TwoGo by SAP™
Last updated on August 2018
We have created this Privacy Statement to underline SAP's obligation to protect the individual's right to privacy. In this statement, we outline our procedure for handling personal data for the TwoGo service. In terms of data protection legislation, the operation by SAP of the cloud service TwoGo by SAP represents a function transfer.
1. What is personal data?
"Personal data" refers to all information relating to an identified or identifiable natural person; a person is "identifiable" if a reference to this person can be made directly or indirectly, in particular by association with an identification number or one or more factors specific to the person's physical, physiological, mental, economic, cultural, or social identity.
In brief: with regard to your use of TwoGo by SAP, personal data is all information that refers to you as a person and that you make available to us or that we collect while you use our service.
2. Which personal data do we collect and why?
When you register for TwoGo by SAP, we ask you to provide the following data:
2.1 Required Fields:
- First name and last name – displayed to everyone who is part of an organized shared ride, plus your followers and those users to whom you communicate a ride intent.
- Email address – submitted by the User to log on, communicated to everyone who is part of an organized shared ride, plus your followers and those users to whom you communicate a ride intent, and used by TwoGo to communicate with the User. We will send you an e-mail at regular intervals to the specified e-mail address in which we will ask you to click a confirmation link. This is how we check you are still employed by the licensed company/organization.
- Password – used by the User to log on.
- Cell phone number – communicated to everyone who is part of a matched shared ride.
- Private address and business address (act as dominant departure and destination points for recurring rides) – used for the fast entry of ride intents and to receive relevant ride proposals from "TwoGo".
- Ride intent data (role as driver, passenger or both, departure and destination address, earliest departure date and time, latest arrival date and time, maximum number of passengers) – are used by "TwoGo" to match a suitable shared ride and also by your followers and Users to whom you send a ride intent.
2.2 OPTIONAL DETAILS:
- Location data – communicated to the others who are part of your shared ride, if the mobile app has been installed and the location function in the app has been activated.
- Vehicle data (make, model, color, license plate), if you offer shared rides as a driver – communicated to everyone who is part of an organized shared ride. The number of free spaces plus your desired role is communicated to the followers and those users to whom you send a ride request. If you, as a licensed User, have been identified as a driver of a shared ride, the license plate of your vehicle can be accessed by your company/organization, if your company/organization provides specially reserved parking spaces and can therefore check your parking authorization.
- Locations (e.g. building on the company premises as starting point and destination) - used to offer the User company-specific predefined locations for rapid entry.
- used to customize your profile and to be communicated to the others who are part of the organized shared ride for the purpose of mutual identification.
- For display in the Follower function. Your photograph will be displayed in the list of followers of the respective User (driver/passenger) whom you want to follow. Additionally, your photograph will be displayed in the respective lists of the Users that follow you, as well as on the ride proposal that you post to your followers. Users can follow you in case you had a shared ride together or with your explicit invitation.
- Vehicle photograph – used to customize your profile and to be communicated to the others who are part of the organized shared ride for the purpose of mutual identification.
- Ride intent data (role as driver, passenger or both, departure and destination address, earliest departure date and time, latest arrival date and time, maximum number of passengers) – are displayed for purposes of statistical analysis when a pool vehicle from your organization is booked.
- Data for a matched journey (role as driver, passenger or both, start and destination address, – is displayed for purposes of statistical analysis by the licensing organization for a ride in a pooled vehicle. Even if you are not a User from the licensing organization.
We can use this information to create your personal TwoGo by SAP account and to link you to the ride intents and shared rides that you create or are a part of while you use our service. Furthermore, these details are used to exchange information with you, your followers, and your fellow ride participants for a ride request or ride matching, as described further below. We use your email domain or a token to verify that you belong to a company/organization or institution ("licensed organization") that has the licenses required for this Service.
If you access a "TwoGo by SAP" Service (e.g. log in to the website, create an intended trip, change your personal data), we capture the date when you accessed the Service and the action you performed. We use this information for support purposes and to measure the frequency of use. We also log your IP address. This helps us protect the system from being attacked and helps eliminate errors from the service.
If you use the points account, the travel intent data or matched ride (driver or passenger role, or unmatched travel intent) is used to manage your points account.
If you decide to use additional functions offered as part of using "TwoGo by SAP", we may ask you to enter further personal data. In these cases, your personal data will only be used with your prior consent.
Cookies are small text files stored on your computer by a website while you are browsing that website. They are often used so that websites function, or function more efficiently, and to provide the owners of websites with information.
The following list explains which cookies TwoGo by SAP uses and why:
- Session cookie JSESSIONID
This cookie is used to manage the User's "TwoGo by SAP" session. It is deleted as soon as the browser is closed
- Security session cookie TGS [randomID]
This cookie is created when the User logs on to the "TwoGo by SAP" website. It is used to identify the User's security session and is deleted when the User logs off from the "TwoGo by SAP" website or closes the browser
- Remember Me cookie TGP [randomID]
This cookie is created when the User logs on to the "TwoGo by SAP" website with the function "stay logged in for 2 weeks" enabled. It is used to identify the User's persistent session and is deleted when the User explicitly logs off from the "TwoGo by SAP" website or the two-week time limit has expired.
- Protect from CSRF attacks cookie SAP_SECID_2GO_000.
This cookie protects your connection to our servers from cross-site request forgery attacks. It is deleted as soon as the browser is closed.
In most web browsers, you can use the browser settings to control most cookies to a certain extent. For example, in your browser Help you can read how to configure your browser so that before you receive a cookie you are notified of how to delete cookies etc. Note that it may not be possible to use the Services if session cookies are not accepted.
4. Use of Push Services
If you use the TwoGo by SAP apps for Android or iOS, you will receive information about ride intents and ride status changes via push notification. For this purpose, the first time that you open the app (after installing it and prior to registration), Google Cloud Messaging (GCM) or Apple Push Notification Service (APNS) assigns your mobile device a device ID for the "TwoGo" app. When you log on to TwoGo by SAP via the app, the created device ID is transferred to TwoGo by SAP and assigned to your User account. To communicate ride requests or ride status changes (for example, a ride has been organized, or an organized ride has been changed or canceled), "TwoGo by SAP" then sends encrypted messages to the GCM server or to the APNS. The GCM server or the APNS then delivers these messages to your smartphone the next time the device connects with the GCM infrastructure or the APNS. The Android or iOS operating system forwards the messages to the TwoGo app on the device. The "TwoGo" app evaluates the messages and performs the appropriate action (e.g. loads the ride trip data for an updated ride from the "TwoGo" server, logs the User off, etc.).
Please be advised that the server for the Google Cloud Messaging (GCM) service and the Apple Push Notification Service (APNS) may not be subject to the scope of the European Parliament and Council Directive 95/46/EC, dated October 26, 1995 regarding the protection of natural persons when processing personal data and regarding the free movement of data.
5. Use of Data for Statistical Purposes
The following data is collected and used for statistical analysis when you use the TwoGo by SAP service if you are a licensed User of TwoGo by SAP.
This information is no longer linked to a person. The data is aggregated, and therefore anonymized data, which is compiled using the information listed in the following. This statistical data can be made accessible to your company or the licensed organization through which you registered as a location-wide (or company-wide) aggregation if your company/organization would like statistics.
- Private address [only the city is mentioned. If fewer than 5 Users are registered in this city, only the country is mentioned]
- Gender [only if at least 5 Users of the same gender are registered in a city]
- Date of last activity [only if at least 5 Users were active on the same day, otherwise aggregation for the month (displayed as month/01/year) or the year (displayed as 01/01/year)]
- Has uploaded a profile picture [y/n]
- Has specified vehicle data [y/n]
- Has uploaded a vehicle picture [y/n]
- Date of registration
- Minimum length (in percent) of shared ride
- Matching restricted to women [y/n, only if Female is specified as the gender]
- Maximum detour time (in minutes)
- Preferred role (driver/passenger/both)
- Date of registration [only if at least 5 Users registered on the same day, otherwise aggregation for the month (displayed as month/01/year) or the year (displayed as 01/01/year)]
Statistics for ride requests per organization location
- Desired role for this ride
- Ride is organized [y/n]
- User is driver [y/n]
- Start date/end date [rounded to the nearest full hour]
- Departure location/destination [city only]
- Date of last activity
- Distance per route
- Number of free seats for passengers
- Maximum detour time
- Potential savings [CO2 and €]
- User interface over which the request was created [calendar, web, mobile app]
- User has released display of their location for passengers [y/n]
Daily Statistics per Organization Location
- Number of blocked Users who are not allowed to use the service on the specific date
- Number of Users who still have to confirm their email address
Note: Details of the statistics will be displayed only if the combination of the individual criteria results in more than 5 Users. For example, if there are fewer than 5 users from the same city (private address) with the same gender who registered in the same year, the fields for the date of registration remain empty in the report.
Use of Data for Promotions (Competitions)
If you are a User of TwoGo by SAP and take part in a promotion at your company, SAP transfers your name, points and email address to your company.
6. Information from TwoGo
As part of our service, our system will communicate with you via email. This exchange of information refers exclusively to rides or ride intents and offers for rides in the neighborhood, assuming you have activated this service (for example, if we have found a suitable shared ride for you, the details of your ride have changed, or a potential ride starts or finishes near you).
We communicate via email with Users who use our services, and we communicate via telephone to process customer complaints or technical problems. We use your email address to confirm the opening of your account and to send information on using the service.
7. How long do we retain personal data?
We delete all of your stored personal data as follows:
Name, email address, password
- Deleted 7 days after registration if the registration has not been confirmed
- Deletion after the registered User has been inactive for 183 days, unless they have linked their TwoGo account to their Concur account
- Deleted immediately when a user deletes his or her user account
- Deleted when the license agreement comes to an end
- Deletion of your authorization to use if you are an unauthorized license User
Other contact and profile data (e.g. mobile phone number, home and work addresses, location, organization location, photograph, vehicle data)
Ride intent data (departure address and destination address, earliest departure date and time, latest arrival date and time)
- Deleted immediately when a user cancels the ride intent
- Deleted 6 weeks after the ride
- Deleted within 6 weeks
8. Transfer of your Personal Data
In order to combine your ride requests with the ride requests of other Users of TwoGo by SAP, we pass on the following information to other registered Users: your first name and last name, cell phone number, email address if these Users are part of an organized shared ride, pick-up location and drop-off location, and your vehicle data if you are the driver. If you have uploaded photographs, these will also be passed on to these participants.
If you are a licensed user and reserved parking spaces are available, we give a car pool driver's license plate number for a matched or yet to be matched shared ride to authorized persons in this organization so that they can verify the driver's authorization to park.
- If you are a licensed user, your organization can appoint one or more persons to administrate the "TwoGo by SAP" license version. For support purposes, these administrators can access all of your personal data and shared rides or ride intents, and lock or unlock your account. If no administrator is appointed, the User can contact "TwoGo by SAP" Support.
If you take up a booking for a pool vehicle from your organization, statistical analyses of the trip created for you may be displayed.
If you go on a matched journey as passenger in a pooled vehicle, then your journey data may be displayed for purposes of statistical analysis by the licensing organization. Even if you are not a User from the licensing organization.
To provide you with our service, we use the geography services of HERE Europe B.V. with registered office at: Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands. The following data is passed on: departure and destination, start of ride, your IP address.
SAP utilizes Netlution GmbH, Landteilstr. 33, 68163 Mannheim, Germany which provides telephone support services on behalf of SAP for "TwoGo by SAP". The following data is disclosed: all data listed under Article 2.
We do not sell or rent your personal data to third parties.
10. Security of your Personal Data
SAP undertakes to protect all personal data that you provide us with. SAP uses a combination of industry-standard security technologies, procedures, and organizational measures to protect your personal data from unauthorized access or use, or disclosure in accordance with the German Federal Data Protection Act.
Our employees undertake to protect your rights to privacy and confidentiality.
All data and information that you make available, or that is otherwise collected while you use the TwoGo by SAP service, is stored exclusively at SAP-proprietary data centers in Germany.
11. Queries, Access, and Update to your Personal Data
TwoGo by SAP requires your assistance to keep the personal data that you have shared with us up to date and to ensure it is complete. If you are a registered User, you can perform these updates yourself online at https://www.twogo.com. You can also perform updates or other changes by sending an email to email@example.com.
If you have any questions about this Privacy Statement, or would like to view the information that we have stored on you, please contact us at the following address:
TwoGo Support - firstname.lastname@example.org
We may change this Privacy Statement at our own discretion at any time. If we change this Privacy Statement, we will publish the changed Privacy Statement on the "TwoGo" website and inform you of the change. SAP shall obtain your express consent before implementing a change if it relates to the use of personal data that is subject to you providing your consent.