right to freedom of expression and information,
  • to fulfill a legal obligation, for reasons of public interest in the field of public health or for archiving purposes in the public interest, or
  • to assert, exercise or defend legal claims.
• in accordance with Article 18 GDPR to demand the restriction of the processing of your personal data, insofar as
  • the correctness of the data is disputed by you,
  • the processing is unlawful but you oppose its erasure,
  • we no longer need the data, but you need them to assert, exercise or defend legal claims or
  • You have lodged an objection to the processing in accordance with Article 21 GDPR.
• in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible,
• pursuant to Article 7 Paragraph 3 GDPR, to revoke the consent you have given us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future if there is no other legal basis for this and
• to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our headquarters.

 

9. Right to object

 

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

 

If you would like to make use of your right of revocation or objection, you can contact us using the above contact details and send us an e-mail, for example.

 

10. data security

 

We use the widespread SSL (Secure Socket Layer) method to communicate between the mobile apps and our servers. in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your web browser.

 

In addition, we use suitable technical and organizational measures to secure data processing, in particular to protect your data against manipulation or unauthorized access. We take the state of the art into account. Our security measures are adapted in line with technological developments.

 

11. Links to offers from other providers

 

Our mobile app may contain links to offers from other providers. Please note that this privacy statement only applies to the Holman mobile app. We have no influence and do not check that other providers comply with the applicable data protection regulations.

 

 

 

12. Validity and topicality of the data protection declaration

 

The data protection declaration is currently valid and dated 20.12.2019. Due to changed legal framework conditions, the further development of our mobile app, the implementation of new technologies or due to changed legal or official requirements, it may become necessary to change this data protection declaration with effect for the future. You can call up and save or print out the current data protection declaration at any time.

 

13. Severability Clause

 

Should individual provisions of this data protection declaration be or become invalid or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions. The same applies in the case of gaps.