We are pleased that you are using our easy2fuel app. Hectronic GmbH (hereinafter “Hectronic”, “we” or “us”) attaches great importance to the security of users’ data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data by our app.
Responsible Authority:
Hectronic GmbH, Allmendstrasse 15, 79848 Bonndorf, Germany
Tel.: +49 7703 9388-0
E-mail: mail@hectronic.com
External Data Protection Officer:
DDSK GmbH
E-mail: datenschutz@hectronic. com
Terms
The technical terms used in this data protection declaration are to be understood as legally defined in Art. 4 DSGVO.
Automated data processing (log files etc.)
Our online offer can be used without actively providing personal information. However, we automatically store access data (server log files) with each use of our app, such as the operating system used, the date and duration of the visit, your device identification number and, for security reasons, e.g. to detect attacks on our website, the IP address. This data is evaluated exclusively to improve our offer and does not allow any conclusions to be drawn about the users of our app. This data is not merged with other data sources.
We process and use the data for the following purposes: providing the app, improving our app, preventing and detecting errors/malfunctions and misuse of the app.
To improve our app, we rely on crash reports. For this purpose, information such as the state of the app at the time of the crash, details of the manufacturer and operating system of the mobile device and the time of the crash are transmitted to the service provider we use with your express consent.
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO); legitimate interest, according to Art. 6 para. 1 lit. f) DSGVO
Legitimate interests: Ensuring the functionality, error-free and secure operation of the app operation of the app and to adapt this app to the requirements of the users’ requirements.
Firebase Crashlytics
Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy?hl=de&gl=de
Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO)
Third country transfer guarantee: Standard data protection clauses Art. 46 para. 2 c) DSGVO https://policies.google.com/privacy/frameworks?hl=de
We have integrated functions and content (map service) into our online offer that are obtained from third-party providers.
In order for visitors to our online offer to be able to view this content, the respective third-party provider processes, among other things, the IP address of the user so that the content can be transmitted to the browser and displayed. Without this processing procedure, the display of third-party content is not possible.
In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the user’s browser or operating system, the time of the visit or referring websites. The data obtained in this way is stored in cookies on the user’s terminal device.
In order to protect the personal data of visitors to our online offering, we have taken certain security precautions to prevent the automatic transmission of this data. This data is only transmitted when users use the buttons or click on the third-party content.
Categories of data subjects: Users of the plug-in or embedded third-party content
Categories of data: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. email address, telephone number), master data (e.g. name, address).
Purposes of processing: Designing our online offer, increasing the reach of advertisements on social media, sharing posts and content, interest and behaviour-based marketing, cross-device tracking.
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO)
Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy?hl=de&gl=de
Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO)
Third country transfer guarantee: Standard data protection clauses Art. 46 para. 2 c) DSGVO https://policies.google.com/privacy/frameworks?hl=de
In order to make and receive payments easily, we use various payment service providers in addition to banks and other credit institutions.
In order to make transactions particularly convenient and uncomplicated for you, payments to us can also be made via payment service providers. The payment service providers process the data required for the transaction; when using the payment service provider, we do not receive any of the data that the visitors to our online offer have provided to them. When using a payment service provider, we only receive information with confirmation or negative information about the payment.
Categories Concerned: Customers
Categories of data: Master data (e.g. name, address), transaction data (bank details, credit card number, invoices, payment history), contract data (e.g. subject matter of contract, term), meta and communication data (e.g. device information, IP address), contact data (e.g. email address, telephone number).
Purposes of processing: Simplification of order and payment processing, outsourcing, data economy
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) DSGVO)
Legitimate interests: Simplification of workflows, resource-efficient fulfilment, market research, service provision.
Amazon Payments
Service used: Amazon.com, Inc., 2021 Seventh Ave, Seattle, Washington 98121, USA
Data protection: https://www.amazon.de/gp/help/customer/display.html/ref=ap_desktop_footer_privacy_notice?ie=UTF8&nodeId=3312401
American Express
Service used: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany
Data protection: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html
Apple Pay
Service used: Apple Inc., One Apple Park Way, Cupertino, California 95014, USA
Data protection: https://www.apple.com/legal/privacy/de-ww/
Flattr
Service used: Flattr AB, Box 4111, 203 12 Malmö, Sweden
Data protection: https://flattr.com/privacy
Fundraising box
Service used: Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany
Data protection: https://www.fundraisingbox.com/datenschutz/
Giropay
Service used: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany
Data protection: https://www.giropay.de/rechtliches/datenschutzerklaerung
Google Pay
Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy?hl=de&gl=de
Klarna
Service used: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
Data protection: https://www.klarna.com/de/datenschutz/
Instant bank transfer
Service used: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany
Data protection: https://www.sofort.de/datenschutz.html
Mastercard
Service used: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Data protection: https://www.mastercard.de/de-de/datenschutz.html
PAYONE
Service used: Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany
Data protection: https://www.payone.com/DE-de/datenschutz
PayPal
Service used: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
Skrill
Service used: Skrill Limited 25 Canada Square, London E14 5LQ, United Kingdom
Data protection: https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/
Stripe
Service used: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA;
Data protection: https://stripe.com/de/privacy
Visa
Service used: Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom
Data protection: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
We offer the possibility in the app to contact us directly or to obtain information via various contact options.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary to answer or process the enquiry. Depending on how we are contacted, the data processed may vary.
Categories of persons concerned: Inquiring persons
Categories of data: Master data (e.g. name, first name), contact data (e-mail address), content data (text entries), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).
Purposes of processing: Processing of requests
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO), fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) DSGVO)
We offer the possibility to create a user account in the app. However, you can also use the app as a “guest” without registering. As part of the registration process, we collect the necessary data from interested visitors, which we need to provide a user account and the associated functions.
If users decide to register, they will receive an e-mail which must be confirmed and which serves to prevent the misuse of false e-mail addresses.
To protect the use of the internal area, we collect the IP addresses and the time of access to prevent misuse of a user account and unauthorised use. We do not pass this data on to third parties unless this is necessary to pursue our claims or we are legally obliged to do so.
Categories Concerned: Registered users
Categories Data: Master data (e.g. name, card issuer), contact data (e.g. email address, telephone number), login data (customer number, password), meta and communication data (e.g. device information, IP addresses), usage data (e.g. day, time, petrol station, pillar number).
Purposes of the processing: Facilitation of the website function, contract fulfilment, customer retention.
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO)
Our offer includes so-called location-based services with which we can show you the petrol stations in your vicinity. You can only use this function if you have agreed to a pop-up that we can collect your location data by means of GPS and/or your IP address in anonymised form for the purpose of providing the service. You can choose whether you allow the use of the device location once, refuse it or generally allow it every time you use the app. The location coordinates are only processed temporarily within the app and are not transmitted to our servers.
Categories of persons concerned: Registered users, “guests“
Categories Data: Location data (GPS, IP address),
Purposes of processing: Provision of location-based functions within the app
Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO)
We transmit the personal data of visitors to our online offer for internal purposes (e.g. for internal administration or to the personnel department in order to comply with legal or contractual obligations). The internal data transfer or disclosure of data only takes place to the extent necessary and in compliance with the relevant data protection regulations.
We are a globally active company with headquarters in Germany. The data of visitors to our app is stored in our centralised customer database in Germany in compliance with the relevant data protection regulations. Processing beyond administrative purposes does not take place.
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) DSGVO)
Legitimate interests: Centralised management and administration within the company to exploit synergy effects, cost savings, increased effectiveness
In order to execute contracts or to fulfil a legal obligation, it may be necessary for us to pass on personal data. If we are not provided with the data required in this respect, it may not be possible to conclude the contract with the data subject.
In the event that we transfer data to a country outside the EEA for processing, we ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded standard contractual clauses including a separate regulation of appropriate technical and organisational measures to protect the data of data subjects in the best possible way. In the case of a third country transfer, we have linked you to the guarantees used directly in the description of the service used.
As a matter of principle, we store the data of visitors to our online offer for as long as this is necessary for the provision of our service or insofar as this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to comply with legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).
The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and are applicable together with or in addition to the GDPR where applicable.
Consent: Art. 6 para. 1 lit. a) DSGVO serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Performance of a contract: Art. 6(1)(b) DSGVO serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject.
Legal obligation: Art. 6 para. 1 lit. c) DSGVO serves as the legal basis for processing which is necessary for the fulfilment of a legal obligation.
Vital interests: Article 6(1)(d) of the GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: Article 6(1)(e) of the GDPR serves as the legal basis for processing operations necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interest: Article 6(1)(f) of the GDPR serves as the legal basis for processing necessary to protect the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Right to information: Pursuant to Art. 15 of the GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. They can request information about this data as well as the further information listed in Art. 15 (1) DSGVO and a copy of their data.
Right to rectification: Pursuant to Art. 16 of the GDPR, data subjects have the right to request the rectification or completion of data concerning them and processed by us.
Right to erasure: In accordance with Article 17 of the GDPR, data subjects have the right to demand the immediate deletion of the data concerning them. Alternatively, they can demand that we restrict the processing of their data in accordance with Article 18 of the GDPR.
Right to data portability: Pursuant to Art. 20 of the GDPR, data subjects have the right to request that the data they have provided to us be made available and transferred to another controller.
Right of complaint: Data subjects also have the right to complain to the supervisory authority responsible for them in accordance with Article 77 of the GDPR.
Right to object: If personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) DSGVO, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.
Some data processing operations are only possible with the express consent of the data subjects. You have the possibility to revoke an already granted consent at any time. All you need to do is send us an informal message or e-mail to datenschutz@hectronic. com to us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
We reserve the right to adapt this data protection notice at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations so that it meets the legal requirements.
This privacy policy was created by the DDSK GmbH
State of Data Protection Declaration
16 February 2021