Data protection notice

1.1 Purposes of data processing / legal basis:

We will of course treat any personal information you give us by email / telephone / post as confidential. We only use your data for the purpose of processing your request. The legal basis for data processing is article 6 para. 1 letter f) GDPR. The legitimate interest arises from the interest in answering your inquiries and thus maintaining and promoting customer satisfaction.

If you send us personal data within the scope of the contact options in the course of a contract initiation or an existing contractual relationship, Art. 6 Para. 1 lit. b) GDPR the legal basis for data processing.

Depending on the occasion and to the extent necessary, we transmit your personal data to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, as it processes possible customer inquiries you make by telephone, post and / or email on our behalf.

You are neither contractually nor legally obliged to provide us with personal data. However, if you do not provide us with the data required to process your request, we will not be able to process or answer your request.

All personal data that you send us in response to inquiries will be deleted or securely anonymized by us no later than 90 days after the final response to you. The storage period of 90 days is explained by the fact that it can happen from time to time that you contact us again after a reply on the same matter and we must then be able to refer to the previous correspondence. Experience has shown that, as a rule, queries about our answers do not occur after 90 days. If you assert your rights as a data subject, your personal data will be stored for 3 years after the final reply to prove that we have provided you with comprehensive information and that the legal requirements have been met.

Personal data that you transmit to us in the context of contract initiation or implementation will be deleted after 12 years at the latest.

When you visit this website, log files with the following content are generated:

• The website from which you accessed our site;
• The access date and time;
• Password:
• The client's request;
• The http response code;
• The amount of data transferred;
• The information about the browser you are using and the operating system you are using.

The legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR. The legitimate interest here arises from the protection of our systems and the prevention of abusive or fraudulent behavior each time a user accesses this website.

Insofar as processing of the data mentioned is necessary for the preparation or implementation of a contractual relationship, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR.

In exceptional cases, your personal data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm for support and maintenance purposes, as the TwoGo application and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

You are neither contractually nor legally obliged to provide us with personal data. However, for technical reasons, the data mentioned will be processed as soon as you access our website. If you no longer want to provide us with the data, this is only possible if you no longer use our website.

We store the data mentioned for a period of 32 days.

We, Schwarz Mobility Solutions GmbH, Stiftsbergstraße 1, 74172 Neckarsulm, are responsible for data processing in connection with the use of so-called cookies and other similar technologies for processing usage data on all (sub) domains at www. twogo.com / www.twogo.de .

Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in connection with the specific device used. However, this does not mean that we are immediately aware of your identity.

You can set your browser so that it informs you about the placement of cookies. So the use of cookies becomes transparent for you. You can also set the browser so that it generally does not accept cookies or only rejects cookies from individual providers. However, we would like to point out that this may affect the functionality of this website.

The use of cookies and the other technologies for processing usage data serves the following purposes - depending on the category of the cookie or the other technology:

• Necessary: Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
• Comfort: With the help of these techniques, we can take your actual or assumed preferences for the comfortable use of our website into account. For example, based on your settings, we can display our websites in a language that suits you. In this way, we also avoid showing you products that may not be available in your region.
• Statistics: These techniques enable us to create anonymous statistics on the use of our services for the purpose of tailoring them to your needs. This enables us, for example, to determine how we can adapt our websites even better to the habits of the users.
• Marketing: This enables us to show you suitable advertising content based on the analysis of your usage behavior. Your usage behavior can also be tracked via various websites, browsers or end devices using a user ID (unique identifier).

In the context of the use of cookies and similar techniques for processing usage data, the following types of personal data in particular are processed, depending on the purpose:

• Authentication data to identify a user after login in order to gain access to authorized content on further visits (eg access to the customer account);
• security-relevant events (eg detection of often failed login attempts);
• Data for the playback of multimedia content (e.g. playback of (product) videos selected by the user).

• Settings for the user interface adjustment that is not linked to a permanent identifier (e.g. active language selection).

• Pseudonymized usage profiles with information about the use of our website. These include in particular:
  • Browser type / version,
  • operating system used,
  • Referrer URL (the page previously visited),
  • Host name of the accessing computer (IP address),
  • Time of the server request,
  • individual user ID and
  • triggered events on the website (surfing behavior).
• The IP address is anonymized regularly, so that a conclusion about your person is generally excluded.
• We only merge the user ID with other data from you (e.g. name, email address, etc.) with your separate express consent (see, for example, section 6 of this data protection regulation). Based on the user ID itself, we cannot draw any conclusions about you personally.

• Pseudonymized usage profiles with information about the use of our website. These include in particular:
  • IP address,
  • individual user ID;
  • potential product interests,
  • triggered events on the website (surfing behavior).
• The IP addresses are anonymized regularly, so that a conclusion about your person is generally excluded.
• We only merge the user ID with other data from you (e.g. name, email address, etc.) with your separate express consent (see, for example, section 6 of this data protection regulation). Based on the user ID itself, we cannot draw any conclusions about you personally. We share the user ID and the associated usage profiles with third parties, if necessary, via the providers of advertising networks.

The legal basis for the use of preference, statistics and marketing cookies and similar technologies is your consent in accordance with Art. 6 Para. 1 lit. a) GDPR. The legal basis for the use of technically necessary cookies and similar technologies is Art. 6 Para. 1 lit. b) GDPR.

You can revoke / adjust your consent at any time with effect for the future without affecting the legality of the processing carried out on the basis of the consent up to the point of revocation. Simply click here and make your selection.

You can find an overview of information on the cookies used and other technologies, along with the respective processing purposes, storage periods and any third-party providers involved in our cookie policy.

In the context of data processing by means of cookies and similar techniques for processing usage data, we may use specialized service providers, in particular from the area of online marketing. They process your data on our behalf.

If you have consented to processing for marketing purposes, we may share your user ID and the associated usage profiles with third parties via the providers of advertising networks.

Further recipients in connection with data processing by means of cookies can be found in our Cookie Policy, under the name "Provider".

You are neither contractually nor legally obliged to provide us with personal data. If you do not want cookies to be set, you can prevent this using the settings mentioned, make a corresponding selection of the categories of cookies or revoke or adjust your consent, if applicable.

The storage period for cookies can be found in our cookie policy . Insofar as the information “persistent” is given in the “Expiry” column, the cookie will be stored permanently until the corresponding consent is revoked.

We offer you the opportunity to register for our newsletter. If you have consented to receive our newsletter, we will use your email address and, if applicable, your name to send you information (if possible individual) about TwoGo as well as related promotions, competitions and news.

With your consent, we record your usage behavior on our site. The evaluation of usage behavior includes in particular which areas of the respective website or newsletter you are in and which links you click there. Personalized usage profiles are created with the assignment of your person and / or e-mail address in order to be able to better tailor a possible promotional approach in the form of newsletters to your personal interests and to improve the website.

The legal basis for the data processing mentioned is your consent in accordance with Article 6 Paragraph 1 lit. a) GDPR.

In order to be able to ensure that no errors were made when entering the email address, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you You a confirmation link. Your e-mail address will only be added to our mailing list when you click on this confirmation link.

You can revoke your consent to the receipt of the newsletter and the creation of personalized usage profiles at any time with future effect, e.g. B. by unsubscribing from the newsletter on our website. You can find the link to the unsubscribe page here or at the end of each newsletter. When you unsubscribe, we consider your consent to the creation of your personalized user profile and the receipt of the newsletter based on it to be revoked. We will delete your usage data. This does not affect the lawfulness of data processing carried out until you receive your revocation.

In exceptional cases, your personal data may be accessible for support and maintenance purposes by Schwarz IT KG, Stiftsbergstrasse 1, 74172 Neckarsulm, since the TwoGo application and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

You are neither contractually nor legally obliged to provide us with personal data. Participation in the sending of the newsletter is voluntary for you and only takes place with your consent.

Your e-mail address and your name (if given) will be deleted as soon as you have unsubscribed from our newsletter.

We use our website on the basis of your consent in accordance with. Art. 6 Paragraph 1 lit. a) GDPR social plug-ins from the social networks Facebook and Twitter to offer you the opportunity to share trips that you plan or carry out using TwoGo in the aforementioned social networks. Responsibility for the data protection-compliant operation is to be guaranteed by the respective provider.

We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website in the best possible way. This means that when you visit our site, no personal data is initially passed on to the plug-in providers. The two-click method gives you the option of activating the deactivated social media plug-ins. The social media plug-ins integrated on our website are initially deactivated. The plug-ins are only activated by clicking on the plug-in symbol. Only after activation is personal data transmitted to the respective provider of the social media service.

The plug-in you have activated establishes a connection to the server of the social media provider you have selected via your browser. This activation can be deactivated at any time. The deactivation process does not result in data that have already been transmitted being deleted by the corresponding social media provider. You have the right to withdraw your consent at any time with future effect. The revocation can be done by deactivating the social media plug-in. The legality of the data processing carried out up to the point of revocation remains unaffected.

We have no influence on the data collected and data processing operations, nor are we aware of the full scope of the data collection and the purposes of the processing.

The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and / or to design its website in line with requirements. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of withdrawal at any time with future effect against the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and e.g. For example, if the page is linked, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile by the plug-in provider.

We use social media plug-ins from the following providers on our website:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http: //www.facebook .com / about / privacy / your-info # everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

You are neither contractually nor legally obliged to provide us with personal data. If you do not click and use the social media plug-in, you will not suffer any disadvantages.

We have no information about the deletion of the data collected by the plug-in provider.

We, Schwarz Mobility Solutions GmbH and partly the respective operators of the social media platforms are responsible for the data collection and processing shown below. For certain processing, we and the platform operator also act as jointly responsible within the meaning of Art. 26 GDPR.

We operate the following social media sites:

LinkedIn: https://www.linkedin.com/showcase/twogo
YouTube: https://www.youtube.com/channel/UC4esWVPfggo_oWbIIfIPJcA

We have only limited influence on the data processing by the operators of the social media platform (e.g. management of members and the information shared). At the points where we can influence and parameterize the data processing, we work towards the data protection-compliant handling by the operator of the social media platform within the scope of the possibilities available to us. In many places, however, we cannot influence the data processing by the operator of the social media platform and we do not know exactly which data is processed by the operator.

The platform operator operates the entire IT infrastructure of the service, maintains its own data protection regulations and maintains your own user relationship with you (provided you are a registered user of the social media service). In addition, the operator is solely responsible for all questions regarding the data in your user profile, to which we as a company have no access. You can find more information on data processing by the provider of the social media platform and other options for objection in the provider's privacy policy:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=d_org_guest_company_overview_footer-privacy-policy
YouTube: https://www.youtube.com/intl/de/about/policies/

6.3.1. Purposes and legal basis of data processing

The purpose of data processing by us on our social media presences is to inform customers about services, promotions, competitions, factual topics, company news and the interaction with visitors to the social media sites on these topics, as well as answering relevant questions, praise or criticism.

We only reserve the right to delete content if this is necessary. Possibly. we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Art. 6 Para. 1 lit. f) GDPR. The data processing takes place in the interest of our public relations and communication. The operator has no way of influencing the processing of your data by us as part of customer communication or competitions.

As already mentioned, we pay attention to the places where the provider of the social media platform gives us the opportunity to make our social media pages as data protection compliant as possible.

6.3.2. Recipients / categories of recipients

The data you enter on our social media pages, such as B. Comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are never used or processed by us for other purposes. We only reserve the right to delete illegal content if this is necessary. This is the case, for example, with infringing or illegal posts, hateful comments, suggestive comments (explicitly sexual content) or attachments (e.g. pictures or videos) that may violate copyrights, personal rights or criminal law.

Possibly. we share your content on our site if this is a function of the social media platform and communicate via the social media platform. If you send us a request on the social media platform, depending on the required response, we may also refer you to other, secure communication channels that guarantee confidentiality. You always have the option of sending us confidential inquiries to the address given under point A. or in the imprint.

6.3.3. Obligation to provide your data

You are neither contractually nor legally obliged to provide us with personal data. We do not collect any personal data from you when you use our pages on social media for purely informational purposes. If you do not want to provide us with any of your personal data, you can still visit our website. In this case, however, you cannot use advanced functions such as B. use the news function, posting pictures or articles, etc.

6.3.4. Storage period

All personal data that you send us in response to inquiries will be deleted or securely anonymized by us no later than 90 days after the final response to you. The storage period of 90 days is explained by the fact that it can happen from time to time that you contact us again after a reply on the same matter and we must then be able to refer to the previous correspondence. Experience has shown that, as a rule, queries about our answers do not occur after 90 days. If you assert your rights as a data subject, your personal data will be stored for 3 years after the final reply to prove that we have provided you with comprehensive information and that the legal requirements have been met.

All public posts by you on one of our social media pages remain in the timeline indefinitely, unless we delete them due to an update of the underlying topic, a legal violation or a violation of our guidelines or you delete the post yourself. Concerning. We have no influence over the deletion of your data by the operator himself. Therefore, the data protection regulations of the respective operator apply in addition.

There is partially a relationship with the operator of the social media service in accordance with Art. 26 Para. 1 GDPR (joint responsibility):

The platform operator and we act as jointly responsible for the web tracking methods used by the operator of the social media platform. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already shown, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot switch this off, for example.

The legal basis for the web tracking methods is Art. 6 Para. Lit. f) GDPR. The interest in optimizing the social media platform and the respective fan page is to be regarded as legitimate within the meaning of the aforementioned regulation.

Further information on the recipients or categories of recipients as well as the storage period or the criteria for determining the storage period can be found in the data protection declarations of the platform operators. We have no influence on this.

The options for exercising your rights to prevent these web tracking methods can be found in the data protection declarations of the platform operators listed. You can also contact the platform operator using the contact details given in the respective legal notice.

With regard to statistics that the provider of the social media platform makes available to us, we can only influence and also prevent them to a limited extent. However, we make sure that no additional optional statistics are made available to us.

Please be aware of this: It cannot be ruled out that the provider of the social media platform will use your profile and behavioral data, for example to evaluate your habits, personal relationships, preferences, etc. Schwarz Mobility Solutions GmbH has no influence on the processing or transfer of your data by the provider of the social media platform.

1.1.1. Information required to use TwoGo

If you want to create a user account with TwoGo and use TwoGo, it is necessary that you provide us with the following information in particular:

• First and last name (master data):
  • Are displayed to all participants of a mediated carpool and also to your followers and those users to whom you submit a trip request.
• Email address (contact details):
  • Used for user registration.
  • It is made available to all participants in a mediated car pool and also to your followers and those users to whom you submit a trip request.
  • We also use your email address to communicate with you, to confirm the opening of your account and to send you information about the use of TwoGo.
  • If you are a licensed user, we will send you an e-mail at regular intervals to the e-mail address provided, asking you to click a confirmation link. In this way we verify that you still belong to the licensed company.
• Password:
  • Used for user registration.
• Mobile phone number (contact details):
  • Is transmitted to all participants in a mediated car pool.
  • If you wish, we will also use your mobile phone number for notifications through TwoGo. (This TwoGo function is only available in selected countries. Accordingly, your data will only be processed in these countries for the stated purposes.)
• Home and business address (contact details):
  • Standard setting of the start and destination locations for regular journeys.
  • Used to quickly enter travel requests and receive relevant travel suggestions from TwoGo.
• Travel request data:
  • Include role as driver, passenger or both, start and destination address, earliest departure date & time, latest arrival date & time, maximum number of passengers and whether a return trip is required (including start and destination address and times at Return trip).
  • Are used by TwoGo to mediate the appropriate car pool and also by your followers and the users to whom you send a trip request.
  • When booking a pool vehicle of the licensed company, which is your employer or client, the licensed company will be shown for statistical evaluations.
• Vehicle data:
  • If you use TwoGo as a driver, this information is required for the use of TwoGo.
  • Include brand, model, color, hallmark.
  • If you as a driver offer carpooling, your vehicle data will be transmitted to all passengers in a mediated carpool.
  • The number of free places and your desired role will be transmitted to the followers and users to whom you send a trip request.
• Information about your employer (for freelancers, information about the client):
  • Based on the email address you used to log in to TwoGo or a possible token, we check whether you are a (freelance) employee of a licensed company so that we can assign you to this company and offer you extended functions in TwoGo.

We process your data on the basis of Art. 6 Para. 1 lit. b) GDPR, so that we can create your user account, make it available and make TwoGo available to you and link you to the travel requests and carpooling opportunities that you create while using our service or in which you participate. Furthermore, this information is used to exchange information with you and your followers and trip participants for a trip request or trip mediation.

1.1.2. Voluntary information

Within your TwoGo account you can choose to add further data. Depending on the data entered by you, we process the following data, in addition to the required data mentioned:

• Location data:
  • Will be transmitted to the other participants in your car pool, provided the mobile app has been installed and the location function has been activated in the app. This makes it easier for participants to find themselves in the public space.
• Vehicle data:
  • If you only use TwoGo as a passenger, this information is voluntary.
  • Include brand, model, color, hallmark.
  • If you as the driver offer carpooling, your vehicle data will be transmitted to all passengers in an arranged car pool.
  • The number of free places and your desired role will be transmitted to the followers and users to whom you send a trip request.
• Places (e.g. buildings on the company premises as start and destination addresses)
  • Are used to offer the user (company-specific) predefined locations for quick entry.
• Nickname / pseudonym
  • Can be used by the user if he participates in competitions within TwoGo and does not want to be named in the leaderboard by his real name.
• Photo
  • Is used to personalize your profile and to transmit carpools to passengers for the purpose of mutual identification.
  • For display in the follower function. Your photo will be displayed in the list of followers of the corresponding user (driver / passenger) you want to follow. Furthermore, your photo will be displayed in the respective lists of the users following you, as well as on the trip proposal that you share with the users following you. Users can follow you after you have arranged a ride from TwoGo or through your explicit invitation.
• gender
  • Is used to assign you, if necessary, driving requests from users who only want female drivers or passengers.
• Vehicle picture:
  • To personalize your profile and to transmit carpools to passengers for the purpose of mutual identification.
• If you use the points account within TwoGo, the data of the trip request or the mediated trip (role as driver, passenger or unmediated trip request) will be used to manage your points account.
• If you use TwoGo as a licensed user and want to take part in a competition initiated by your licensed company within TwoGo, we will forward your name, the points you have collected for the competition and your email address to the licensed company.

We process your data on the basis of Art. 6 Para. 1 lit. b) GDPR, so that we can create your user account, make it available and make TwoGo available to you and link you to the travel requests and carpooling opportunities that you create while using our service or in which you participate. Furthermore, this information is used to exchange information with you and your followers and trip participants for a trip request or trip mediation.

If you, as a licensed user, book a pool vehicle from your licensed company, statistical evaluations (see also point 4) for the journey you have created can be transmitted to the licensed company.

If you are a participant in a arranged trip in the role of a passenger in a pool vehicle of a licensed company, your trip data can be displayed to the licensed company for statistical evaluations (see also point 4). This also applies if you are not a licensed user and therefore not a (freelance) employee of the licensed company.

If you are a licensed user and your licensed company provides reserved parking spaces, we will, if requested by the licensed company, pass on your license plate to authorized persons of this company to check the parking authorization if you are a driver of a mediated or not yet mediated car pool.

In exceptional cases, your personal data may be accessible for support and maintenance purposes by Schwarz IT KG, Stiftsbergstrasse 1, 74172 Neckarsulm, since the TwoGo application and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

Depending on the occasion and to the extent necessary, we transmit your personal data to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, as it processes possible customer inquiries you make by telephone, post and / or email on our behalf.

In addition, your personal data may be accessible to other recipients on a case-by-case basis and only to the extent necessary, as far as this is necessary for the provision of TwoGo.

You are neither contractually nor legally obliged to provide us with your personal data if you are not interested in using TwoGo. However, if you use TwoGo and want to create a corresponding user account, you are obliged under our terms of use to provide the required mandatory information completely and truthfully.

We delete your personal data as follows:

You are neither contractually nor legally obliged to provide us with your personal data if you are not interested in using TwoGo. However, if you use TwoGo and want to create a corresponding user account, you are obliged under our terms of use to provide the required mandatory information completely and truthfully.

We delete your personal data as follows:

• Name, email address, password:
  • Deletion 7 days after registration if the registration has not been confirmed.
  • Deletion after 365 days of inactivity of the registered user.
  • Deletion at the end of a license contract: If you are a licensed user and the license of your licensed company ends, your user account in TwoGo will be completely deleted at this point in time.
  • Deletion of your usage authorization if you are an unauthorized license user.
  • Immediate deletion if you delete your user account.
• Other profile data:
  • Deletion after 365 days of inactivity of the registered user.
  • Deletion at the end of a license contract: If you are a licensed user and the license of your licensed company ends, your user account in TwoGo will be completely deleted at this point in time.
  • Deletion of your usage authorization if you are an unauthorized license user.
  • Immediate deletion if you delete your user account.
• Data of the trip request (start and destination address, earliest departure date & time, latest arrival date & time)
  • Immediate deletion if the trip request is canceled by the user
  • Deletion 41 days after the trip date.

If you use TwoGo through a web browser, regardless of any processing of the foregoing, we process the following personally identifiable information about you:

• The date you accessed the service and what action you took. We use this information for support purposes and to measure the frequency of use.
• We log your IP address. This helps us to prevent attacks on the system and to correct errors in the service.
• Further information can be found in the data protection information for the use of our website.

We process the data on the basis of Art. 6 Para. 1 lit. b) GDPR, so that we can create your user account via a web browser, make it available and make TwoGo available to you.

For some purposes we process the data mentioned on the basis of Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in measuring how often TwoGo is used.

In exceptional cases, your personal data may be accessible for support and maintenance purposes by Schwarz IT KG, Stiftsbergstrasse 1, 74172 Neckarsulm, since the TwoGo application and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

So that we can provide you with our service, we use geographic services from HERE Europe BV, Kennedyplein 222-226, 5611 ZT Eindhoven, The Netherlands. The following data is transmitted: start and destination, start of journey and your IP address.

Depending on the occasion and to the extent necessary, we transmit your personal data to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, as it processes possible customer inquiries you make by telephone, post and / or email on our behalf.

In addition, your personal data may be accessible to other recipients on a case-by-case basis and only to the extent necessary, as far as this is necessary for the provision of TwoGo.

You are neither contractually nor legally obliged to provide us with the personal data mentioned above. However, if you do not provide us with the data, we cannot give you access to TwoGo via a web browser.

We save the data mentioned for a period of 32 days.

When you use TwoGo through the TwoGo app, regardless of any processing of the foregoing, we process the following personally identifiable information about you:

• The date you accessed the service and what action you took. We use this information for support purposes and to measure the frequency of use.
• We log your IP address. This helps us to prevent attacks on the system and to correct errors in the service.
• Your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, email -Address
• Use of push notifications
  • If you use the TwoGo apps for Android or iOS, you will be informed of travel requests and status changes to journeys via push notification. For this purpose, when you open the app for the first time (after installation, before registration), your mobile device receives a device ID from the Firebase Cloud Messaging Service from Google (FCM) or Apple Push Notification Service (APNS) for the TwoGo- Assigned to app.
  • When you log in to TwoGo via the app, the created device ID is assigned to your user account. TwoGo then sends encrypted messages to the FCM server or the APNS to communicate travel requests or changes in the status of journeys (e.g. a journey has been brokered or a brokered journey has been changed or canceled). The FCM server or APNS sends you these messages on your mobile phone. The Android or iOS operating system forwards the messages to the TwoGo app on the device. The TwoGo app evaluates the messages and takes the appropriate action (e.g. load trip data from an updated trip from the TwoGo server, log off the user, etc.).
  • We point out that the servers for the Fire Base Cloud Messaging (GCM) service and the Apple Push Notification Service (APNS) are outside the scope of the “Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 on the protection of natural persons in the processing of personal data, on the free movement of data and on the repeal of Directive 95/46 / EC ”
  • However, no data is transmitted via these servers, on the basis of which a connection to your person can be established, so that neither Google nor Apple receive personal or related data from you.

We process the data on the basis of Art. 6 Para. 1 lit. b) GDPR, so that we can create your user account via the TwoGo app, make it available and make TwoGo available to you.

For some purposes we process the data mentioned on the basis of Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in measuring how often TwoGo is used and in ensuring the technical stability and security of the application.

In exceptional cases, your personal data may be accessible for support and maintenance purposes by Schwarz IT KG, Stiftsbergstrasse 1, 74172 Neckarsulm, since the TwoGo application and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

So that we can provide you with our service, we use geographic services from HERE Europe BV, Kennedyplein 222-226, 5611 ZT Eindhoven, The Netherlands. The following data is transmitted: start and destination, start of journey and your IP address.

Depending on the occasion and to the extent necessary, we transmit your personal data to Netlution GmbH, Landteilstr. 33, 68163 Mannheim, as it processes possible customer inquiries you make by telephone, post and / or email on our behalf.

In addition, your personal data may be accessible to other recipients on a case-by-case basis and only to the extent necessary, as far as this is necessary for the provision of TwoGo.

You are neither contractually nor legally obliged to provide us with the personal data mentioned above. However, if you do not provide us with the data, we cannot give you access to TwoGo via the TwoGo app.

We save the data mentioned for a period of 32 days.

With the Google Analytics for Firebase analysis tool, we can see how many users have installed the TwoGo app. We can also see that someone clicked on one of our advertisements (e.g. on Facebook) and was redirected to download the TwoGo app. However, we do not collect or receive any information with which users can be personally identified. The information collected with Google Analytics for Firebase is used only to compile statistics on the success and use of our advertising campaigns. The legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR. The legitimate interest arises from the interest in optimizing the TwoGo app and measuring the success of advertisements.

If the TwoGo app crashes, we receive anonymous data that shows which TwoGo app functions were last used by the user of the TwoGo app before the crash. These data relate exclusively to the TwoGo app and its functions and cannot be assigned to any individual user. They are only used for error analysis.

When using TwoGo, the following data in particular is recorded and used for statistical evaluations, provided you use TwoGo as a licensed user.

This information is no longer linked to a person. It is aggregated and thus anonymized data, which is composed of the following information:

4.1.1. User statistics

• Home address [city only. If fewer than 5 users are registered in this city, then only country]
• Gender [only if at least 5 users of the same gender are registered in a city]
• Date of last activity [only if at least 5 users were active on the same day, otherwise aggregation to the month (displayed as 01.month.year) or the year (displayed as 01.01.year)]
• Uploaded a profile picture [y / n]
• Has provided vehicle data [y / n]
• Uploaded a vehicle picture [y / n]
• registration date
• Minimum length (in percent) of the trip together
• Mediation limited to women [y/n, only if gender is specified as female]
• Maximum detour time (in minutes)
• preferred role (driver / passenger / both)
• Date of registration [only if at least 5 users registered on the same day, otherwise aggregation to the month (displayed as 01.month.year) or the year (displayed as 01.01.year)]

4.1.2. Statistics of travel requests per organizational location

• Desired role for this trip
• Trip is arranged [y / n]
• User is driver [y / n]
• Start / End Date [rounded to the hour]
• Start / destination [city only]
• Last activity date
• Distance per route
• Number of free seats for passengers
• Maximum detour time
• Potential savings [CO2 and €]
• User interface via which the request was created [calendar, web, mobile app]
• User has released display of their own location for passengers [y / n]

4.1.3. Daily statistics per organizational location

• Number of blocked users who could not use the service on the key date
• Number of users who have not confirmed their email address

We process the data mentioned on the basis of Art. 6 Paragraph 1 lit. f) GDPR. Our legitimate interest is to provide our licensed business customers with the specified data in the specified form, as this is part of our range of services for our business customers.

In exceptional cases, statistical data may be accessible for support and maintenance purposes from Schwarz IT KG, Stiftsbergstrasse 1, 74172 Neckarsulm, because the TwoGo application and your data are hosted and stored on our behalf on servers provided and operated by Schwarz IT KG.

Statistical data will be transmitted to your employer / client insofar as this is a licensed business customer of TwoGo and you use TwoGo in your function as a licensed user.

In addition, your personal data may be accessible to other recipients on a case-by-case basis and only to the extent necessary, as far as this is necessary for the provision of TwoGo.

You are neither legally nor contractually obliged to provide us with the data mentioned. However, the data are created as soon as you use TwoGo and are processed by us for the stated purposes and in the stated manner.

The statistical data mentioned are stored by us for one year. Irrespective of this, the data can be stored longer by your employer / client, but we have no influence on this.