TwoGo by SAP™

Privacy Statement for the Enterprise Version

Last updated on November 10, 2016

We have created this privacy statement to underline SAP’s obligation to protect the individual’s right to privacy. In this statement, we outline our procedure for handling personal data for this website. In terms of data protection legislation, SAP’s operation of the cloud service TwoGo by SAP is a function transfer.

1. What is personal data?

“Personal data” refers to all information relating to an identified or identifiable natural person; a person is “identifiable” if a reference to this person can be made directly or indirectly, in particular through association with an identification number or one or more factors specific to the person’s physical, physiological, mental, economic, cultural, or social identity.

In brief: With regard to your use of TwoGo by SAP, personal data is all information that refers to you as a person and that you make available to us or that we collect while you use our service.

2. Which personal data do we collect and why?

When you register for TwoGo by SAP, we ask you to provide the following data:

2.1 Mandatory Details:

  • First name and last name – communicated to everyone who is part of an organized shared ride
  • E-mail address – submitted by user to log on, communicated to everyone who is part of an organized shared ride, and used by TwoGo to communicate with the user. If an agreement has been made with your company, at regular intervals we will send an e-mail to the e-mail address provided, in which we will ask you to click on a confirmation link. This is how we will check that you still belong to the licensed company.
  • Password – used by user to log on
  • Cell phone number – communicated to everyone who is part of an organized shared ride
  • Private address and business address (act as dominant departure point and destination for recurring rides) – used for fast entry of ride intents and to receive relevant ride proposals from TwoGo.
  • Ride intent data (role as driver, passenger, or flexible, departure address and destination address, earliest departure date and time, latest arrival date and time, maximum number of passengers) – used by TwoGo to find a suitable shared ride.

2.2 OPTIONAL DETAILS:

  • Location data – communicated to the others who are part of your shared ride, if the mobile app has been installed and the location function in the app has been activated

  • Vehicle data (make, model, color, license plate), if you offer shared rides as a driver – communicated to everyone who is part of an organized shared ride. If you have been identified as a driver of a shared ride, the license plate of your vehicle can be accessed by your company, if your company provides specially reserved company parking spaces so that they can check whether you are authorized to park in these spaces.

  • Regular place of work (specifically defined buildings on company premises as departure address and destination address) – used to offer the user company-specific predefined locations for fast entry

  • Photograph

    • to customize your profile and to be communicated to the others who are part of the organized shared ride for the purpose of mutual identification
    • to be displayed in the follower feature. Your photograph will be displayed in the list of followers of the respective user (driver/passenger) whom you want to follow. Additionally, your photograph will be displayed in the respective lists of the users that follow you, as well as on the ride proposal that you post to your followers. Users can follow you in case you had a shared ride together or with your explicit invitation.
    • if you participate in the leader board and are one of the four best participants
  • Vehicle photograph – to customize your profile and to be communicated to the others who are part of the organized shared ride for the purpose of mutual identification

We can use this information to create your personal TwoGo by SAP account and to link you to the ride intents and shared rides that you create or are part of while you use our service. Furthermore, these details are used to exchange information with you and your fellow ride participants, as described further below. We use your e-mail domain to verify that you belong to a company or institution (“licensed organization”) that has the licenses required for this service.

When you access a TwoGo by SAP service (for example, log on to the website, create a ride intent, or change your personal data), we collect the date on which you accessed the service and which action you performed. We use this information for support purposes and to measure the frequency of use. We also log your IP address. This helps us protect the system from being attacked and helps eliminate errors from the service.

If you use the points account, the ride request data (role as driver, passenger, or flexible, departure address and destination address, earliest departure date and time, latest arrival date and time, maximum number of passengers) will also be used to manage your points account.

If you decide to use additional functionalities offered within the use of TwoGo by SAP, we may ask you to enter further personal data. In these cases, your personal data will only be used with your prior consent.

3. Use of cookies

Cookies are small text files stored on your computer by a website while you are browsing that website. They are often used so that websites function, or function more efficiently, and to provide the owners of websites with information.

TwoGo by SAP uses cookies to control your connection to the website, for example, to “note” your personal default settings, but does not use cookie tracking to collect information on you or your use of the website.

The following list explains which cookies TwoGo by SAP uses and why:

  • Session cookie JSESSIONID.
    This cookie is used to manage the user’s TwoGo by SAP session. It is deleted as soon as the browser is closed.

  • Security session cookie TGS[randomID].
    This cookie is created when the user logs on to the TwoGo by SAP website. It is used to identify the user’s security session and is deleted when the user logs off from the TwoGo by SAP website or closes the browser.

  • Keep me logged in cookie TGS[randomID].
    This cookie is created when the user logs on to the TwoGo by SAP website with the “keep me logged in for 2 weeks” feature activated. It is used to identify the user’s persistent session and is deleted when the user explicitly logs off from the TwoGo by SAP website or the period of two weeks has passed.

  • Protect from CSRF attacks cookie SAP_SECID_2GO_000.
    This cookie protects your connection to our servers from cross-site request forgery attacks. It is deleted as soon as the browser is closed.

In most Web browsers, you can use the browser settings to control most cookies to a certain extent. For example, in your browser help you can read how to configure your browser so that before you receive a cookie you are notified of how to delete cookies and so on. Note that it may not be possible to use the services if session cookies are not accepted.

4. Use of push services

If you use the TwoGo by SAP apps for Android or iOS, you will receive information about ride requests and ride status changes via push notification. For this purpose, the first time that you open the app (after installation, before registration), Google Cloud Messaging (GCM) or Apple Push Notification Service (APNS) assigns your mobile device a device ID for the TwoGo app. When you log on to TwoGo by SAP via the app, the created device ID is transferred to TwoGo by SAP and assigned to your user account. To communicate ride requests or ride status changes (for example, a ride has been organized, or an organized ride has been changed or canceled), TwoGo by SAP then sends encrypted messages to the GCM server or to the APNS. The GCM server or the APNS then delivers these messages to your smartphone the next time that the device connects with the GCM infrastructure or the APNS. The Android or iOS operating system forwards the messages to the TwoGo app on the device. The TwoGo app evaluates the messages and takes appropriate action (for example, loads ride date for an updated ride from the TwoGo server, logs off the user, and so on).

Please be advised that the server for the Google Cloud Messaging (GCM) service and the Apple Push Notification Service (APNS) may not be subject to the scope of the European Parliament and Council directive 95/46/EC dated October 26, 1995 regarding the protection of natural persons when processing personal data and regarding the free movement of data.

5. Use of data for statistical purposes

When using the TwoGo by SAP service, the following data is collected and used for statistical evaluations.

This information is no longer linked to a person. This is aggregated, and therefore anonymized data, which is compiled using the information listed in the following. This statistical data can be made accessible to your company or the licensed organization through which you registered, as a location-wide (or company-wide) aggregation, if your company would like statistics.

User statistics

  • Private address [only the city is mentioned. If fewer than 5 users are registered in this city, only the country is mentioned]
  • Gender [only if at least 5 users of the same gender are registered in a city]
  • Date of last activity [only if at least 5 users were active on the same day, otherwise aggregation for the month (displayed as month/01/year) or the year (displayed as 01/01/year)]
  • Has uploaded a profile picture [y/n]
  • Has specified vehicle data [y/n]
  • Has uploaded a vehicle picture [y/n]
  • Date of registration
  • Minimum length (in percent) of shared ride
  • Matching restricted to women [Y/N, only if gender Female is specified]
  • Maximum detour time (in minutes)
  • Preferred role (driver/passenger/both)
  • Date of registration [only if at least 5 users registered on the same day, otherwise aggregation for the month (displayed as month/01/year) or the year (displayed as 01/01/year)]

Ride intent statistics per company location

  • Desired role for this ride
  • Ride is organized [y/n]
  • User is driver [y/n]
  • Start date/end date [rounded to the nearest full hour]
  • Departure location/destination [city only]
  • Date of last activity
  • Distance per route
  • Number of free seats for passengers
  • Maximum detour time
  • Potential savings [CO2 and €]
  • User interface used to create the request

    [calendar, Web, mobile app]

  • User has released display of their location for passengers [y/n]

Daily statistics per company location

  • Number of users that cannot use the service on the key date
  • Number of users that have not confirmed their e-mail address

Note: Details of the statistics will be displayed only if the combination of the individual criteria results in more than 5 users. For example, if there are fewer than 5 users from the same city (private address) with the same gender who registered in the same year, the fields for the date of registration remain empty in the report.

6. Information from TwoGo

As part of our service, our system will communicate with you via e-mail. This exchange of information refers exclusively to rides or ride intents (for example, if we have found a suitable shared ride for you, the details of your ride have changed, or a potential ride starts or finishes near you).

We communicate via e-mail with users who use our services, and we communicate via telephone to process customer complaints or technical problems. We use your e-mail address to confirm the opening of your account and to send information on using the service.

7. How long do we retain personal data?

We delete all of your stored personal data as follows:

  • Name, e-mail address, password

    • Deleted 7 days after registration if the registration has not been confirmed
    • Deleted after the registered user has been inactive for 183 days
    • Deleted immediately when a user deletes his or her user account
    • Deleted at the end of the contract for the company version
    • Deleted if there is no response to the check agreed on with your company regarding the right to use the service
  • Other contact data and profile data (for example, cell phone number, private address and business address, regular place of work, photograph, vehicle data)

    • Deleted after the registered user has been inactive for 183 days
    • Deleted immediately when a user deletes his or her user account
    • Deleted at the end of the contract for the company version
    • Deleted if there is no response to the check agreed on with your company regarding the right to use the service
  • Ride intent data (departure address and destination address, earliest departure date and time, latest arrival date and time)

    • Deleted immediately when a user cancels the ride intent
    • Deleted 6 weeks after the ride
  • Deleted immediately when a user deletes his or her user account
  • Deleted at the end of the contract for the company version
  • Deleted if there is no response to the check agreed on with your company regarding the right to use the service
  • IP addresses

    • Deleted within 6 weeks

8. Transfer of your personal data

To combine your ride intents with ride intents of other users of TwoGo by SAP, we pass on the following information to other registered users: your first name and last name, cell phone number, e-mail address, pick-up location and drop-off location, and your vehicle data if you are the driver. If you have uploaded photographs, these will also be passed on to the others who are part of the organized shared ride.

If your company provides reserved company parking spaces, we will pass on the license plate of the shared ride driver to the company so that they can check authorization to park in these spaces.

Your company or the licensed organization through which you have registered can appoint one or more persons to manage the enterprise functions of TwoGo by SAP (for example, creating company-related locations or collecting aggregated statistics). For support purposes, these administrators can access all of your personal data and shared rides or ride intents, and lock or unlock your account. If no administrator is appointed, the user can contact TwoGo by SAP support.

9. Subprocessors

To be able to make our service available to you, we use geographical services provided by HERE Europe B.V., registered office: Kennedyplein 222-226, 5611 ZT Eindhoven, The Netherlands. The following data is passed on: departure and destination, start of ride, and your IP address.

SAP utilizes Computacenter AG, Europaring 34-40, 50170 Kerpen, which provides telephone support services for TwoGo by SAP on behalf of SAP. The following data is disclosed: all data listed under article 3.

We do not sell or rent your personal data to third parties.

10. Security of your personal data

SAP undertakes to protect all personal data that you provide us with. SAP uses a combination of industry-standard security technologies, procedures, and organizational measures to protect your personal data from unauthorized access or unauthorized use or disclosure in accordance with the German Federal Data Protection Act.

Our employees undertake to protect your rights to privacy and confidentiality.

All data and information that you make available, or that is otherwise collected while you use the TwoGo by SAP service, is stored only at SAP’s own data centers in Germany.

__

11. Queries, access, and update of your personal data

TwoGo by SAP requires your assistance to keep the personal data that you have shared with us up to date and to ensure it is complete. If you are a registered user, you can make these updates yourself online at https://www.twogo.com. You can also make updates or other changes by sending an e-mail to info@twogo.com.

If you have any questions about this privacy statement, or would like to view the information that we have stored for you, contact us at the following address:

TwoGo Support - info@twogo.com

We may change this privacy statement at our own discretion at any time. If this privacy statement changes, we will publish the changed privacy statement on the TwoGo by SAP website and will inform you of the change. If a change affects the use of personal data, which requires consent, SAP will obtain your express permission before implementing the change.