At Erwin Hymer Group SE (hereinafter “EHG”, “we” or “us”), we take the protection of your personal data very seriously. Your privacy is an important concern for us.

This privacy notice applies to the System Connect Service, which is composed of:

1. the functionalities of the respective System Connect Unit contained in the vehicle to control the connected components,
2. the associated Cloud Service (hereinafter: "System Connect Cloud" or "Cloud Service", for short) and
3. the software application or app (hereinafter "System Connect App" or "the app" for short).

The System Connect Unit is available in two different versions:

1. As a System Control Unit (hereinafter “SCU”), it enables the user to perform the functionalities associated with the System Connect Service in the vehicle.
2. As a System Information Unit (hereinafter “SIU”), it allows the user to retrieve various information from sensors in the vehicle that are connected to the System Connect Service; there is also the option to connect additional sensors (if available).

The execution of vehicle component functionalities via the System Connect Service is only possible with the SCU and not with the SIU.

This privacy policy also applies in connection with the System Connect App End User License Agreement (the “EULA”), and the System Connect Terms of Use (the “Terms of Use”).

Personal data, in the sense of this data protection information, is all information that has a reference to you as a user of the System Connect Service.

Data controller:

"Data controller" means the entity that collects, processes or uses personal data (e.g. names, email addresses, or the like). The data controller for data processing in this context is:
Erwin Hymer Group SE
Holzstraße 19
D - 88339 Bad Waldsee
Tel: +49 (0) 7524 – 999 0
Fax: +49 (0) 7524 – 999 220
E-Mail: info@erwinhymergroup.com

Pursuant to Clause 1.5 of the EULA, as well as Clause 1.5 Terms of Use, Erwin Hymer Group SE is the data controller for all functions in connection with the provision of the System Connect Services (SCU, System Connect Cloud and app).

Terms

The technical terms used in this privacy policy are to be understood as defined in Art. 4 GDPR.

“Data controller” and “responsible entity” are used interchangeably.

Pursuant to Clause 16.2 of the Terms of Use and Clause 14.1 of the EULA, the System Connect Services are available for the brands or companies of Erwin Hymer Group SE listed therein, provided that these vehicles are compatible with these services.

The exact designation of the app and the System Connect App is based on the brand or company of the respective vehicle in accordance with Clause 16.2 of the Terms of Use in their current version.

1 Details about the processing of your data

1.1 System Connect

1.1.1 Provision of the System Connect Service

The System Connect Terms of Use of Erwin Hymer Group SE apply to the provision of the System Connect Service. We agree these Terms of Use with you when you purchase a vehicle with an SCU (or an SCU retrofit kit for your vehicle) and when you create a user account in the System Connect Cloud (conclusion of the contract and creation of a user account in accordance with Clause 2 of the Terms of Use) or commission an SIU in your vehicle.

The System Connect Services allow you to either control components and services contained in the vehicle (SCU) or retrieve information from sensors in the vehicle that are connected to the System Connect Service (SIU).

In addition, when using the System Connect App, the aforementioned functions can also be used via a mobile device.

Data/data categories:
Contact details (last name, first name, address, e-mail address), System Connect Unit details (SCU number) vehicle chassis/serial number

Purposes of processing:
Contract fulfilment, provision of the functions of the System Connect Services 

Legal Basis:  
Contract/performance of contract (Art. 6 [1] lit. b) GDPR)

 

1.1.2 Core Functions of the System Connect Service

The SCU and the SIU are connected to various components of the vehicle. With both versions, you can retrieve various information from sensors on your vehicle.

With the SCU you can perform coordinated functions in the vehicle.  This allows you to view the current status of your vehicle or make adjustments, for example, to the heating/air conditioning.

Here, data is reciprocally transmitted between the SCU and the System Connect Cloud to provide your vehicle’s System Connect Services.

Through this data exchange, you can also use the System Connect Service via your smartphone using the System Connect App and control various functions of your vehicle. You can optionally obtain this app for smartphones or tablets from the app stores of the respective store operators.

Data/Data Categories:
Static and dynamic usage and fault data of the installed components in the vehicle, statistical and dynamic vehicle data

Purposes of processing:
Maintenance and error analysis, provision of the service

Legal Basis:
Contract/performance of contract (Art. 6 [1] lit. b) GDPR)

PLEASE NOTE: The following information on data processing apply to the System Control Unit (SCU) and the System Information Unit (SIU) components and the System Connect App and System Connect Cloud services connected to them. The execution of vehicle component functionalities via the System Connect Service is only possible with the SCU and not with the SIU. The SIU provides the current information only to paired devices, provided that they are in the direct vicinity of the SIU (Bluetooth connection active). The information is stored in your user account and transmitted to the System Connect Cloud so that you can always see the latest values.

 

1.2 System Connect App

Our app is designed to optimize your user experience with your vehicle. In order to provide you with a particularly convenient driving experience and our services, we offer you immediate access to a wide range of functions in your vehicle when you use the app.

The app can be visited without any active information about you. However, we automatically store access data (so-called log files) with each use of our app, such as the name of the Internet service provider, the operating system used, the date and duration of the visit, as well as for security reasons, e.g. to detect attacks on our app, the IP address of the end device used for a period of 7 days.

The app accesses features of the device you are using for some app services:

Camera:
Carrying out the pairing between the vehicle and the app by scanning a QR code

Bluetooth:         
Connection of the terminal device in the near field of the vehicle for the purpose of controlling System Connect Services

Native map material:
Display of the current vehicle location, depending on the availability of the service

Location services:
Display of current location, subject to activation

Below you will find an overview of the processing operations for the different functions of the app.

 

1.2.1 Installation / first use

The System Connect app is offered in the app stores of the respective store operators. When opening the app for the first time, you will be asked to sign the EULA with us. With the confirmation of the EULA you have the possibility to use our app.

To document your confirmation of the EULA, we will store the following data about you or your terminal device. This serves to ensure that you may use our service in accordance with the EULA.

With confirmation of the EULA you can:

a)    use the demo mode of the app - see Clause 1.2.2
b)    register for System Connect Services - see Clause 1.2.3
c)    Non-pairing relevant functions – Accessing the information offer (Downloads, Settings, FOT Link, Website Link, POIs)

Categories of data subjects:
users of our app

Categories of data:
Meta and communication data (e.g. device information, IMEI or phone ID, timestamp of confirmation of EULA)

Purposes of Processing:
Provision of the app and opening of the full range of functions of the System Connect Services

Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)

 

1.2.2 Demo mode

Our app can be used without actively providing personal data. Thus, after starting the app, the so-called demo mode is available to you. This mode offers you the possibility to simulate the operating possibilities of a vehicle. You will be shown the available functions of the control.

Categories of data subjects: 
users of our app

Categories of data:
user data (e.g. interest in content, access times), meta and communication data (e.g. device information, IMEI or phone ID)

Purposes of processing:
Deployment of the app and its core functions

Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)

1.2.3 Registration

As a user of the app, you can create a user account through the registration process. Here we collect data about your person, which it requires to create a user account. This data is stored in the System Connect Cloud.

To verify your identity, during the registration process you will receive an e-mail to the e-mail address you provided, including a link for confirmation.

After confirming the link, you will be asked to set a password for your account.

Categories of data subjects:
users of our app

Categories of data:    
Mandatory data: Last name, first name, e-mail address, date of birth, password
Optional data: Address, phone number

Purposes of Processing:
Extension of the scope of use, user registration

Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)

1.2.4 Linking with the Vehicle ("pairing")

After successful registration, you have the possibility to link your user account with a vehicle. (see Clause 1.2.5 Primary users).

You can perform this pairing by scanning the QR code provided with the vehicle using the camera function of your smartphone. To complete the pairing process, follow the description in the app.

Categories of data subjects:
Registered user (primary user)

Categories of data:
QR code of the vehicle, serial number of the vehicle, device information (e.g. Bluetooth MAC address of the end device)

Purposes of processing:
Optimization of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development

Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)

 

1.2.5 Primary User

There is only one fixed primary user for each vehicle (assuming a user account has been created). The owner of a vehicle equipped with an SCU or the person authorized by the owner to use the vehicle with the System Connect Service as the primary user is always registered as the primary user during pairing.

As a primary user, you have the possibility to allow other users (co-users) to use the System Connect Services. You can revoke these permissions or deactivate co-users at any time.

Categories of data subjects:
Registered user (primary user)

Categories of data:
QR code of the vehicle, serial number of the vehicle, device information (e.g. Bluetooth MAC address of the end device)

Purposes of Processing:
Optimization of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development

Legal Basis:
Contract (Art. 6 [1] lit. b) GDPR)

 

1.2.6 Co-user

Pursuant to Clause 4.3 of the Terms of Use, the primary user may also allow other persons to use the System Connect Services of his vehicle.

These co-users can use those functionalities of the System Connect Service that the primary user has enabled for the co-user. This activation is done by sharing/unlocking a QR code created in the app, which must be scanned by the end device of the fellow user.

The primary user may withdraw the user rights granted to the co-user at any time. The user rights of a co-user are automatically revoked if the primary user deactivates his user account or dissolves the link with the vehicle in question.

Categories of data subjects:
Co-user

Categories of data:
QR code of the vehicle, serial number of the vehicle, device information (e.g. Bluetooth MAC address of the end device)

Purposes of processing:
Optimization of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development

Legal Basis:
Consent (Art. 6 [1] lit. b) GDPR)

 

1.2.7 Location data of the vehicle when using the SCU

A transmission of your vehicle position and the processing of this data only takes place from the moment you decide to use this function and have activated it. Activation of the service can always be done only by the primary user.

If the service has been activated by the primary user, you as the primary user or co-user and the assigned authorization, have the option of displaying the last reported vehicle location.

All registered users have the option to view the location of the vehicle. This does not require users to be in close proximity to the vehicle.  

Categories of data subjects:
Primary user, co-user

Categories of data:
GPS coordinates

Purposes of processing:
Display of current vehicle location on the end devices

Legal Basis:
Consent (Art. 6 [1] lit. a) GDPR)

1.2.8 Location data of the mobile device

In the app, it is possible to display locations in the vicinity, e.g., dealers or workshops, on a map (so-called points of interest - “POI”).

You can either navigate to these POIs manually in the maps or have them displayed in your immediate vicinity by activating the location function of your mobile device.

Categories of data subjects:
Primary user, co-users

Categories of Data:
GPS coordinates

Purposes of processing:
Display of the current location of the end device

Legal Basis:
Consent (Art. 6 [1] lit. a) GDPR)

1.2.9 Push notification

When you launch the app for the first time, you will be asked if you want to receive push notifications on your device.

If you activate this, you have the possibility to be informed about certain events or information of the devices connected to the SCU. The type and scope of push notifications can be selected by you.

To do this, you can manage your notification settings yourself and decide which push notifications you want to receive on your device.

Categories of data subjects:
Registered users

Categories of data:
Vehicle information, data from terminal device to display the push notification

Purposes of processing:
Provision of events or information about vehicle-specific data

Legal Basis:
Consent (Art. 6 [1] lit. a) GDPR)

 

1.2.10 Tracking and analysis tools

In order that we can constantly improve the user-friendliness and design of our app, we use services for analysis.

For this purpose, we collect information about the behavior, interests or demographic information about our visitors, for example, country settings, language used, or similar. This helps us to recognize at what time our app, its functions or content are most frequented or invite a repeated visit. In addition, the information we collect allows us to determine if our app needs optimization or adjustment.

As a rule, however, no clear user data is processed for the purposes described. In this case, the data is modified in such a way that the actual identity of the users is not known to us. In particular, IP addresses are anonymized, meaning that you cannot be identified personally.

As a tool, we use the service Google Analytics for Firebase, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Analytics uses the advertising ID that is stored on your terminal device. You can change or deactivate these in the device settings of your mobile device.

Android: Settings -> Google -> Ads -> Reset / Delete advertising ID

iOS: Settings ->  Privacy ->  Advertising -> No ad tracking

For more information, please click here: https://www.google.com/policies/privacy/ 

Under the “Legal” section, you have the possibility to deactivate the data processing for the mentioned purposes.

Categories of data subjects:
users of our app

Categories of data:
User data (e.g. interest in content, access times, information on the interaction of the services used and inputs), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:
Application analysis, utilization and app interaction evaluation

Legal basis:
Legitimate interest (Art. 6 [1] lit. f) GDPR)

Legitimate Interests:
Optimization and further development of the app, statistical analyses, fraud prevention, defense against requests overloading the service

2 General Information

2.1 Product development and assurance of quality, functions and services

To improve the functions and services, as well as for further development and quality assurance, we evaluate usage and error data of the System Connect Unit and summarize them in statistics. This data is collected and processed by us in anonymous form and, therefore, does not allow any conclusions to be drawn about your person or your vehicle.

2.2 Recipient of the data

2.2.1 Intra-group transmission

In connection with the use of the System Connect Services, vehicle data is stored by Erwin Hymer Group SE in the System Connect Cloud. The collection of data enables any malfunctions to be identified and remedied in a targeted manner. This data is not transmitted to the associated brands and companies of Erwin Hymer Group SE.

All contractual documents and information necessary for your use of the System Connect Service are held by the respective brands and companies of Erwin Hymer Group SE on our behalf, in each case the company that is the owner of the brand of your vehicle (see Clause 1.1 above). In this way, all documents related to the use of the vehicle are available at the company of the brand of your vehicle. An overview of all vehicle brands, service designations and associated companies is available in Clause 16 of the Terms of Use.

2.2.2 Data transfer within the EU

As part of the use of the System Connect Services, vehicle data is processed and stored by Erwin Hymer Group SE in the System Connect Cloud. The processing of this data makes it possible to provide you with the System Connect Service and to be able to identify and rectify any malfunctions in a targeted manner.

A transfer of your data to external bodies within the EU will only take place

• in connection with the execution of the contract
• for purposes of compliance with legal requirements, or a legal obligation to disclose, according to which we are obliged to provide information, report or disclose data, or the disclosure of data is in the public interest
• to the extent that external service companies process data on our behalf as order processors or as entities acquiring responsibility for a function (e.g., data centers, support/maintenance of EDP/IT applications, call center services, customer administration, billing, printing companies or companies for data disposal, courier services, logistics)
• on the basis of our legitimate interest or the legitimate interest of the third party within the scope of the aforementioned purposes (e.g., to authorities, credit agencies, debt collection, lawyers, courts, appraisers, committees and supervisory bodies)
• if you have given us consent to transfer the data to third parties

We will not pass on your data to third parties beyond this. If we commission service providers to process your data, they are subject to the same security standards as we are. In other cases, the recipients may use the data only for the purposes for which they were transmitted to them.

2.2.3 Third country tarnsmission

We transfer data to countries outside the EEA (so-called third countries). This is done on the basis of the purposes mentioned above.

In the event that we transfer data to a country outside the EEA for processing, we will ensure that the processing is legally permitted in the manner we intend. In this case, we have concluded standard data protection clauses, including a separate regulation of suitable technical and organizational measures to protect the data of data subjects in the best possible way. A copy of the guarantees used can be found in the overview of recipients in Clause 2.2.4.

2.2.4 Recipients or categories of recipients

You can see the current overview of the recipients who receive your data on our website. You can find these under: https://www.erwinhymergroup.com/de/systemcontrol/legal

2.3 Storage and storage duration

As a matter of principle, we store your personal data for as long as is necessary for the provision of our service or insofar as this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations applicable to us. In all other cases, we delete your personal data or remove the personal reference after the purpose has been fulfilled, with the exception of such data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

2.3.1 Storage of contract data according to Clause 1.1.1

Information about you that can be assigned to your contract will be deleted immediately after expiration of the contract/cancellation.

The contract documents and other supporting documents are deleted after 10 years following the expiry of the statutory retention period.

2.3.2 Data in the System Connect Cloud

When the SCU is paired with the System Connect Cloud, a log is made that is stored for the duration of the use of these functions. This coupling protocol is used to correctly assign the components to a specific vehicle.

Via the conclusion of the contract mentioned in Clause 2.3.1, a personal reference to the respective purchaser of the new vehicle or the SCU retrofit kit can be established via the linking protocol. This personal reference remains assigned to your vehicle until the end of the contract or the end of the aforementioned retention period. As soon as the data is deleted in accordance with Clause 2.3.1, the personal reference of the linkage protocol shall also cease to exist.

Upon expiration of the System Connect Service for your vehicle or upon withdrawal from the Terms of Use, the connection between the SCU (your vehicle) and the System Connect Cloud will be disconnected in accordance with Clause 7.2 of the Terms of Use. 

2.3.3 SCU usage data

The dynamic usage and error data are constantly overwritten in the internal memory. Furthermore, this usage data is transmitted to the System Connect Cloud in accordance with the Terms of Use. The transmission takes place as long as this is necessary for the fulfillment of the contract. As soon as the contract, according to Clause 2.3.1, ends, no further data will be transmitted from the SCU to the System Connect Cloud. Data transmitted until then will be anonymized at the end of the contract. It is, therefore, no longer possible to draw conclusions about your person.

2.3.4 User accounts in the app

You have the option to delete your user account within the app at any time. You can delete your user account in the “My profile” Clause by clicking “Delete account”. With confirmation, the data from your registration will be deleted. This function is available to both primary users and co-users.

If you delete your user account, the connection between the app and the vehicle is also interrupted.

2.4 Contacting (via the app)

In our app, we offer the possibility to contact us directly or to obtain information through various contact options. In order to maintain a permanent overview of contacts with us, we use the ticket system of the provider Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA, for the processing of corresponding requests.

In case of contact, we process the data of the inquiring person to the extent necessary for answering or processing the inquiry. Depending on the way in which contact is made with us, the data processed may vary.

Categories of data subjects:    
Inquiring persons

Categories of data:    
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing:
Inquiry processing

Legal basis:
Consent (Art. 6 [1] lit. a) GDPR), performance or initiation of a contract (Art. 6 [1] 1 lit. b) GDPR)

2.5 Existence of automated decision-making in individual cases (including profiling)

We do not use purely automated decision-making processes pursuant to Art. 22 GDPR. If we do use such a procedure in the future in individual cases, we will inform you of this separately, insofar as this is required by law.

2.6 Consequences of not providing your data

When initiating a contract, you must provide the personal data that is required for the establishment, execution and termination of the legal transaction and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will not be able to carry out the legal transaction with you.

Providing your information is necessary for us to provide our System Connect Service to you in the manner we offer, and promise to provide in our System Connect Terms of Use, as well as in our EULA.

2.7 Technical Security

Erwin Hymer Group SE uses technical and organizational security measures, in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

2.8 Legal basis of processing

Art. 6 (1) lit. a) GDPR serves as our legal basis for processing operations for which we have obtained consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 (1) (b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example, in cases of inquiries about our products or services.

If we are subject to a legal obligation by which processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c) GDPR.

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the processing is based on Art. 6 (1) lit. d) GDPR.

Ultimately, processing operations may be based on Art. 6 (1) lit. f) GDPR. Processing operations are based on this legal basis if the processing is necessary to protect a legitimate interest of us or of a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.

2.9 Rights of the data subjects

Right to the disclosure of information: Pursuant to Article 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. They may request information about this data, as well as the further information listed in Art. 15 (1) GDPR and a copy of their data.

Right of rectification:    
According to Art. 16 GDPR, data subjects have the right to request the correction or completion of data concerning them and processed by us.

Right of deletion:    
Data subjects have the right, according to Art. 17 GDPR, to request the immediate deletion of the data concerning them. Alternatively, they may request us to restrict the processing of their data pursuant to Art. 18 GDPR. 

Right to data portability:    
Pursuant to Art. 20 GDPR, data subjects have the right to request that the data they have provided to us be made available to them and to request that it be transferred to another data controller.

Right to lodge a complaint:
Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 of the GDPR.

Right to object:    
Insofar as personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) Sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from their particular situation, or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.

Revocation:
Some data processing operations are only possible with the explicit consent of the data subjects. You have the possibility to revoke an already given consent at any time. To do so, simply send us an informal message or e-mail to privacy@erwinhymergroup.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

2.10 External links

On our app, you will find links to the websites of other providers. We hereby point out that we have no influence on the content on the linked websites and the compliance with data protection regulations by their providers.

2.11 Changes to our privacy policy

We reserve the right to adjust this privacy policy at any time in the event of changes to our Terms of Use, the EULA or changes to the scope of functions of the SCU or app, and in compliance with the applicable data protection regulations in order to comply with the legal requirements.

2.12 Contact details of the data protection officer

External data protection officer:

DDSK GmbH

Stefan Fischerkeller

Tel: +49 (0) 7542 949 21 - 00

E-mail: privacy@erwinhymergroup.com

Notice: Your inquiries will be treated confidentially and forwarded directly to the data protection officer.

In order to give you the opportunity to always have an overview of our current recipients of your data, you will find an overview below.

The following recipients receive your data as part of System Connect’s data processing:

Recipient: A1 Digital Deutschland GmbH, St.-Martin-Str. 59, 81669 Munich, Germany

Recipient: Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany

Recipient: Device Insight GmbH, Willy-Brandt-Platz 6, D-81829 Munich, Germany

Recipient: The Erwin Hymer Group SE associated manufacturer, company or brand of the vehicle you have purchased

Recipient: Inventi Development Ltd., Táborská 940/31, 140 00 Praha 4, Czech Republic

Recipient: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

The following recipients receive your data additionally within the scope of data processing by System Connect App:

Recipient: Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany

Recipient: Matomo, InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand

Recipient: Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA

Recipient: Firebase, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA