moovel Group GmbH

Privacy Policy for the app and services obtained through it and the website

Information on the processing of personal data and data controller

moovel is pleased that you are interested in the app. The protection of your privacy and compliance with applicable data protection laws is extremely important to us, the moovel Group GmbH, Hauptstätter Straße 149, 70178 Stuttgart, Germany (“moovel” or “we” or “our” or “us”). We therefore use your data in compliance with the strict provisions of the relevant data protection law (in particular the General Data Protection Regulation), provided that we collect, use or store ("process") personal data from you within the scope of the services offered. Our Privacy Policy is intended to inform you about which data we record, for which purposes, how it is used as part of the app, the services acquired through the app, the customer account and the website (collectively “service/s”). You should therefore take the time to read our Privacy Policy.

The controller for data processing pursuant to Art. 4 para. 7 of the General Data Protection Regulation (GDPR):
moovel Group GmbH
Hauptstätter Straße 149 70178 Stuttgart, Germany
Managing directors: Dr. Daniela Gerd tom Markotten, Dr. Johannes Prantl

You can contact our data protection officer at: Data Protection Officer
moovel Group GmbH
Hauptstätter Straße 149 70178 Stuttgart, Germany E: dataprotection@moovel.com

If you have any questions, suggestions and/or feedback regarding our services, please contact us: moovel Group GmbH, Hauptstätter Straße 149 70178 Stuttgart, Deutschland E: hello@moovel.com

The app may contain links to websites or the services of other providers over which we have no control and are therefore not covered by this Privacy Policy. We assume no liability for the content, the technical security or activities of these external websites or services. We therefore recommend that you read the Privacy Policy carefully.

A. General Privacy Policy information and Privacy Policy for the use of the app

§ 1 General information on data processing

We only process personal data of our users if this is necessary to guarantee the functionality of the app. Personal data is information that can be used to indentify you individually (for example name, address, postal address, telephone number or your e-mail address). No personal data, however, are details such as the number of users of our services.

When using the app for information purposes, i.e. if you do not register or otherwise provide us with information, we collect the personal data described below, which is technically necessary for us to offer you the functions of our app and to guarantee stability and security:

• Device-Identification: DeviceID for Android, IDFA for iOS
• Language and version of the app
• Operating system
• Date and time of the request
• The volume of data transferred in each case

In addition, we analyze usage data of the app (technical usage data, app version, click flows, functions used) in order to identify preferences and further develop the app. The legal grounds for the temporary storage of the aforementioned data and the evaluation is Art. 6 Par. 1 S. 1 lit. f GDPR. The data processing is done to ensure the functionality of the app. In addition, the data and analyses serve us to optimize the app and to ensure the security of our information technology systems, from which our legitimate interest arises.

If you do not wish for information about the use of the app to be saved and analyzed, you can activate and deactivate this function at any time via Settings > data protection.

1. Notifications / Push messages

The app informs you with a push message to your device about the status of your order and product information. If you activate the function when first starting the app or at a later time. The push messages can be deactivated and reactivated at any time. In Android, in the system settings >> Apps >> moovel >> Authorizations, in iOS in the system settings >> moovel >> Messages.

2. Recording of position data

In the course of searching for a mobility option via the app, we gather your location data (GPS data) in order to show you the mobility options at your respective location. For this purpose, you must allow the app to access location services using the operating system of the mobile device you are using and its authorization system. In this context, however, we only collect the location determined by your device if the app is open. If the location tracking is active, the iPhone, for example, shows a compass symbol in the upper toolbar. Android devices have a similar function. The legal grounds for this data processing results from Art. 6 Para. 1 S. 1 lit. b GDPR, since your location is only recorded and transferred to us if you use the app using functions that we can only offer you if we know your location. You can permit or revoke this function (position detection) at any time in the settings of your operating system.

3. Use of Localytics

We use the services of Localytics of Char Software, Inc. based in Boston MA, 2 Center Plaza, 3rd Floor, Boston, MA 02108, USA. Localytics is an app marketing and analysis service that enables us to better understand the function and use of our mobile offerings. We also use Localytics to send promotions and information about our products via push notification. The user is tracked based on different identifiers based on the device or app installation. Based on the data collected, Localytics creates a user segmentation which is the basis for the delivery of push messages. More information on data protection at Localytics can be found at https://www.localytics.com/privacy-policy/.

Search optimization

We use localytics to present you with better and improved search results in the course of your use of the app. By evaluating your data, the service enables us to optimize the experience of using our app and offer you search results according to your usage. For this purpose, Localytics records the searches performed and the search suggestions selected. This information is linked to the so-called "Unique Installation ID", a label that Localytics sets during the initial installation of the app itself. If you delete the app and reinstall it, the ID is recreated. The legal grounds for this data processing results from Art. 6 para. 1 S. 1 lit. b GDPR, as this is the only way we can offer you the optimal search proposals according to your search. This information will be kept for 37 months and will be irretrievably deleted after the expiry of this period.

Statistical values

With Localytics we record the following information while using the app:

• Users' actions in relation to the app's search function (searches performed, search suggestions, what was selected from the suggestions, etc.) and the app's menu and settings (which settings are set, etc.). • Actions related to the app (opening the app, app is moved to the background, the app no longer works (crash)) • Logins, registrations etc. as well as interaction with push messages of the app

From this information, which is linked to the "Unique Installation ID", we derive statistical parameters on an aggregated basis in order to continuously guarantee high product quality.
Our legitimate interest lies in the aforementioned data processing processes and the purposes pursued with them. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. We delete this information as soon as processing or storage is no longer necessary to safeguard the aforementioned interest.

Objection possibility: In the app, you disable the tracking of statistical parameters via Localytics for the future by selecting the "Data protection" item under Settings and setting the "Collecting statistical parameters" slide switch accordingly ("Objection to data processing").

Push settings

We use Localytics to provide promotions and information about our products (malfunction, expired credit card, driver coming soon, etc.) by push notification. You can prevent receiving this information via push notification at any time in the app for the future by selecting "Privacy" under Settings and setting the slide switches accordingly under "Push settings".
An adequate level of data protection is established by agreeing the standard contractual clauses for contractors in accordance with Commission Decision 2010/87/EU. You can download the contents of the standard contract here: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087".

4. Use of HockeyApp

To analyze bugs and improve app stability, we use the HockeyApp tool to collect anonymous bug reports on unplanned app behavior. The tool was purchased by Microsoft in late 2014 and has been subject to the company's privacy policy ever since. If the app crashes, a crash report is sent to the Microsoft Corporation servers: One Microsoft Way Redmond, WA 98052-6399, USA. The data protection regulations of Microsoft and thus also for HockeyApp can be found at https://privacy.microsoft.com/ en-us/PrivacyStatement. The crash report to HockeyApp contains technical information such as date and time of the crash, the affected software module, operating system and language selected, and device type. No personal or identifiable data is transmitted when the crash report is sent. To avoid duplicate reports for a process, a UUID is created for the report, which is stored by HockeyApp. These UUIDs are not linked to personal data, as they are generally not stored. No personal data is transferred to HockeyApp.

5. Use of adjust

For measuring the effectiveness of advertising campaigns we use the Adjust software, which is operated by adjust GmbH, Saarbrücker Str. 37A 10405 Berlin (hereinafter referred to as "Adjust"). The Adjust service has been tested and certified according to the ePrivacyseal (European Seal for your Privacy). Adjust uses IDFA or the AAID of the users for the analysis, which are only used anonymously. It is not possible to draw any conclusions about a natural person. This information is used for our own market research and to optimise our own advertising measures. The information collected is also passed on to relevant providers for the purpose of carrying out and optimising our app advertising campaigns. Please refer to the relevant sections of our Privacy Policy for details of the vendors we use. Currently we use the following providers • Localytics for the app.

Objection possibility: In the app, you can prevent the tracking of Adjust for the future by selecting "mobile attribution" under Settings and setting the slide switch accordingly ("Revoke data processing"). In addition, you can object to data processing at any time with effect for the future by sending an e-mail to optout@adjust.io.

§ 2 Data processing during registration and/or use of a customer account

1. Registration process and use of the app

We offer you the opportunity to register by providing personal information or to create a user account. As part of the registration process, the following categories of personal data that you enter in an input mask are transferred to us and stored:

• Master data • Address data • Contact information • A PIN created by you • Information about your methods of payment

We also gather the date and time of registration and the technical settings made during registration. The legal grounds of this data processing results from Art. 6 para. 1 S. 1 lit. b GDPR, as this information is necessary for the performance of the contract or to take steps at your request prior to entering a contractual relationship between you and moovel. However, there is no obligation to provide this information. However, you cannot use our service without this information. On the above mentioned basis we also process your contact and address data in order to inform you about contract-relevant changes in products and services in accordance with the applicable laws and to provide you with other legally binding information.

In addition to the aforementioned data, we process the information for identifying your mobile device and your position data for the processing and billing of the mobility service between you and the respective mobility provider with whom you enter into a contractual relationship via moovel, as well as for the recognition, identification and elimination of faults in the overall operation. For the mobility contract between you and the respective mobility provider with the participation of moovel, we transfer the data required for this mobility contract to the respective mobility provider, who processes the data for the purpose of processing the contract on his own responsibility. In particular this means:

▶︎ For processing your booking and/or reservation request, we pass your booking or reservation request on to the car sharing provider.
▶︎ In addition, we also pass on your data to the car sharing provider for the processing of further claims (e.g. processing of damages incurred or processing of fines when using a car sharing offer).
▶︎ When you purchase a ticket, we pass on your information to the local transport operator involved, who provides the transport service and is responsible for customer service.
▶︎ When you order a taxi, we pass on your location data to taxi drivers and taxi companies who can then apply for the particular ride.
▶︎ Your position data as well as master data and the collected data (e.g. name, telephone number and - if provided by you - your picture) are passed on to the taxi driver or taxi company that has accepted the transfer.
▶︎ We pass on the data required for billing to the payment service providers commissioned by us in the course of the payment process; your payment data (in particular data on methods of payment) are stored by them.

The legal grounds for this data processing results from Art. 6 para. 1 S. 1 lit. b GDPR, as this data processing is necessary for the performance of the contract or to take steps at your request prior to entering a contractual relationship between you and moovel as well as the mobility contract between you and the respective mobility provider with the participation of moovel. Data processing by the mobility service provider is subject to the Privacy Policy of the respective mobility service provider.

If you provide additional personal data during registration - such as your profile on social networks - which is not required for the provision of our services, this is always on a voluntary basis and can be used to individualize your account and for communication purposes with us or the mobility providers. We then only process this data for these purposes. You can delete this data at any time.

The data required to process the contract - such as master data, contact data and information on mobility services used - will be kept for a further period of three (3) years after termination of the business relationship. On the other hand, information on mobility services used during the business relationship is only kept for three (3) years. The storage of the data serves to fulfil possible warranty or recourse claims. The period begins at the end of the year in which the data were processed. After expiry of these deadlines, all your personal data will be irretrievably deleted.

1.1. Payment processing: Payment via PayPal and payment via credit card

▶︎ If you use the offered payment method via PayPal (credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal), the data necessary to settle the payment will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). Further information about data protection at PayPal can be found on the PayPal website at: https://www.paypal.com/al/webapps/mpp/ua/privacy-full?locale.x=en_AL.

▶︎ Credit card payments are processed by our service provider Braintree, a division of PayPal Inc, 22-24 Boulevard Royal, L-2449, Luxembourg, which is why we transfer your data to this service provider. You can find Braintree's privacy policy at: https://www.braintreepayments.com/legal.

In both cases, your payment data is stored with the service provider. The payment service provider is responsible for your payment data. The legality of this data processing results from Art. 6 Para. 1 S. 1 lit. b DS-GVO, as this data processing is necessary for payment processing for the services used.

1.2. Invoice creation and mailing

Our own invoices and invoices issued by us on behalf of the individual mobility service providers are send only by e-mail. Please note that communication by e-mail may be subject to security breaches. Invoices are kept for ten (10) years on the basis of statutory retention obligations - such as obligations under commercial law and tax law. The period begins at the end of the year in which the invoice was created. During the retention period, this personal data is completely restricted and no longer accessible for further data processing.

1.3. Online validation of driving licenses

The use of a car sharing offer requires the possession of a valid driving licence to drive a car. In our app you can carry out the necessary verification of your driving license as part of an "online" validation. In the course of this procedure, the photographs you have taken of your driving licence and the portrait you have created yourself will be collected and processed for the purposes of driving licenses control. First an automated extraction of the data required to check the driver's license, then a comparison of the images (face-match) and then a storage of the received images as permanent (for the duration of the business relationship) proof of the control of the driver's license by us. For the automated validation process we use the services of Jumio India Pvt. Ltd. in India (Jumio India Private Ltd., 308-311, Geetanjali tower, Near civil line metro station, Ajmer road, Jaipur - 302006), to which your information is transferred in this context. The data transmitted to Jumio India Pvt Ltd. is irretrievably deleted within one day. An adequate level of data protection is established by agreeing the standard contractual clauses for contractors in accordance with Commission Decision 2010/87/EU. You can download the contents of the standard contract here: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087". In the event that automated processing cannot be carried out (e.g. in case of poor image quality), our service provider exciting AG, Dornhofstr. 38A, 63263 Neu-Isenburg, Germany, performs a manual post-processing. Participation in online validation is only possible with your express consent, which is why Art. 6 para. 1 S. 1 lit. a GDPR forms the legal basis for data processing. This consent can be revoked at any time with effect for the future. You can revoke your consent by sending an e-mail to hello@moovel.com

In the validation process we also check your personal customer data against sanction lists and compliance lists within the framework of legal requirements and within our own legitimate interests.

2. Recipients of personal data

Your personal data will not be transmitted to third parties unless this is necessary for the purpose of contract processing or due to legal requirements or you have expressly consented.

2.1. Disclosure of personal data to public authorities

Your personal data will only be transmitted to public authorities if the information is requested on the basis of legal requests for information.

2.2. Fraud prevention and debt-management

For reasons of fraud prevention, we transmit your master data to credit agencies when you first enter and change your master data or in the event of objective suspicions. For this purpose we use the service of Deutsche Post AG (Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany). The legal basis of the data processing results from Art. 6 para. 1 S. 1 lit. c GDPR. Our legitimate interest follows from the fact that, due to the business relationship and with regard to bad debts, we must verify whether you are registered or available at the address provided.

In the event of non-payment of the amount for the mobility service used, we reserve the right to commission a collection agency to collect the service. The legal basis for this data transfer is Art. 6 para. 1 S. 1 lit. f GDPR. Our legitimate interest is that a debt collection agency can provide a more effective and economically sensible enforcement of claims.

2.3. Use of data for customer service

We use your data to ensure the quality of our customer service. For example, we retain requests you make to our customer service (e.g. by telephone, e-mail, letter or social media channels) and the associated responses to you for a period of three (3) years. This allows us to respond better to inquiries or suggestions for changes and allows us to meet possible warranty or recourse claims. The period begins at the end of the year in which the data were processed. After expiry of these periods, all personal data are irretrievably deleted. The legal ground of this data processing results from Art. 6 Para. 1 S. 1 lit. b GDPR, as this data processing is necessary to ensure customer service in the context of the contractual relationship.

2.4. Data processing for direct marketing

For advertising purposes, we may use your name, title and e-mail address to send you information about our own similar products or services (not personalized) by electronic mail (in particular by e-mail, SMS, or MMS). In connection with the data processing for the sending of newsletters we use the service of Episever GmbH, Wallstraße 16, 10179 Berlin, Germany. You can object to this use of your personal data for advertising purposes at any time by sending an informal e-mail to hello@moovel.com or via the link at the end of the electronic mail (in particular for newsletters). Upon receipt of your objection, your data will be deleted for this purpose. The legal basis for the sending of non-personalised electronic mail as a result of the provision of services is Section 7 (3) UWG.

3. Service providers used

In addition to the aforementioned, we use external service providers (e.g. computer centres) to process your data. These have been carefully selected by us and process the personal data exclusively according to our instructions and under our control. These are in detail:

• Amazon Webservices, Amazon.com, Inc., P.O. Box 81226 Seattle, WA 98108-1226 USA - hosting and operation of our central IT system
• Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - provision of the “Apps for Work” products (in particular, e-mail services)

4. Social login

We offer the option of registering with us directly via an existing social media account for certain social networks or establishing a connection to an existing user account.

4.1. Registration via Facebook

In the course of registering with us via Facebook, we require your consent for the following exchange of data between us and Facebook. If you give this consent, you will initially be redirected to Facebook. Facebook will then request that you log in with your user name and password. This data is not transferred to us. If you are already registered with Facebook with your end device, this login step will be skipped. Facebook will now inform you which data will be transferred to us and will ask you to confirm your agreement to this. Facebook will transfer the data available in your public profile to us, but we will only use your first name, surname and your Facebook ID. Additionally, Facebook will also transfer your date of birth and your address data to us. This data will initially be used by us to set up your customer account and subsequently used as described in this Privacy Policy. The legal basis and duration of this data processing can be found under § 2 No. 1 of this document. We require your Facebook ID in order to be able to identify you if you submit a request via Facebook. There will be no further, in particular, no permanent connection between your user account with us and your Facebook account. The legal basis and duration of this data processing can be found under § 2 No. 1 of this document.

During the login process, Facebook receives information that you are registering with us. However, we will not transfer any further data to Facebook. For the purpose and type of subsequent data processing by Facebook, please refer to Facebook's Privacy Policy. You will also find information there about your existing rights and settings options to protect your privacy. The Facebook Privacy Policy is available at: https://www.facebook.com/about/privacy/.

4.2. Registration via Google

In the course of registering with us via Google, we require your consent for the following exchange of data between us and Google. If you give this consent, you will initially be redirected to Google. Google will then request that you log in with your user name and password. This data is not transferred to us. If you are already registered with Google with your end device, this login step will be skipped. Google will now inform you which data will be transferred to us and will ask you to confirm this. The following data will be transferred to us: First name and surname, your verified email address, your address data and Google profile ID tokens. We require your Google profile ID tokens to enable the transfer of your Google data to our customer data bank.

This data will initially be used by us to set up your customer account and subsequently used as described in this Privacy Policy. There will be no further, in particular, no permanent connection between your user account with us and your Google account. The legal basis and duration of this data processing can be found under § 2 No. 1 of this document. The legal basis and duration of this data processing can be found under § 2 No. 1 of this document. During the login process, Google receives information that you are registering with us. However, we will not transfer any further data to Google. For the purpose and type of subsequent data processing by Google, please refer to Google's Privacy Policy. You will also find information there about your existing rights and settings options to protect your privacy. The Google Privacy Policy is available at: https://www.google.de/intl/policies/policies/privacy/.

5. Information saved on your end device

We store some information on your device. For this purpose, instead of cookies, we use a functionally comparable technology (hereinafter referred to collectively as "cookies") in the app in order to be able to optimally design the app. This facilitates navigation and a high degree of user-friendliness of the app.
Cookies are small files that are saved on your end device. They are used to determine whether any communication has already been made from your end device to moovel. Only the cookie on your end device is identified. Personal data can be saved in cookies if you have consented to this or if it is absolutely necessary technically, for example, to enable protected login.

We store the following information on your device: We save several selected search suggestions in the places search in order to improve new search requests and the reuse of locations already entered. Furthermore, information about the stations in your vicinity is stored so that it is available without additional server requests. By saving the animated ticket, the display of the purchased ticket is possible without connection to the Internet. This ticket is then deleted after expiration of its period of validity. We also save your payment data and the name of the payment method so that the display of payment data is possible without connection to the Internet.
Additionally, we save information to check whether a compatible app version of the configuration exists and to carry out specific requirements of the app for the respective mobility providers. The use of Javascript ensures quick display of the ticket configurations. We save the e-mail address so that it is available without a server request. This also applies for address data, which we transfer to the respective service providers when certain mobility services are used. The access and refresh tokens also contain the data assigned during login in encrypted form which is used for the authentication of the user and for allocation in the course of a session. The token is generated with the same certificate once per hour. For this, the device ID is used for the recognition of your end device. The token also allows the user the option of sending a push message if the corresponding authorization exists. Our legitimate interest lies in the aforementioned data processing processes and the purposes pursued with them. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. We delete this information as soon as processing or storage is no longer necessary to safeguard the aforementioned interest.

If the data processing is based on your consent, this consent can be revoked at any time with effect for the future. Revocations of the given consents can be sent by post to moovel Group GmbH, Datenschutz, Hauptstätterstr. 149, 70178 Stuttgart or by e-mail to hello@moovel.com You will not have to pay any costs for the revocation, except for the costs incurred for the transmission at the basic rate. Your revocation does not affect the legality of data processing until revocation on the basis of your consent. Further processing of this data on the basis of a different legal basis also remains unaffected.

7. Rights of the data subject

As a person affected by the data processing, you have the right to obtain information about the data stored by us (Art. 15 GDPR), to have incorrect data corrected (Art. 16 GDPR), data erasure if there is no legal reason for further storage (Art. 17 GDPR), to demand restrictions on the processing of your data (Art. 18 GDPR) and data transferability with regard to the data that you have provided us (Art. 20 GDPR). To exercise this right, you can send us an e-mail to hello@moovel.com at any time.

8. Right to object

You can object at any time, free of charge and with effect for the future, to any data processing that is carried out on the basis of Art. 6 para. 1 e) or f) GDPR or for direct advertising purposes. To exercise your right to object, you can send us an e-mail to hello@moovel.com

9. Revision clause

We reserve the right to change the present Privacy Policy from time to time. Updated versions will be released at https://appdata.moovel.com/whitelabel/en/privacy.html. Please check whether there is an update available before each booking.

B. Privacy Policy for the website

We are pleased about your visit to our website and your interest in our company. We want you to feel comfortable visiting our website. The protection of your privacy and compliance with the applicable data protection laws is extremely important to us. For this reason, we would like to inform you in our data protection policy what data we collect when you visit our website, for what purposes and how it is used. This data protection declaration applies to our website and the various subdomains (hereinafter referred to as "our website") that can be accessed via it. You should therefore take a moment to read our privacy policy and contact us at hello@moovel.com if you have any questions.

Our website may contain links to websites or services of other providers, over which we have no control. This Privacy Policy does not extend to these and we accept no liability for the content, technical security or activities of these external websites or services. We therefore recommend that you read their privacy policies carefully.

The controller for data processing pursuant to Art. 4 para. 7 of the General Data Protection Regulation (GDPR):
moovel Group GmbH
Hauptstätter Straße 149 70178 Stuttgart, Germany
Managing directors: Dr. Daniela Gerd tom Markotten, Dr. Johannes Prantl

You can contact our data protection officer at: Data Protection Officer
moovel Group GmbH
Hauptstätter Straße 149 70178 Stuttgart, Germany
E: dataprotection@moovel.com

1. How and for what purposes we process the information

When you visit our website, our web servers store as standard, among other things, details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit and for security reasons, e.g. to identify attacks on our website, the IP address assigned to you by your Internet service provider, which is stored for seven days. With the exception of the afore-mentioned data and the IP address, we only store personal data if you provide us with this voluntarily for the execution of a contractual relationship.

You are not legally or contractually obliged to provide your personal data. However, it is possible that certain functions of our websites depend on the provision of personal data. If you do not provide personal data in these cases, this may result in functions not being available or only being available to a limited extent.

We use your personal data for the sole purpose of technical administration of the website, customer administration, product surveys and marketing, only to the extent necessary in each case.

2. Newsletters

Our website can be used to subscribe to newsletters. The data provided during the newsletter registration will be used only for the purposes of sending out the newsletter, provided you have not consented to other use. You can cancel the subscription at any time by using the unsubscribe option provided in the newsletter.

3. Social plugins

We use so-called social plugins ('buttons') of social networks such as Facebook, Google+ and Twitter. When you visit our websites these buttons are deactivated by default, i.e. without your intervention they will not send any data to the respective social networks. Before you are able to use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies. Information on cookies can be found on our cookies information page: https://www.moovel.com/cookies.

After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website by it.

After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to other moovel websites unless and until you activate the respective button there as well. If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons. We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.

4. Cookies

Information on the cookies that we use and their features can be found on our cookies information page: https://www.moovel.com/cookies.

6. Analysis of usage data

We use Google Analytics on our website. This is a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. As we only use Google Analytics while the activation of the IP anonymization is enabled, Google truncates/anonymizes the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. In this case, the "appropriate level of protection" for the processing of personal data is guaranteed by certification according to the so-called "EU-U.S. Privacy Shield". On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

7. Data Security

We use technical and organizational security measures to protect the data supplied by you against manipulation, loss, destruction, and access by unauthorized parties. Our security measures are continuously improved in accordance with technological development.

8. Revision clause

We reserve the right to change the present Privacy Policy from time to time. Updated versions will be released at https://appdata.moovel.com/whitelabel/en/privacy.html. Please check whether there is an update available before each booking.

Insofar as you have given us your consent for the processing of your personal data, that consent is the legal basis for the processing (Art. 6 para. 1 letter a GDPR).

For the processing of personal data for the purposes of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.

Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g. for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 letter c GDPR.

In addition, we process personal data for the purposes of safe-guarding our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 para. 1 letter f GDPR. Maintain-ing the functionality of our IT systems, marketing our own and third-party products and services as well as documenting business contacts as required by law are such legitimate interests.

10. Rights of the data subject

As a person affected by the data processing, you have the right to obtain information about the data stored by us (Art. 15 GDPR), to have incorrect data corrected (Art. 16 GDPR), data erasure if there is no legal reason for further storage (Art. 17 GDPR), to demand restrictions on the processing of your data (Art. 18 GDPR) and data transferability with regard to the data that you have provided us (Art. 20 GDPR). To exercise this right, you can send us an e-mail to hello@moovel.com at any time.

11. Right to object

You can object at any time, free of charge and with effect for the future, to any data processing that is carried out on the basis of Art. 6 para. 1 e) or f) GDPR or for direct advertising purposes. To exercise your right to object, you can send us an e-mail to hello@moovel.com.