back to the homepage
Pendlernetz

Using Internet Explorer may prevent the website from functioning properly.

Privacy

Privacy policy for twogo and the websites and services associated therewith

We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy explains how and for what purposes we process your personal data when you visit our website, visit us on social media, contact us and/or use our twogo app.

As a rule, the personal data of yours that we collect is obtained directly from you. The statutory basis is, in particular, the EU General Data Protection Regulation (GDPR).

A. Controller within the meaning of Article 4(7) GDPR

The controller within the meaning of Article 4(7) GDPR responsible for the processing of data described below is:

Schwarz Mobility Solutions GmbH
Stiftsbergstraße 1
74172 Neckarsulm, Germany

e-mail: info@twogo.com

B. Visiting our website and our social media sites

1. Communication by e-mail/telephone/mail/contact form

1.1. Purposes of the processing/legal basis
We treat all personal data that we receive from you by e-mail, telephone, mail or contact form confidentially. We use your data solely for the limited purpose of processing your inquiry. The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the interest in responding to your inquiries so that customer satisfaction is ensured and promoted. When you send us personal data by contacting us for purposes of initiating or performing an existing contractual relationship, Article 6(1)(b) GDPR is the legal basis for data processing.

1.2. Recipients/categories of recipient
We transfer your personal data on an ad hoc basis and to the extent necessary to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, Germany, which processes any customer inquiries you send by mail, e-mail and/or via the contact form on our behalf.

1.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your request, we will not be able to process or respond to it.

1.4. Storage time/criteria for determining storage time
We delete or securely anonymize all information we receive from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact us again after a receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.
Personal data that you send to us as part of initiating or performing a contract will be deleted after no more than 12 years.
 

2. Data processed when you visit this website

2.1. Purposes and legal basis of processing
When you visit this website, log files are generated containing the following information:

  • the website from which you visit our site;
  • the IP address;
  • the date and time of access;
  • the client request;
  • the http response code;
  • the data volume transmitted; 
  • information about the type of browser and operating system you are using.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses this website.

Where processing of the aforementioned data is necessary for preparing or performing a contractual relationship, we process your data on the basis of Article 6(1)(b) GDPR.

2.2. Recipients/categories of recipient
In exceptional cases, your personal data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, for support and maintenance purposes because the twogo app and its data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

2.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our site. The only way to prevent your data from being processed is to stop using our website.

2.4. Storage time
We store the aforementioned data for a period of 32 days.
 

3. Cookies

We, Schwarz Mobility Solutions GmbH, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, are the controller with respect to data processing in connection with the use of "cookies" and other similar technologies to process usage data on all (sub-)domains at www.twogo.com / www.twogo.de.

Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that results in connection with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.

You may also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You may also configure your browser to refuse acceptance of all or some cookies from certain sources. Please be advised, however, that disabling cookies may limit the functionality of this website.

3.1. Purposes and legal basis of processing
Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:

  • Necessary: these cookies help to make a website usable by enabling basic functions such as site navigation and access to secure pages. The website cannot function properly without these cookies.
     
  • Preferences: Using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our website in a language relevant to you. They also mean we can avoid displaying products that may not be available in your region.
     
  • Statistics: These methods enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our websites to user habits.
     
  • Marketing: These enable us to display relevant advertising content based on an analysis of your usage behavior. Your usage behavior can also be tracked over various websites, browsers or devices via a user ID (unique identifier).

Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:

Necessary:

  • authentication data to identify a user after signing in, enabling you to access authorized content on subsequent visits (e.g., access to your customer account;
  • security-related events (e.g., identifying repeat failed sign-in attempts);
  • data to play back multimedia content (e.g., playing (product) videos selected by you).

Preferences:

  • settings to customize the user interface that are not linked to a permanent identifier (e.g., selecting the displayed language).

Statistics:

  • Pseudonymized usage profiles containing information on the use of our websites. These contain in particular:
     
  • browser type/browser version;
  • operating system used;
  • referrer URL (i.e., the previously visited page;
  • host name of the accessing computer (IP address);
  • time of server request;
  • individual user ID; and
  • events triggered on the website (web browsing behavior).
  • The IP address is routinely anonymized, which in principle means it is no longer possible to identify you.
  • We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us separate express permission to do so. In itself, we cannot use the user ID to identify you.

Marketing

  • Pseudonymized usage profiles containing information on the use of our websites. These contain in particular:

 

  • IP address;
  • individual user ID;
  • products potentially of interest;
  • events triggered on the website (web browsing behavior).

 

  • IP addresses are routinely anonymized, which in principle means it is no longer possible to identify you.. 
  • We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us separate express permission to do so. In itself, we cannot use the user ID to identify you. We may potentially share the user ID and associated usage profiles with third parties via providers of advertising networks.

The legal basis for using preference, statistics and marketing cookies and similar technologies is your consent given pursuant to Article 6(1)(a) GDPR. The legal basis for using technically necessary cookies and similar technologies is your consent given pursuant to Article 6(1)(b) GDPR.

You may withdraw/modify your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal. Click here to make your selection. For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie policy.

3.2. Recipients/categories of recipient
:

When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers, particularly from the field of online marketing, to process data. These service providers process data on our behalf. If you have consented to processing for marketing purposes, we may potentially share your User ID and the associated user profiles with third parties via the providers of advertising networks. For information about other recipients in connection with using cookies to process data, see our cookie policy under the heading "Providers".

3.3. Transfer of data to third countries
As a rule, we do not transfer your data to recipients located outside of the European Union or the European Economic Area. To the extent that you have consented to the use of the relevant cookies, your data will only be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, if it is processed using Google Analytics. Some of these servers are located in the U.S. Data is transferred on the basis of standard EU data protection clauses.

3.4. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us. You may prevent cookies from being stored by adjusting the aforementioned settings, selecting the categories of cookies accordingly or by withdrawing or modifying any consent you may have given.

3.5. Storage time
For information on the duration of storage for cookies, see our cookie policy. If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn.
 

4. Newsletter

4.1. Purposes and legal basis of processing
We offer you the opportunity to subscribe to our newsletter. If you consent to receive our newsletter, we will use your e-mail address and name (if provided) to send you (where possible personalized) information about twogo and related promotions, prize draws and news.

With your consent, we record your usage behavior on our site. The analysis of usage behavior includes, in particular, which areas of the respective website or newsletter you visit and which links you click on there. In the process, personalized usage profiles are created under your name and/or e-mail address in order to send you more targeted interest-based marketing communications in the form of newsletters and optimize our online services.

The legal basis for such processing is your consent pursuant to Article 6(1)(a) GDPR. To ensure that no mistakes are made when entering the e-mail address, we use the "double opt-in" procedure: once you enter your e-mail address in the registration field, we will send you a confirmation link. Your e-mail address will not be added to our distribution list until you click on the confirmation link.

You may withdraw your consent to receive the newsletter at any time with effect for the future, e.g., by unsubscribing from the newsletter on our website. The link to the unsubscribe page is provided here or at the bottom of every newsletter. When you unsubscribe, we consider your consent to the creation of a personalized user profile and the receipt of newsletter based thereon as withdrawn. We will delete your usage data. The lawfulness of the processing carried out until such time as we receive your notice of withdrawal shall not be affected.

4.2. Recipients/categories of recipient
In exceptional cases, your personal data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, for support and maintenance purposes because the twogo app and its data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.
4.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us. Subscribing to our newsletter is voluntary and always subject to your consent.

4.4. Storage time
Your e-mail address and your name (if provided) will be deleted as soon as you unsubscribe from our newsletter.
 

5. Social media plugins

5.1. Purposes and legal basis of processing
We use social media plugins on our website based on your consent given on the basis of Article 6(1)(a) GDPR for Facebook and Twitter to enable you to share rides scheduled or organized using twogo on those social networks. The respective provider is responsible for ensuring that its site is operated in compliances with data protection laws.

We use a so-called two-click solution to embed these plugins in order to better ensure the privacy of visitors to our website. This means that when you visit our site, no personal data is initially transferred to the plugin providers. With the two-click method, the social media plugins embedded on our website are initially disabled and you may elect to enable them by clicking on the plugin symbol. Your personal data will not be transmitted to the respective social media provider unless or until the service is enabled.

Once activated by you, the plugin creates a direct connection between your browser and the social media provider's server. It is possible to rescind this activation at any time. Disabling plugins does not mean that previously transmitted data will be deleted by the relevant social media provider. You may withdraw/modify your consent at any time with effect for the future by disabling the social media plugin. The lawfulness of the processing carried out until your withdrawal shall not be affected.

We have no control over the data collected or the processing operations, nor do we have any knowledge as to the full scope of data collection or the purposes of processing.

The plugin provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or tailoring its website to users' needs. This type of analysis is performed in particular (including for users who are not logged in) for the purpose of presenting interest-based advertising and to inform other users of the social network about your activities on our website. You have a right to withdraw your consent to the creation of such user profiles at any time with effect for the future, but must contact the respective plugin provider to exercise this right The plugins we offer allow you to interact with the social networks and other users, so that we can optimize our services and make them more attractive to you as a user.

The data is transmitted regardless of whether you have an account with the plugin provider and are logged in there If you are logged in with the plugin provider, the data we collect will be directly attributed to your account with the plugin provider. If you click on the activated button and, e.g., link the page, the plugin provider will also save this information in your user account and publicly share it with your contacts. We recommend that you log out after using a social network generally, but in particular before activating the button to avoid data being attributed to your profile with the plugin provider.

5.2. Recipients/categories of recipient
Our website contains the social media plugins for the following providers: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland; https://twitter.com/privacy.

5.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us. You will not experience any adverse effects if you chose not to click on and use the social media plugin.

5.4. Storage time
We have no information about how long the plugin provider retains the data it collects.
 

6. Our social media sites

6.1. Responsibilities The party responsible for the collection and processing of data described below (the controller) is in some cases us, Schwarz Mobility Solutions GmbH, and in some cases the operator of the relevant social media platform. For certain types of processing, we and the platform operator act as joint controllers as defined in Article 26 GDPR.

We use the following social media sites:

6.2. The platform operator as controller
We have only limited control over the processing of data by the operators of social media platforms (e.g., the management of members and the information shared). In the situations in which we are able to have influence and can set parameters for the data processing, we endeavor to ensure within the confines of the options available to us that the social media platform operator deals with the data in accordance with data protection law requirements. In many cases, however, we are unable to influence the way in which social media platform operators process data and also do not know exactly which data they process.

Platform operators operate the entire IT infrastructure of the service, have their own privacy policies and maintain their own user agreements with you (where you are a registered user of the social media service). The operator is also solely responsible for all questions relating to the data that makes up your user profile, which we as a company have no access to. You will find further information about the data processing performed by social media platform operators and your rights to object in the privacy policies of the operators:

6.3. Our responsibility as Schwarz Mobility Solutions GmbH

6.3.1. Purposes and legal basis of processing
We process data on our social media sites for the purpose of providing information to customers about services, promotions, prize draws, specific topics and latest company news, to interact with visitors to our social media sites on these topics, and to respond to relevant inquiries and positive or negative feedback.

We merely reserve the right to delete content if it becomes necessary to do so. We may share your content on our site if this is one of the functions of the social media platform, and communicate with you through the social media platform. Article 6(1)(f) GDPR is the legal basis for this. The processing is carried out for the purpose of our public relations work and communications. Operators have no ability to influence our processing of your data in connection with customer communications or prize draws.

As already mentioned, where social media platform operators give us the option, we make sure we design our social media sites to be as compliant as possible with data protection laws.

6.3.2. Recipients/categories of recipient
The data entered by you on our social media sites, such as comments, videos, images, likes, public messages, etc., is published by the social media platforms and is not used or processed by us for other purposes at any time. We merely reserve the right to delete unlawful content if it becomes necessary to do so. This would be the case, for example, for posts that infringe rights or violate the law, comments that incite hatred, offensive comments (sexually explicit content) or attachments (e.g., images or videos), which may be in violation of copyright laws, moral rights/rights of publicity or criminal law.
We may share your content on our site if this is one of the functions of the social media platform, and communicate through the social media platform. If you post an inquiry on the social media platform, we may also, depending on the required response, refer you to other more secure modes of communication that guarantee confidentiality. You always have the option of sending confidential inquiries to us at our address listed under no. 1 above or in the "legal notice" section of our website.

6.3.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us. When you use our social media sites for purely informational purposes, we do not collect any personal data. You can still visit our sites even if you do not wish to provide us with any personal data, but you will not be able to use any enhanced features such as the news function and the function allowing you to post images or comments etc.

6.3.4. Storage time
We delete or securely anonymize all information we receive from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact us again after a receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.

All public posts that you put on our social media sites remain in the timeline for an indefinite period, unless we delete them as part of updating the information on the topic, they violate the law or breach our guidelines or policies, or you delete the post yourself. We have no control over the deletion of your data by the operator itself. The privacy policy of the relevant operator therefore also applies in relation to the storage period.

6.4. Processing as joint controllers
In some cases, we and the operator of the social media service act as joint controllers as defined in Article 26(1) GDPR:

We and the platform operator act as joint controllers with regard to the web tracking methods used by the social media platform operator. Web tracking can occur regardless of whether you are logged in or registered on the social media platform. As already explained, unfortunately we have almost no control over the web tracking methods used by social media platforms. We are unable, for example, to switch web tracking off.

The legal basis for the web tracking methods is Article 6(1)(f) GDPR. Optimizing social media platforms and the relevant fan pages is seen as a legitimate interest for the purpose of the above provision.

For further information about recipients and categories of recipients and the duration of data storage and the criteria for determining the storage period, please refer to the privacy policies of the platform operators. We do not have any control over this.

You will find information on the rights available to you to prevent these web tracking methods in the privacy policies of the platform operators. You can also contact the platform operators about this using the contact details provided in the legal notice section of their respective websites.

We have only a very limited ability to influence and prevent the provision of statistics to us by social media platform operators. However, we do make sure that we do not receive any additional optional statistics.

Please be aware that it is possible that social media platforms will use your profile and user behavior data in order to analyze, for example, your habits, personal relationships and preferences etc. Schwarz Mobility Solutions GmbH has no control over the processing or disclosure of your data by social media platform operators.

C. Using twogo

1. Setting up a twogo user account and using twogo

1.1. Purposes and legal basis of processing

1.1.1. Information required to use twogo
If you wish to set up a twogo user account and use twogo, you must provide us with the following information:

first and last name (master data):

  • are displayed to all carpool members and their followers as well as to those users to whom you send a ride request.

E-mail address (contact data):

  • is used by the users for registration.
  • Is provided to all carpool members and their followers as well as those users to whim you send a ride request.
  • We also use your e-mail address to communicate with you, confirm the activation of your account and send you information about how to use twogo.
  • If you are a licensed user, we will send you an e-mail at regular intervals to the e-mail address you provided asking you to click on a confirmation link. In this way we verify that you are still with the licensed company.

Password:

  • is used by the users for registration.

Cellphone number (contact data):

  • is provided to all carpool members.
  • We also use your cellphone number if you wish to receive notifications from twogo. (This twogo function is only available in selected countries, in which case your data will only be processed in those countries for the stated purposes.)

Private and business address (contact data):

  • standard setting of departure point and destinations for regular rides.
  • Is used to quickly enter ride requests and receive ride recommendations from twogo.

Ride request data:

  • includes role as driver, passenger or both, departure and destination address, earliest departure date & time, latest arrival date & time, maximum number of passengers and whether a round-trip is required (incl. departure and destination address and times for any return ride).
  • Is used by twogo to arrange the suitable carpool and also by your followers and the users to whom you sent a ride request.
  • Is displayed to the licensed company for purposes of statistical analyses when a pool vehicle of the licensed company, which is your employer or customer, is booked.

Vehicle data:

  • if you use twogo as a driver, this information is required for using twogo.
  • Includes make, model, color, license plate. o If you offer rides as a driver, your vehicle data will be sent to all carpool members.
  • Followers and users to whom you send a ride request will be notified of the number of available seats and your desired role.

Information about your employer (for independent contractors, information about your customer):

  • using the e-mail address or any token you used to registered with twogo, we check whether you are an independent subcontractor or employee of a licensed company so that we can assign you to that company and offer you expanded functions in twogo.

We process your data on the basis of Article 6(1)(b) GDPR so that we can create and provide your user account and make twogo services available to you and you can link to the ride requests and carpools that you create or join while using our service. This information is also used for exchanging information with you and your followers and passengers for a ride request or ride referral.

1.1.2. Optional information
You may enter additional optional information into your togo account. Depending on the data you enter and in addition to the aforementioned required data, we also process the following data in particular:

Data relating to your location:

  • is sent to the other passengers in your carpool if the mobile app has been installed and the localization function in the app has been enabled. This makes it easier to locate drivers and passengers in public.

Vehicle data:

  • if you only use twogo as a passenger, this information is optional.
  • Includes make, model, color, license plate. o If you offer rides as a driver, your vehicle data will be sent to all carpool members.
  • Followers and users to whom you send a ride request will be notified of the number of available seats and your desired role.

Locations (e. g., buildings on the company premises as the departure and destination address)

  • are used to provide the user with predefined (company-specific) locations for quick entry.

Nickname/pseudonym

  • may be used when the user wants to participate in challenges in twogo but does not want their real name to appear on the leaderboard.

Photo

  • is used to personalize your profile and to send to members of the carpool for identification purposes.
  • For display in the followers function. Your photo will be displayed in the list of followers for the respective user (driver/passenger) you want to follow. Your photo will also be displayed in the lists of those users following you as well as on the ride recommendation that you share with the users following you. Users may follow you once you have booked a ride with twogo or expressly invite them to follow you.

Gender

  • is used to match you with ride requests from users who only want female drivers or passengers, where applicable.

Vehicle photo:

  • is used to personalize your profile and to send to members of the carpool for identification purposes.

If you use the twogo points account, the ride request or ride data (as driver, passenger or outstanding ride request) is used to manage your points account.

If you are a licensed twogo user and wish to participate in a challenge initiated by your licensed company, we send your name, the points you earned for the challenge and e-mail address to the licensed company.

We process your data on the basis of Article 6(1)(b) GDPR so that we can create and provide your user account and make twogo services available to you and you can link to the ride requests and carpools that you create or join while using our service. This information is also used for exchanging information with you and your followers and passengers for a ride request or ride booking.

1.2. Recipients/categories of recipient
Your personal data may to the extent necessary be sent to other twogo users so that we can make various twogo services available to you. If these users are licensed users, the data transferred may also be accessible to the licensed company with which they are affiliated as that company generally has access to the e-mail address used by the licensed users to which data of yours may be sent. See section 1.1 for information on the purposes of the data transfer and the categories of potential recipients.

If you are a licensed user, your licensed company may designate one or more person(s) as administrators for the licensed version of twogo. For support purposes, the administrators may have access to all of your personal data and carpools/ride requests and block/unblock your account. If you are a licensed user and book a pool vehicle of your licensed company, statistical analyses (see also, point 4) for your ride data may be transmitted to the licensed company.

If you carpool as a passenger in a pool vehicle of a licensed company, your ride data may be displayed to the licensed company for purposes of statistical analysis (see also point 4). This is the case even if you are not a licensed user and thus not an independent contractor/employee of the licensed company.

If you are a licensed user and your licensed company offers reserved parking, we will disclose your license plate number to authorized persons of that company upon request to verify that you have a parking permit if you are the driver of a booked or still unbooked carpool.

In exceptional cases, your personal data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, for support and maintenance purposes because the twogo app and its data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

We transfer your personal data on an ad hoc basis and to the extent necessary to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, Germany, which processes any customer inquiries you send by mail and/or e-mail on our behalf.

Other recipients may be given access to your personal data on an ad hoc basis, but only to the extent necessary and where the provision of the twogo service so requires.

1.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide personal data to us if you are not interested in using twogo. However, if you do wish to use twogo and create a user account, our Terms of Use require that you provide the correct and complete mandatory information.

1.4. Storage time
We delete you personal data as follows:

Name, e-mail address, password:

  • deleted 7 days after registration if the registration is not confirmed. 
  • deleted after 365 days of inactivity on the part of the registered user. 
  • deleted when the contractual term of a license expires: if you are a licensed user and the license of your licensed company expires, your twogo user account will be permanently deleted at that time.
  • Permission to use canceled if you are an unauthorized license user.
  • Canceled promptly after you delete your user account.

Other profile data:

  • deleted after 365 days of inactivity on the part of the registered user.
  • Deletion when the contractual term of a license expires: if you are a licensed user and the license of your licensed company expires, your twogo user account will be permanently deleted at that time.
  • Permission to use canceled if you are an unauthorized license user.
  • Canceled promptly after you delete your user account.

Ride request data (departure and destination address, earliest departure date & time, latest arrival date & time)

  • canceled promptly if the user cancels the ride request
  • deleted 41 days after the ride date.
     

2. Data when using twogo via a web browser

2.1. Purposes and legal basis of processing
Apart from any processing of the data mentioned above, when you use twogo via a web browser, we process the following personal data in particular:

  • the date on which you accessed the service and the action you executed. We use this data for support purposes and to measure the frequency of use.
  • We also log your IP address. This helps us to fend off attacks on the system and rectify errors in service.
  • For further information, see the privacy policy for using our website.

We process the data on the basis of Article 6(1)(b) GDPR so that we can create and provide your user account via a web browser and make twogo available to you.
 

3. Data when using twogo via the twogo app

3.1. Purposes and legal basis of processing
Apart from any processing of the data mentioned above, when you use twogo via the twogo, we process the following personal data in particular:

  • the date on which you accessed the service and the action you executed. We use this data for support purposes and to measure the frequency of use.
  • We also log your IP address. This helps us to fend off attacks on the system and rectify errors in service.
  • Your device identifier, unique number of the terminal device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile terminal device, e-mail address

Use of push notifications

  • If you use the twogo app for Android or iOS, you will be notified about ride requests and status changes to rides via push notification. For this purpose, a device ID for the twogo app will be associated with your mobile device the first time you open the app (after installation, before log in) by Google's Firebase Cloud Messaging service (FCM)/Apple Push Notification Service (APNS).
  • When you log in to twogo using the app, the associated device ID will be assigned to your user account. twogo will then send encrypted messages to the FCM server/APNS for notification of ride requests or ride status changes (e.g., a ride was arranged, or an existing ride was changes or canceled). The FCM server/APNS will send these messages to your mobile phone. The Android/iOS operating system forwards the messages to the twogo app on the device. The twogo app analyzes the messages and executes the appropriate action (e.g., load updated ride data from the twogo server, log the user out, etc.).
  • Please be advised that the servers for the Google Firebase Cloud Messaging (FCM) Service and the Apple Push Notification Service (APNS) may be located outside the scope of "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC"
  • However, no data will be transferred via these servers based on which any connection to you personally can be established, meaning that neither Google nor Apple will receive any personal data of yours.

We process the data on the basis of Article 6(1)(b) GDPR so that we can create and provide your user account via the twogo app and make the twogo services available to you. For some purposes, we process the aforementioned data on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in measuring how often twogo is used and ensuring the technical stability and security of the app.

3.2. Recipients/categories of recipient
In exceptional cases, your personal data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, for support and maintenance purposes because the twogo app and its data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

In order to be able to provide our service to you, we use the mapping services of HERE Europe B.V., Kennedyplein 222-226, 5611 ZT Eindhoven, the Netherlands. In this context, the following data is transferred: departure point and destination, ride start and your IP address. We transfer your personal data on an ad hoc basis and to the extent necessary to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, Germany, which processes any customer inquiries you send by mail and/or e-mail on our behalf.

Other recipients may be given access to your personal data on an ad hoc basis, but only to the extent necessary and where the provision of the twogo service so requires.

3.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide the specified personal data of yours to us. However, if you do not provide the data to us, we will be unable to give you access to twogo via the twogo app.

3.4. Storage time
We store the aforementioned data for a period of 32 days.

3.5. Google Analytics for Firebase
The Google Analytics tool for Firebase allows us to see how many users have installed the twogo app. We can also see if someone clicked on our ads (e.g., on Facebook) and was redirected to the twogo app download. We collect data but do not receive any information that could personally identify users. The information collected with Google Analytics for Firebase is used solely to compile statistics on the success and use of our advertising campaigns. The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in optimizing the twogo app and measuring the success of ads.

3.6. Firebase Crashlytics
If the twogo app crashes, we receive anonymous data indicating which twogo app functions the user had last used before it crashed. This data relates solely to the twogo app and its functions and cannot be associated with any individual user. It is used solely for purposes of error analysis.
 

4. Use of data for statistical purposes

4.1. Purposes and legal basis of processing
If you use twogo as a licensed user, the following data in particular is collected and used for purposes of statistical analysis. This information is not linked to any specific individual. It involves aggregated and therefore anonymized data comprising the information set out below:

4.1.1. User statistics

  • private address [city only specified. If fewer than 5 users are registered in that city, then country only]
  • gender [only if at least 5 users of the same gender are registered in a given city]
  • date last active [only if at least 5 users were active on the same day, otherwise aggregated for the month (displayed as Month 1, year) or the year (displayed as 1/1/year)]
  • profile photo uploaded [y/n]
  • vehicle data provided [y/n]
  • vehicle photo uploaded [y/n]
  • date of registration
  • minimum distance/duration (in percent) of the shared ride
  • ride restricted to women [y/n, only if gender is provided as female]
  • maximum detour time (in minutes) • preferred role (driver / passenger / both)
  • date of registration [only if at least 5 users registered on the same day, otherwise aggregated for the month (displayed as Month 1, year) or the year (displayed as 1/1/year]

4.1.2. Ride request statistics per organization site

  • requested role for that ride
  • ride is booked [y/n]
  • user is driver [y/n]
  • departure/arrival date/time [rounded to the nearest hour ]
  • departure point/destination [city only]
  • date of last activity
  • distance per ride
  • number of seats available for passengers
  • maximum detour time
  • potential savings [CO2 and EUR]
  • user interface via which the request was created [calendar, Web, mobile app]
  • user has shared their location with passengers [y/n]

4.1.3. Daily statistics per organization site

  • number of blocked users who cannot use the service as of the effective date
  • number of users who have not confirmed their e-mail address

We process the aforementioned data on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in providing our licensed business customers with the aforementioned data in the aforementioned form, as this is part of the service we offer our business customers.

4.2. Recipients/categories of recipient
In exceptional cases, statistical data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, for support and maintenance purposes because the twogo app and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

Statistical data is transferred to your employer/customer provided that it is a licensed business customer of twogo and you use twogo in your capacity as a licensed user. Other recipients may be given access to your personal data on an ad hoc basis, but only to the extent necessary and where the provision of the twogo service so requires.

4.3. Obligation to provide your data
You are under no statutory or contractual obligation to provide the specified data to us. However, as you use twogo, the data will be generated and processed by us for the specified purposes and in the specified form and manner.

4.4. Storage time
We store the specified statistical data for one year. Your employer/customer may store the data for a longer period, however we have no control over this.

D. Your rights as data subjects

Under Article 15(1) GDPR, you have the right to obtain information, free of charge, on the personal data stored about you.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR. If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

E. Data Protection Officer

For further questions concerning the processing of your data or the exercise of your rights, please contact the controller's competent data protection officer:

datenschutz süd GmbH
– keyword Schwarz Mobility Solutions –
Wörthstraße 15
97082 Würzburg, Germany

e-mail: office@datenschutz-sued.de