Privacy Policy - System Control App

At Erwin Hymer Group SE (hereafter "EHG", "we" or "us"), we take the protection of your personal data very seriously. Your privacy is an important concern for us.

This privacy notice applies to the System Control Service, which consists of:

  1. the functionalities of the System Control Unit contained in the vehicle (hereafter: “SCU”) to control the connected components,
  2. the associated cloud service (hereafter: "System Control Cloud" or "Cloud Service", for short) and
  3. the software application or App (hereafter "System Control App" or "the App" for short).

This privacy notice also applies in connection with the System Control App End User License Agreement (hereafter "EULA") and the System Control Terms of Use (hereafter "Terms of Use").

Personal data within the meaning of this privacy information consists of all information that relates to you as a user of the System Control Service.

Controller:

"Controller" means the entity that collects, processes or uses personal data (e.g. names, email addresses or similar). The Controller for data processing in this context is:
Erwin Hymer Group SE
Holzstraße. 19
D - 88339 Bad Waldsee
Tel: +49 (0) 7524 – 999 0
Fax: +49 (0) 7524 – 999 220
E-Mail: info@erwinhymergroup.com

Under clause 1.3 of the EULA and clause 1.3 of the Terms of Use, Erwin Hymer Group SE is Controller for all functions connected with provision of System Control Services (SCU, System Control Cloud and App).

Terms

The terms used in this privacy notice should be understood as having the meanings defined in Art. 4 GDPR.
"Controller" and "Controlling Entity" are used synonymously.

Under clause 16.2 of the Terms of Use and clause 14.1 of the EULA, the System Control Service is available for brands or companies of the Erwin Hymer Group SE listed therein, where these vehicles are compatible with these services.

The exact designation of the App and the Cloud Service depends on the make or company of the respective vehicle in accordance with clause 16.2 of the Terms of Use in their current version.

1 Details of the Processing of your Data

 

1.1 System Control
1.1.1 Provision of the System Control Service

The System Control Terms of Use of Erwin Hymer Group SE apply to the provision of the System Control Service. We agree on these Terms of Use with you when you purchase a vehicle with an SCU (or an SCU retrofit kit for your vehicle) ("Basic User Agreement under clause 2.1 of the Terms of Use) or when you create a user account in the System Control Cloud (User Agreement with user account to System Control Cloud Services under clause 2.2 of the Terms of Use).

System Control Services allow you to control the components and services contained in the vehicle. In addition, when using the System Control App, components and services of the vehicle can be controlled via a mobile device.

Data/Data Categories:
Contact details (family name, first name, address, e-mail address), System Control Unit details (SCU number), chassis/serial number of the vehicle

Purposes of Processing:
Contract fulfilment, provision of System Control Services 

Legal Basis:  
Contract/Contract Fulfilment (Art. 6 para. 1 lit. b) GDPR)

 
1.1.2 Core Functions of the System Control Service

The SCU is connected to various components of the vehicle and coordinates the way they are controlled. This enables you to view the current status of your vehicle or to make certain adjustments; for example, to the heating/air conditioning.
Data is exchanged between the SCU and the System Control Cloud in order to supply your vehicle's system control services.
Via this data exchange, you can also use the System Control Service with the System Control App through your smartphone and also control various vehicle functions. For smartphones or tablets, you can optionally obtain this App from the App stores of the respective store operators.

Data/Data Categories:
Static and dynamic usage and fault data of the installed components in the vehicle, statistical and dynamic vehicle data

Purposes of Processing:
Maintenance and error analysis, provision of the service

Legal Basis:
Contract/Contract Fulfilment (Art. 6 para. 1 lit. b) GDPR)

 
1.2 System Control App

Our App is designed to optimise the user experience in your vehicle. In order to provide you with a driving experience and our services in a particularly convenient way, we offer you immediate access to a wide range of functions in your vehicle whenever you use the App.
The App can be visited without actively providing any information about yourself. However, we automatically store access data (so-called log files) with each use of our App, such as the name of the Internet service provider, the operating system used, the date and duration of the visit, as well as for security reasons, e.g. to detect attacks on our App and the IP address of the terminal device used for a period of seven days.
The App accesses functions of the terminal device you are using for some App services:

Die App greift für manche App-Dienste auf Funktionen des von Ihnen verwendeten Endgeräts zu:

Camera:
Carrying out the pairing between the vehicle and the App by scanning a QR code

Bluetooth:         
Connection of the terminal device in the near field of the vehicle for the purpose of controlling System Control Services

Native map material:
Display of current vehicle location, depending on the availability of the service

Location services:
Display of current location, subject to activation

Below you will find an overview of the processing operations for the different functions of the App.

 
1.2.1 Installation / First Use

The System Control App can be obtained from the App stores of the respective store operators. When you open the App for the first time, you will be asked to conclude the EULA with us. Once you have confirmed the EULA, you will be able to use our App.
To document your confirmation of the EULA, we store the following data about you or your terminal device. This is to ensure that you are permitted to use our service as intended and in accordance with the EULA.
On confirming the EULA you will be able to:

a)    use the App’s demo mode - see clause 1.2.2
b)    register for System Control Services - see clause 1.2.3
c)    Functions not relevant to pairing - accessing the information offer (downloads, settings, FOT link, website link, POIs)

Categories of Data Subjects:
Users of our App

Categories of Data:
Meta and communication data (e.g. device information, IMEI or phone ID, timestamp of confirmation of EULA,)

Purposes of Processing:
Provision of the App and opening of the full range of functions of the System Control Service

Legal Basis:
Contract (Art. 6 para. 1 lit. b) GDPR)

 
1.2.2 Demo Mode

Our App can be used without actively providing any personal available data. After the App is launched, the demo mode becomes available. This mode offers you the ability to simulate the operating options of a vehicle. The functions of the control unit available are displayed to you.

Categories of Data Subjects: 
Users of our App

Categories of Data:
User data (e.g. interest in content, access times), meta and communication data (e.g. device information, IMEI or phone ID)

Purposes of Processing:
Provision of the App and its core functions

Legal Basis:
Contract (Art. 6 para. 1 lit. b) GDPR)


1.2.3 Registration

As a user of the App, you can set up a user account via the registration process. During this process, we collect the data about you required to create a user account. This data is stored in the System Control Cloud.
To verify your identity, you will receive an e-mail during the registration process at the e-mail address you have provided, together with a link for confirmation purposes.
After confirming the link, you will be asked to set up a password for your account.

Categories of Data Subjects:
Users of our App

Categories of Data:    
Required information: Name, first name, e-mail address, date of birth, password
Optional information: Address, telephone number 

Purposes of Processing:
Extension of the scope of use, user registration

Legal Basis:
Contract (Art. 6 para. 1 lit. b) GDPR)
 

1.2.4 Linking with the Vehicle ("Pairing")

Once you have registered, you will have the option of linking your user account to a particular vehicle. (see clause 1.2.5 Main User).
You can perform this pairing by scanning the QR code provided with the vehicle, using your smartphone’s camera function. To complete the pairing process, follow the description in the App.

Categories of Data Subjects:
Registered user (main user)

Categories of Data:
QR code of vehicle, serial number of vehicle, device information (e.g. Bluetooth MAC address of terminal device)

Purposes of Processing:
Optimisation of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development

Legal Basis:
Contract (Art. 6 para. 1 lit. b) GDPR)

 
1.2.5 Main User

There is one permanent main user only for each vehicle (assuming a user account has been created). The owner of a vehicle fitted with an SCU or the person authorised by the owner to use the vehicle with the System Control Service as the main user is always registered as the main user during pairing.
As the main user, you have the option of allowing other users (co-users) to use the System Control Services. You can revoke these authorisations or deactivate co-users at any time.

Categories of Data Subjects:
Registered user (main user)

Categories of Data:
QR code of vehicle, serial number of vehicle, device information (e.g. Bluetooth MAC address of terminal device)

Purposes of Processing:
Optimisation of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development

Legal Basis:
Contract (Art. 6 para. 1 lit. b) GDPR)

 
1.2.6 Co-user

In accordance with clause 4.3 of the Terms of Use, the main user may also permit other persons to use the System Control Services of his/her vehicle.
These co-users can use the functionalities of the System Control Service that the main user has enabled for the co-user. This activation takes place by sharing/releasing a QR code created in the App, which must be scanned by the terminal device of the other user.
The main user can cancel the user rights granted to the co-user at any time. The user rights of a co-user are automatically revoked if the main user deactivates his/her user account or dissolves the link with the vehicle concerned.

Categories of Data Subjects:
Co-user

Categories of Data:
QR code of vehicle, serial number of vehicle, device information (e.g. Bluetooth MAC address of terminal device)

Purposes of Processing:
Optimisation of vehicle use, connectivity, simplification of operation, provision of enhanced functions, product development

Legal Basis:
Consent (Art. 6 para. 1 lit. b) GDPR)

 

1.2.7 Location Data of Vehicle

Transmission of your vehicle position and the processing of this data only takes place from the time you decide to use this function and have activated it. This service can only ever be activated by the main user.
If this service has been activated by the main user, you as the main user or co-user and the assigned authorisation have the option of displaying the last reported vehicle location.
All registered users have the option of being able to view the location of the vehicle. This does not require users to be in close proximity to the vehicle. 

Categories of Data Subjects:
Main user, co-users

Categories of Data:
GPS coordinates

Purposes of Processing:
Display of current vehicle location on terminal devices

Legal Basis:
Consent (Art. 6 para. 1 lit. b) GDPR)

1.2.8 Location Data from Mobile Device

In the App, it is possible to display locations in the vicinity, e.g. dealers or workshops, on a map (so-called Points of Interest - "POI").
You can either navigate to these POIs manually in the maps or have them displayed in your immediate vicinity by activating your mobile device’s location function.

Categories of Data Subjects:
Main user, co-users

Categories of Data:
GPS coordinates

Purposes of Processing:
Display of the current location of the terminal

Legal Basis:
Consent (Art. 6 para. 1 lit. b) GDPR)

1.2.9 Push-Notification

When you launch the App for the first time, you will be asked whether you want to receive push notifications on your terminal device.
If you activate this service, you will have the option of being informed about certain events or information concerning the devices connected to the SCU. You can select the types and scope of the push notifications yourself.
To do this, you can manage your notification settings yourself and decide which push notifications you would like to receive on your terminal device.

Categories of Data Subjects:
Registered users

Categories of Data:
Vehicle information, data from terminal device for displaying push notification

Purposes of Processing:
Provision of events or information on vehicle-specific data

Legal Basis:
Consent (Art. 6 para. 1 lit. b) GDPR)

 
1.2.10 Tracking and Analytical Tools

To enable us to continuously improve the user-friendliness and design of our App, we make use of the services provided for analytical purposes.
To this end, we collect information about the behaviour, interests or demographic information of our visitors, such as country settings, language used or similar. This helps us to identify at what time our App, its functions or content are used most and also helps us to know how to invite repeated visits. In addition, the information we collect enables us to determine whether our App needs any optimisation or adjustments.
As a rule, however, no clear user data is processed for the purposes described. In this case, the data is changed in such a way that the actual identity of users is not known to us.
The tool we use here is the Matomo service, InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand, which is operated in our own data centre. Thus, no data is transmitted to the provider. The data will be collected and processed exclusively for the above-mentioned purposes.
In the "Legal" area, you have the option of deactivating data processing for the above-mentioned purposes.

Categories of Data Subjects:
Users of our App

Categories of Data:
User data (e.g. interest in content, access times, information on the interaction of the services used and inputs), meta and communication data (e.g. device information, IP addresses),

Purposes of Processing:
Application analysis, utilisation and evaluation of App interaction,

Legal Basis:
Legitimate interest (Art. 6 para. 1 lit. b) GDPR)

Legitimate interests:
Optimisation and further development of the App, statistical analyses, fraud prevention, protection against requests that overload the service
 

2 General Information

2.1 Product Development and Assurance of Quality, Functions and Services

In order to improve functions and services, as well as for the purposes of further development and quality assurance, we evaluate the SCU’s usage and error data and summarise them in statistics. This data is collected and processed by us in anonymous form and therefore does not allow any conclusions to be drawn about your person or your vehicle.

2.2 Data Recipient
2.2.1 Intra-Group Transmission

In connection with use of System Control Services, vehicle data is stored by Erwin Hymer Group SE in the System Control Cloud. The collection of data makes it possible to identify and resolve any malfunctions in a targeted manner. This data is not transmitted to the associated brands and companies of the Erwin Hymer Group SE.
All of the contractual documents and information needed for you to use the System Control Service are held on our behalf by the respective makes and companies of Erwin Hymer Group SE; and in each case by the company that owns your make of vehicle (see above clause 1.1). This way, all of the documents related to the use of the vehicle are available at the company that manufactures your make of vehicle. An overview of all vehicle makes, service names and associated companies is available in clause 16 of the Terms of Use.

2.2.2 Data Transfer within the EU

Within the scope of the use of the System Control Service, vehicle data is processed and stored by Erwin Hymer Group SE in the System Control Cloud. The processing of this data makes it possible to provide you with the System Control Service and enables us to identify and resolve any malfunctions in a targeted way.
Your data will be passed on to external bodies within the EU only

  • in connection with the implementation of the contract;
  • for the purposes of compliance with legal requirements, or a legal obligation to effect disclosure, under which we are obliged to provide information, a report or to disclose data, or if the disclosure of data is in the public interest
  • insofar as external service companies process data on our behalf as order processors or function transferees (e.g. data processing centres, support/maintenance of EDP/IT applications, call centre services, customer administration, billing, printers or companies for data disposal, courier services, logistics);
  • on the basis of our legitimate interest or the legitimate interest of the third party within the scope of the above-mentioned purposes (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, committees and supervisory bodies);
  • if you have given us consent to transfer the data to third parties.

Apart from this, we will not pass on your data to third parties. If we commission service providers to process your data, they will be subject to the same security standards as we are. In other cases, recipients may only use the data for the purposes for which it was transmitted to them.

2.2.3 Transfer to Third Countries

We transfer data to countries outside the EEA (so-called “third countries”). This is done in order to pursue the above-mentioned purposes.
In the event that we transfer data to a country outside the EEA for processing, we will ensure that the processing carried out in the manner we intend is lawful. For this scenario, we have concluded standard data protection clauses that include a special arrangement involving appropriate technical and organisational measures; this is in order to protect the data of data subjects in the best possible way. A copy of the guarantees used can be found in the overview of recipients under clause 2.2.4.

2.2.4 Recipients or Categories of Recipients

A current overview of the recipients who receive your data is available on our website. This is available at:
https://www.erwinhymergroup.com/en/systemcontrol/legal

2.3 Storage and Storage Duration

As a matter of principle, we only store your personal data for as long as needed to provide our service or if required to do so by the European Directive and Regulation Maker or another legislator or any regulations applicable to us. In all other cases, we delete your personal data or remove any reference to you personally after the purpose of storage has been fulfilled; this does not apply, however, to data that we are required to continue to store in order to meet legal obligations; (e.g. due to retention periods under tax and commercial law, we are obliged to retain documents, such as contracts and invoices, for certain periods of time ).

2.3.1 Storage of Contractual Data under Clause 1.1.1

Information about you that can be assigned to your contract will be deleted immediately after expiry of the agreement/its cancellation.
All contractual documents and other supporting documents are deleted 10 years after expiry of the statutory retention period.

2.3.2 Data in the System Control Cloud

When the SCU is paired with the System Control Cloud, a log is created that is stored for the duration of the use of these functions. This pairing protocol is used as a way of correctly assigning components to a specific vehicle.
The pairing protocol makes use of the fact of contract conclusion, as referred to in clause 2.3.1, in order to create a personal reference to either the respective purchaser of the new vehicle or of the SCU retrofit kit. This personal reference remains assigned to your vehicle until either the end of the contract or the end of the above-mentioned retention period. As soon as the data is deleted in accordance with clause 2.3.1, the personal reference contained in the pairing protocol also ceases to exist.
On either expiry of the System Control Service for your vehicle or withdrawal from the Terms of Use, the connection between the SCU (your vehicle) and the System Control Cloud will be severed, in accordance with clause 7.2 of the Terms of Use. 

2.3.3 SCU Use Data

Dynamic use and error data is constantly being overwritten in internal memory. Furthermore, this use data is transmitted to the System Control Cloud in accordance with the Terms of Use. This data transmission takes place as long as required in order to fulfil the agreement. Once the agreement ends in accordance with clause 2.3.1, no further data will be transferred from the SCU to the System Control Cloud. Data transmitted until then will subsequently be anonymised once the contractual agreement ends. It will thus no longer be possible to draw any conclusions about you personally.

2.3.4 User Accounts in the App

You have the option of deleting your user account yourself within the App at any time. You can delete your user account in the "My Profile" area via "Delete Account". Once you confirm, the data derived from your registration will be deleted. This function is available to both main users and co-users.
If you delete your user account, the connection between the App and the vehicle will also be broken.

 

2.4 Contact Us (via the App)

Our App offers uses the possibility of either contacting us directly or else obtaining information via various contact options. So that we always have an overview of contact events in relation to us, we use a ticketing system from the provider Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA, to process corresponding requests.
Whenever contact is made, we process the data of the person making the enquiry only to the extent needed to answer or process the enquiry. Depending on the way in which contact is made, the actual data processed may vary.

Categories of Data Subjects:    
Enquirers

Categories of Data:    
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of Processing:
Processing of enquiries

Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR), fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

2.5 Existence of Automated Decision-Making in Individual Cases (including Profiling)

We do not use purely automated decision-making processes as per Art. 22 GDPR. If we were to use such a process in individual cases in the future, we would inform you separately, inasmuch as we are required to do so by law.
 

2.6 Consequences of Not Supplying Your Data

When initiating a contract, you must supply the personal data required to create, implement and termination the legal transaction and to fulfil either the associated contractual obligations or the information we are legally obliged to collect. Without this data we will not be able to implement the particular legal transaction with you.
Your data is needed, so that we can provide you with our System Control Service in the manner we offer and promise to provide in our System Control Terms of Use and our EULA.

 

2.7 Technical Security

Erwin Hymer Group SE uses technical and organisational security measures, in order to protect the data we have within our control against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are subject to continuous improvement, in line with technological developments.

 

2.8 Legal Basis of Processing

Art. 6 para. 1 lit. a) GDPR serves as our legal basis for the processing operations for which we have obtained consent in relation to a specific processing purpose.
If the processing of personal data is necessary to perform a contract to which the data subject is a party, as is the case, for example, with processing operations needed to deliver goods or to provide any other service or return service, the processing is based on Article 6(1)(b) of the GDPR. The same applies to such processing operations as are needed to implement pre-contractual measures, for example in the case of enquiries about our products or services.
If we are subject to a legal obligation under which the processing of personal data becomes necessary; such as, for example, the fulfilment of obligations under tax law, processing is based on Art. 6 para.1 lit. c) GDPR.
If the processing of personal data is needed in order to protect the vital interests of the data subject or another natural person, processing is based on Art. 6(1)(d) GDPR.
Ultimately, processing operations may be based on Art. 6(1)(f) GDPR. Processing operations use this legal basis if processing is needed in order to protect a legitimate interest of ours or of a third party; this is subject, however, to the interests, fundamental rights and freedoms of the data subject not being overridden.

2.9 Rights of Data Subjects

Right of Access:    
Under Article 15 of the GDPR, data subjects have the right to request confirmation regarding whether we are processing data relating to them. They can request information about this data as well as the additional information listed in Art. 15 (1) GDPR, as well as a copy of their data.

Right of Rectification:    
Under Art. 16 GDPR, data subjects have the right to request the rectification or completion of data concerning them and processed by us.

Right to Erasure:    
Data subjects have the right under Art. 17 GDPR to demand immediate erasure of the data concerning them. Alternatively, under Art. 18 GDPR, they may request us to restrict the processing of their data.

Right to Data Portability:    
Under Art. 20 of the GDPR, data subjects have the right to request that the data they have supplied to us be made available and transferred to another data controller.

Right to lodge a complaint:
Data subjects also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.

Right to Object:    
If personal data is processed based on legitimate interests under Article 6 (1) sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data under Article 21 GDPR, inasmuch as there are grounds for doing so arising from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which will be acted on by us without the particular situation being stated.

Revocation:
Some data processing operations are only possible with the express consent of the data subjects concerned. You have the option of being able at any time to revoke consent already granted. All you need to do is send us an informal message or e-mail to privacy@erwinhymergroup.com. The lawfulness of any data processing carried out prior to the time of revocation of consent remains unaffected by the revocation.

2.10 External Links

Our App features links to the websites of other providers. We hereby point out that we have no influence over the content of linked websites or over the level of compliance with data protection regulations of the providers of these websites.
 

2.11 Changes to our Privacy Policy

We reserve the right to amend this privacy notice at any time in the event of changes to our Terms of Use, the EULA or in the event of changes to the scope of the functions of the SCU or the App and in compliance with the applicable data protection regulations, in order to comply with legal requirements.
 

2.12 Contact Details of the Data Protection Officer

Externer Datenschutzbeauftragter:
DDSK GmbH
Stefan Fischerkeller
Tel.: +49 (0) 7542 949 21 - 00
E-Mail: privacy@erwinhymergroup.com
Hint: Your enquiries will be treated confidentially and forwarded to the Data Protection Officer directly.

Attachment 1

Recipients or Categories of Recipients under clause 2.2.4 of the Privacy Notice - System Control App

In order to give you the opportunity to maintain a constant overview of our current recipients of your data, an overview is provided below.

The following recipients receive your data within the scope of data processing by System Control:

Recipient: A1 Digital Deutschland GmbH, St.-Martin-Str. 59, 81669 Munich, Germany

Recipient: Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany

Recipient: Device Insight GmbH, Willy-Brandt-Platz 6, D-81829 Munich, Germany

Recipient: The Erwin Hymer Group SE-affiliated manufacturer, company or make of the vehicle you have purchased

Recipient: Inventi Development s.r.o., Táborská 940/31, 140 00 Praha 4, Czech Republic

Recipient: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

The following recipients receive your data additionally within the scope of data processing by System Control:

Recipient: Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany

Recipient: Matomo, InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand

Recipient: Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA

Recipient: Firebase, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Downloads

Ich bin ein Tooltip.