At Erwin Hymer Group SE (hereinafter “EHG”, “we” or “us”), we take the protection of your personal data very seriously. Your privacy is an important concern for us.
This privacy notice applies to the System Connect Service, which is composed of:
The System Connect Unit is available in two different versions:
The execution of vehicle component functionalities via the System Connect Service is only possible with the SCU and not with the SIU.
This privacy policy also applies in connection with the System Connect App End User License Agreement (the “EULA”), and the System Connect Terms of Use (the “Terms of Use”).
Personal data, in the sense of this data protection information, is all information that has a reference to you as a user of the System Connect Service.
"Data controller" means the entity that collects, processes or uses personal data (e.g. names, email addresses, or the like). The data controller for data processing in this context is:
Erwin Hymer Group SE
Holzstraße 19
D - 88339 Bad Waldsee
Tel: +49 (0) 7524 – 999 0
Fax: +49 (0) 7524 – 999 220
E-Mail: info@erwinhymergroup.com
Pursuant to Clause 1.5 of the EULA, as well as Clause 1.5 Terms of Use, Erwin Hymer Group SE is the data controller for all functions in connection with the provision of the System Connect Services (SCU, System Connect Cloud and app).
The technical terms used in this privacy policy are to be understood as defined in Art. 4 GDPR.
“Data controller” and “responsible entity” are used interchangeably.
Pursuant to Clause 16.2 of the Terms of Use and Clause 14.1 of the EULA, the System Connect Services are available for the brands or companies of Erwin Hymer Group SE listed therein, provided that these vehicles are compatible with these services.
The exact designation of the app and the System Connect App is based on the brand or company of the respective vehicle in accordance with Clause 16.2 of the Terms of Use in their current version.
The System Connect Terms of Use of Erwin Hymer Group SE apply to the provision of the System Connect Service. We agree these Terms of Use with you when you purchase a vehicle with an SCU (or an SCU retrofit kit for your vehicle) and when you create a user account in the System Connect Cloud (conclusion of the contract and creation of a user account in accordance with Clause 2 of the Terms of Use) or commission an SIU in your vehicle.
The System Connect Services allow you to either control components and services contained in the vehicle (SCU) or retrieve information from sensors in the vehicle that are connected to the System Connect Service (SIU).
In addition, when using the System Connect App, the aforementioned functions can also be used via a mobile device.
Data/data categories:
Contact details (last name, first name, address, e-mail address), System Connect Unit details (SCU number) vehicle chassis/serial number
Purposes of processing:
Contract fulfilment, provision of the functions of the System Connect Services
Legal Basis:
Contract/performance of contract (Art. 6 [1] lit. b) GDPR)
The SCU and the SIU are connected to various components of the vehicle. With both versions, you can retrieve various information from sensors on your vehicle.
With the SCU you can perform coordinated functions in the vehicle. This allows you to view the current status of your vehicle or make adjustments, for example, to the heating/air conditioning.
Here, data is reciprocally transmitted between the SCU and the System Connect Cloud to provide your vehicle’s System Connect Services.
Through this data exchange, you can also use the System Connect Service via your smartphone using the System Connect App and control various functions of your vehicle. You can optionally obtain this app for smartphones or tablets from the app stores of the respective store operators.
Data/Data Categories:
Static and dynamic usage and fault data of the installed components in the vehicle, statistical and dynamic vehicle data
Purposes of processing:
Maintenance and error analysis, provision of the service
Legal Basis:
Contract/performance of contract (Art. 6 [1] lit. b) GDPR)
|
|
PLEASE NOTE: The following information on data processing apply to the System Control Unit (SCU) and the System Information Unit (SIU) components and the System Connect App and System Connect Cloud services connected to them. The execution of vehicle component functionalities via the System Connect Service is only possible with the SCU and not with the SIU. The SIU provides the current information only to paired devices, provided that they are in the direct vicinity of the SIU (Bluetooth connection active). The information is stored in your user account and transmitted to the System Connect Cloud so that you can always see the latest values. |
|
Our app is designed to optimize your user experience with your vehicle. In order to provide you with a particularly convenient driving experience and our services, we offer you immediate access to a wide range of functions in your vehicle when you use the app.
The app can be visited without any active information about you. However, we automatically store access data (so-called log files) with each use of our app, such as the name of the Internet service provider, the operating system used, the date and duration of the visit, as well as for security reasons, e.g. to detect attacks on our app, the IP address of the end device used for a period of 7 days.
The app accesses features of the device you are using for some app services:
Camera:
Carrying out the pairing between the vehicle and the app by scanning a QR code
Bluetooth:
Connection of the terminal device in the near field of the vehicle for the purpose of controlling System Connect Services
Native map material:
Display of the current vehicle location, depending on the availability of the service
Location services:
Display of current location, subject to activation
Below you will find an overview of the processing operations for the different functions of the app.
The System Connect app is offered in the app stores of the respective store operators. When opening the app for the first time, you will be asked to sign the EULA with us. With the confirmation of the EULA you have the possibility to use our app.
To document your confirmation of the EULA, we will store the following data about you or your terminal device. This serves to ensure that you may use our service in accordance with the EULA.
With confirmation of the EULA you can:
a) use the demo mode of the app - see Clause 1.2.2
b) register for System Connect Services - see Clause 1.2.3
c) Non-pairing relevant functions – Accessing the information offer (Downloads, Settings, FOT Link, Website Link, POIs)
Categories of data subjects:
users of our app
Categories of data:
Meta and communication data (e.g. device information, IMEI or phone ID, timestamp of confirmation of EULA)
Purposes of Processing:
Provision of the app and opening of the full range of functions of the System Connect Services
Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)
Our app can be used without actively providing personal data. Thus, after starting the app, the so-called demo mode is available to you. This mode offers you the possibility to simulate the operating possibilities of a vehicle. You will be shown the available functions of the control.
Categories of data subjects:
users of our app
Categories of data:
user data (e.g. interest in content, access times), meta and communication data (e.g. device information, IMEI or phone ID)
Purposes of processing:
Deployment of the app and its core functions
Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)
As a user of the app, you can create a user account through the registration process. Here we collect data about your person, which it requires to create a user account. This data is stored in the System Connect Cloud.
To verify your identity, during the registration process you will receive an e-mail to the e-mail address you provided, including a link for confirmation.
After confirming the link, you will be asked to set a password for your account.
Categories of data subjects:
users of our app
Categories of data:
Mandatory data: Last name, first name, e-mail address, date of birth, password
Optional data: Address, phone number
Purposes of Processing:
Extension of the scope of use, user registration
Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)
After successful registration, you have the possibility to link your user account with a vehicle. (see Clause 1.2.5 Primary users).
You can perform this pairing by scanning the QR code provided with the vehicle using the camera function of your smartphone. To complete the pairing process, follow the description in the app.
Categories of data subjects:
Registered user (primary user)
Categories of data:
QR code of the vehicle, serial number of the vehicle, device information (e.g. Bluetooth MAC address of the end device)
Purposes of processing:
Optimization of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development
Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)
There is only one fixed primary user for each vehicle (assuming a user account has been created). The owner of a vehicle equipped with an SCU or the person authorized by the owner to use the vehicle with the System Connect Service as the primary user is always registered as the primary user during pairing.
As a primary user, you have the possibility to allow other users (co-users) to use the System Connect Services. You can revoke these permissions or deactivate co-users at any time.
Categories of data subjects:
Registered user (primary user)
Categories of data:
QR code of the vehicle, serial number of the vehicle, device information (e.g. Bluetooth MAC address of the end device)
Purposes of Processing:
Optimization of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development
Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)
Pursuant to Clause 4.3 of the Terms of Use, the primary user may also allow other persons to use the System Connect Services of his vehicle.
These co-users can use those functionalities of the System Connect Service that the primary user has enabled for the co-user. This activation is done by sharing/unlocking a QR code created in the app, which must be scanned by the end device of the fellow user.
The primary user may withdraw the user rights granted to the co-user at any time. The user rights of a co-user are automatically revoked if the primary user deactivates his user account or dissolves the link with the vehicle in question.
Categories of data subjects:
Co-user
Categories of data:
QR code of the vehicle, serial number of the vehicle, device information (e.g. Bluetooth MAC address of the end device)
Purposes of processing:
Optimization of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development
Legal Basis:
Consent (Art. 6 [1] lit. b) GDPR)
A transmission of your vehicle position and the processing of this data only takes place from the moment you decide to use this function and have activated it. Activation of the service can always be done only by the primary user.
If the service has been activated by the primary user, you as the primary user or co-user and the assigned authorization, have the option of displaying the last reported vehicle location.
All registered users have the option to view the location of the vehicle. This does not require users to be in close proximity to the vehicle.
Categories of data subjects:
Primary user, co-user
Categories of data:
GPS coordinates
Purposes of processing:
Display of current vehicle location on the end devices
Legal Basis:
Consent (Art. 6 [1] lit. a) GDPR)
In the app, it is possible to display locations in the vicinity, e.g., dealers or workshops, on a map (so-called points of interest - “POI”).
You can either navigate to these POIs manually in the maps or have them displayed in your immediate vicinity by activating the location function of your mobile device.
Categories of data subjects:
Primary user, co-users
Categories of Data:
GPS coordinates
Purposes of processing:
Display of the current location of the end device
Legal Basis:
Consent (Art. 6 [1] lit. a) GDPR)
When you launch the app for the first time, you will be asked if you want to receive push notifications on your device.
If you activate this, you have the possibility to be informed about certain events or information of the devices connected to the SCU. The type and scope of push notifications can be selected by you.
To do this, you can manage your notification settings yourself and decide which push notifications you want to receive on your device.
Categories of data subjects:
Registered users
Categories of data:
Vehicle information, data from terminal device to display the push notification
Purposes of processing:
Provision of events or information about vehicle-specific data
Legal Basis:
Consent (Art. 6 [1] lit. a) GDPR)
In order that we can constantly improve the user-friendliness and design of our app, we use services for analysis.
For this purpose, we collect information about the behavior, interests or demographic information about our visitors, for example, country settings, language used, or similar. This helps us to recognize at what time our app, its functions or content are most frequented or invite a repeated visit. In addition, the information we collect allows us to determine if our app needs optimization or adjustment.
As a rule, however, no clear user data is processed for the purposes described. In this case, the data is modified in such a way that the actual identity of the users is not known to us. In particular, IP addresses are anonymized, meaning that you cannot be identified personally.
As a tool, we use the service Google Analytics for Firebase, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Analytics uses the advertising ID that is stored on your terminal device. You can change or deactivate these in the device settings of your mobile device.
Android: Settings -> Google -> Ads -> Reset / Delete advertising ID
iOS: Settings -> Privacy -> Advertising -> No ad tracking
For more information, please click here: https://www.google.com/policies/privacy/
Under the “Legal” section, you have the possibility to deactivate the data processing for the mentioned purposes.
Categories of data subjects:
users of our app
Categories of data:
User data (e.g. interest in content, access times, information on the interaction of the services used and inputs), meta and communication data (e.g. device information, IP addresses)
Purposes of processing:
Application analysis, utilization and app interaction evaluation
Legal basis:
Legitimate interest (Art. 6 [1] lit. f) GDPR)
Legitimate Interests:
Optimization and further development of the app, statistical analyses, fraud prevention, defense against requests overloading the service
To improve the functions and services, as well as for further development and quality assurance, we evaluate usage and error data of the System Connect Unit and summarize them in statistics. This data is collected and processed by us in anonymous form and, therefore, does not allow any conclusions to be drawn about your person or your vehicle.
In connection with the use of the System Connect Services, vehicle data is stored by Erwin Hymer Group SE in the System Connect Cloud. The collection of data enables any malfunctions to be identified and remedied in a targeted manner. This data is not transmitted to the associated brands and companies of Erwin Hymer Group SE.
All contractual documents and information necessary for your use of the System Connect Service are held by the respective brands and companies of Erwin Hymer Group SE on our behalf, in each case the company that is the owner of the brand of your vehicle (see Clause 1.1 above). In this way, all documents related to the use of the vehicle are available at the company of the brand of your vehicle. An overview of all vehicle brands, service designations and associated companies is available in Clause 16 of the Terms of Use.
As part of the use of the System Connect Services, vehicle data is processed and stored by Erwin Hymer Group SE in the System Connect Cloud. The processing of this data makes it possible to provide you with the System Connect Service and to be able to identify and rectify any malfunctions in a targeted manner.
A transfer of your data to external bodies within the EU will only take place
We will not pass on your data to third parties beyond this. If we commission service providers to process your data, they are subject to the same security standards as we are. In other cases, the recipients may use the data only for the purposes for which they were transmitted to them.
We transfer data to countries outside the EEA (so-called third countries). This is done on the basis of the purposes mentioned above.
In the event that we transfer data to a country outside the EEA for processing, we will ensure that the processing is legally permitted in the manner we intend. In this case, we have concluded standard data protection clauses, including a separate regulation of suitable technical and organizational measures to protect the data of data subjects in the best possible way. A copy of the guarantees used can be found in the overview of recipients in Clause 2.2.4.
You can see the current overview of the recipients who receive your data on our website. You can find these under: https://www.erwinhymergroup.com/de/systemcontrol/legal
As a matter of principle, we store your personal data for as long as is necessary for the provision of our service or insofar as this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations applicable to us. In all other cases, we delete your personal data or remove the personal reference after the purpose has been fulfilled, with the exception of such data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).
Information about you that can be assigned to your contract will be deleted immediately after expiration of the contract/cancellation.
The contract documents and other supporting documents are deleted after 10 years following the expiry of the statutory retention period.
When the SCU is paired with the System Connect Cloud, a log is made that is stored for the duration of the use of these functions. This coupling protocol is used to correctly assign the components to a specific vehicle.
Via the conclusion of the contract mentioned in Clause 2.3.1, a personal reference to the respective purchaser of the new vehicle or the SCU retrofit kit can be established via the linking protocol. This personal reference remains assigned to your vehicle until the end of the contract or the end of the aforementioned retention period. As soon as the data is deleted in accordance with Clause 2.3.1, the personal reference of the linkage protocol shall also cease to exist.
Upon expiration of the System Connect Service for your vehicle or upon withdrawal from the Terms of Use, the connection between the SCU (your vehicle) and the System Connect Cloud will be disconnected in accordance with Clause 7.2 of the Terms of Use.
The dynamic usage and error data are constantly overwritten in the internal memory. Furthermore, this usage data is transmitted to the System Connect Cloud in accordance with the Terms of Use. The transmission takes place as long as this is necessary for the fulfillment of the contract. As soon as the contract, according to Clause 2.3.1, ends, no further data will be transmitted from the SCU to the System Connect Cloud. Data transmitted until then will be anonymized at the end of the contract. It is, therefore, no longer possible to draw conclusions about your person.
You have the option to delete your user account within the app at any time. You can delete your user account in the “My profile” Clause by clicking “Delete account”. With confirmation, the data from your registration will be deleted. This function is available to both primary users and co-users.
If you delete your user account, the connection between the app and the vehicle is also interrupted.
In our app, we offer the possibility to contact us directly or to obtain information through various contact options. In order to maintain a permanent overview of contacts with us, we use the ticket system of the provider Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA, for the processing of corresponding requests.
In case of contact, we process the data of the inquiring person to the extent necessary for answering or processing the inquiry. Depending on the way in which contact is made with us, the data processed may vary.
Categories of data subjects:
Inquiring persons
Categories of data:
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).
Purposes of processing:
Inquiry processing
Legal basis:
Consent (Art. 6 [1] lit. a) GDPR), performance or initiation of a contract (Art. 6 [1] 1 lit. b) GDPR)
We do not use purely automated decision-making processes pursuant to Art. 22 GDPR. If we do use such a procedure in the future in individual cases, we will inform you of this separately, insofar as this is required by law.
When initiating a contract, you must provide the personal data that is required for the establishment, execution and termination of the legal transaction and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will not be able to carry out the legal transaction with you.
Providing your information is necessary for us to provide our System Connect Service to you in the manner we offer, and promise to provide in our System Connect Terms of Use, as well as in our EULA.
Erwin Hymer Group SE uses technical and organizational security measures, in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
Art. 6 (1) lit. a) GDPR serves as our legal basis for processing operations for which we have obtained consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 (1) (b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example, in cases of inquiries about our products or services.
If we are subject to a legal obligation by which processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c) GDPR.
If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the processing is based on Art. 6 (1) lit. d) GDPR.
Ultimately, processing operations may be based on Art. 6 (1) lit. f) GDPR. Processing operations are based on this legal basis if the processing is necessary to protect a legitimate interest of us or of a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
Right to the disclosure of information: Pursuant to Article 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. They may request information about this data, as well as the further information listed in Art. 15 (1) GDPR and a copy of their data.
Right of rectification:
According to Art. 16 GDPR, data subjects have the right to request the correction or completion of data concerning them and processed by us.
Right of deletion:
Data subjects have the right, according to Art. 17 GDPR, to request the immediate deletion of the data concerning them. Alternatively, they may request us to restrict the processing of their data pursuant to Art. 18 GDPR.
Right to data portability:
Pursuant to Art. 20 GDPR, data subjects have the right to request that the data they have provided to us be made available to them and to request that it be transferred to another data controller.
Right to lodge a complaint:
Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 of the GDPR.
Right to object:
Insofar as personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) Sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from their particular situation, or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.
Revocation:
Some data processing operations are only possible with the explicit consent of the data subjects. You have the possibility to revoke an already given consent at any time. To do so, simply send us an informal message or e-mail to privacy@erwinhymergroup.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
On our app, you will find links to the websites of other providers. We hereby point out that we have no influence on the content on the linked websites and the compliance with data protection regulations by their providers.
We reserve the right to adjust this privacy policy at any time in the event of changes to our Terms of Use, the EULA or changes to the scope of functions of the SCU or app, and in compliance with the applicable data protection regulations in order to comply with the legal requirements.
External data protection officer:
DDSK GmbH
Stefan Fischerkeller
Tel: +49 (0) 7542 949 21 - 00
E-mail: privacy@erwinhymergroup.com
Notice: Your inquiries will be treated confidentially and forwarded directly to the data protection officer.
Recipients or Categories of Recipients under clause 2.2.4 of the Privacy Notice - System Control App
In order to give you the opportunity to always have an overview of our current recipients of your data, you will find an overview below.
The following recipients receive your data as part of System Connect’s data processing:
Recipient: A1 Digital Deutschland GmbH, St.-Martin-Str. 59, 81669 Munich, Germany
Recipient: Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany
Recipient: Device Insight GmbH, Willy-Brandt-Platz 6, D-81829 Munich, Germany
Recipient: The Erwin Hymer Group SE associated manufacturer, company or brand of the vehicle you have purchased
Recipient: Inventi Development Ltd., Táborská 940/31, 140 00 Praha 4, Czech Republic
Recipient: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
The following recipients receive your data additionally within the scope of data processing by System Connect App:
Recipient: Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany
Recipient: Matomo, InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand
Recipient: Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA
Recipient: Firebase, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Ich bin ein Tooltip.