{firstname} {lastname}

Privacy Statement

Controller within the meaning of the General Data Protection Regulation (“GDPR”) is:

car2go Deutschland GmbH („Wir“ „car2go“)

Fasanenweg 15-17

70771 Leinfelden-Echterdingen

E-Mail: kundenservice@car2go.com


Data Protection Officer:

Chief Officer Corporate Data Protection

HPC G353

D-70546 Stuttgart

Germany

E-Mail: dataprotection@daimler.com

1. Data protection

We are pleased about your visit on our web pages and your interest in our offers. The protection of your personal data is an important concern for us. In these Privacy Statement we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and which rights and claims are associated with it for you. In addition, we refer to the Daimler Data Protection Policy.

Our Privacy Statement for the use of our websites and the Data Protection Policy of Daimler AG do not apply to your activities on the websites of social networks or other providers that you can reach via the links on our websites. Please check the websites of these providers for their data protection regulations.


2. Collection and processing of your personal data

a. When you visit our website, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g. whether you were able to access a website or received an error message), the use of website functions, the search terms you may have entered, the frequency with which you access individual websites, the designation of files accessed, the amount of data transferred, the website from which you accessed our websites and the website which you visit from our websites, either by clicking on links on our websites or by entering a domain directly in the input field of the same tab (or the same window) of your browser in which you opened our websites. We also store your IP address and the name of your Internet service provider for sixty days for security reasons, in particular to prevent and detect attacks on our websites or attempts at fraud.

b. We only store other personal data if you provide this data, e.g. as part of a registration, a contact form, a survey, a price com-petition or for the execution of a contract, and even in these cases only insofar as this is permitted to us on the basis of a consent given by you or in accordance with the applicable legal provisions (further information on this can be found below in the section "Legal basis of processing").

c. You are not legally or contractually obliged to make available your personal data. However, it is possible that certain functions of our websites depend on the availability of personal data. If you do not make available personal data in these cases, this may result in functions not being available or only being availa-ble to a limited extent.


3. Purposes of use

a. We use the personal data collected when you visit our website in order to operate it in the most convenient manner for your use and to protect our IT systems from attacks and other illegal activities.

b. If you provide us with further personal data, e.g. within the scope of a registration, a contact form, a survey, a price competition or for the execution of a contract, we use this data for the purposes mentioned, for the purposes of customer administration and - if necessary - for the purposes of processing and accounting of any business transactions, in each case to the extent required for this.


4. Transfer of personal data to third parties; social plug-ins

a. Our websites may also contain offers of third parties. If you click on such an offer, we transfer data to the respective provider to the required extent (e.g. information that you have found this offer with us and, if applicable, further information that you have already provided on our websites for this purpose).

b. When we use social plug-ins on our websites from social networks such as Facebook, Twitter and Google+, we integrate them as follows:

When you visit our websites, the social plug-ins are deactivated, i.e. no data is transmitted to the operators of these networks. If you want to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.

If you have a user account on the network and are logged in when you activate the social plug-in, the network can associate your visit to our websites with your user account. If you want to avoid this, please log out of the network before activating the social plug-in. A social network cannot associate a visit to other car2go websites until you have activated an existing social plug-in.

When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that network.

The social plug-in remains active until you deactivate it or delete your cookies.

Cookie Statement

c. If you click on the link to an offer or activate a social plug-in, per-sonal data may reach providers in countries outside the European Economic Area that, from the point of view of the European Union ("EU"), may not guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. Please remember this fact before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.


5. Analysis of usage data; use of analysis tools

a. We would like to tailor the content of our websites as precisely as possible to your interests and in this way improve our offer for you. In order to identify usage preferences and particularly popular areas of the websites, we use the following analysis tool(s): Adobe Analytics, Optimizely.

b. When using these analysis tools, data may be transferred to servers located in the USA and processed there. Please note the following: In the USA, the European Union considers that there is no "adequate level of protection" for the processing of personal data in accordance with EU standards. However, this level of protection can be replaced for individual companies by certification according to the so-called "EU-U.S. Privacy Shield".

c. If you do not want us to collect and analyze information about your visit to our website using the analysis tools mentioned above, you can object to this at any time with effect for the future ("opt-out").

We implement your objection by setting an opt-out cookie in your browser. This cookie is only used to associate your objection. Please note that for technical reasons, an opt-out cookie only works in the browser in which it was set. If you delete the cookies or use a different browser or device, please opt-out again.

d. Below you will find information on the providers of the analysis tools we use and the respective opt-out options:

i. Adobe Systems Inc. (“Adobe“)

Adobe is certified according to the EU-U.S. Privacy Shield.

To object to the analysis through the product Adobe Analytics, you can follow this link:

Install the opt-out cookie (Adobe Omniture)

ii. For multivariate and A/B testing purposes, car2go uses Optimizely. This service uses cookies to identify a visitor's browser and track website usage while on the car2go website. The cookies do not collect personal information about you.

Optimizely is certified according to the EU-U.S. Privacy Shield.

Learn how Optimizely uses your data

Click here to opt out from Optimizely


6. Usage-based information (targeting and retargeting)

In order to be able to tailor our online marketing (e.g. banner advertis-ing) on the websites of our retargeting partners (Google Dynamic Re-marketing and google Adwords) more specifically to your needs and interests, we use so-called retargeting technologies. Your interest in our products and services is stored in cookies. These cookies are read and used when visiting other websites that work together with our re-targeting partners in order to be able to inform you as focused on your interests as possible. This is done anonymously, i.e. you cannot be identified by retargeting.

Within our web presence, we use the Website-Custom-Audience-Pixel of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Facebook is certified according to the EU-U.S. Privacy Shield.

This allows us to follow the Internet behavior of our users once they have viewed or clicked on a Facebook ad. Through this, we are able to evaluate the effectiveness of the Facebook ads for statistical and market research purposes and can thus optimize our advertising measures. When you visit our website, this information is passed on to Facebook.

The data collected by us is anonymous and gives us no indication of the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook are able to use the data for its own advertising purposes in accordance with Facebook’s data use policy. You can allow Facebook and its partners to display ads on and off Facebook. Additionally, a cookie can be stored on your hard drive for this purpose.

Facebook’s data use policy provides information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy and can be found here: https://www.facebook.com/policy.php. And information on the settings for the display of personalized ads can be viewed here: https://www.facebook.com/ads/about/.

Deactivate the Website-Custom-Audience-Pixel

If you do not want car2go and its retargeting partners to collect, store and analyze information about your visit and to tailor banner advertising to your interests, you can object to this at any time with effect for the future (opt-out).

An opt-out cookie is placed in your browser to technically implement your objection. This cookie is used exclusively for the association of your objection. Please note that for technical reasons, an opt-out cookie can only be used for the browser from which it was set. If you delete the cookies or use another browser or another terminal device, please opt-out again.

You can manage and disable the use of cookies by third parties on the following website :

Install the opt-out cookie


7. Security

We use technical and organisational security measures to protect your data managed by us against manipulation, loss, destruction and against access by unauthorised persons. We are constantly improving our security measures in line with technological developments.


8. Legal bases of processing

a. Insofar as you have given us your consent for the processing of your personal data, that consent is the legal basis for the processing (Art. 6 para. 1 letter a GDPR).

b. For the processing of personal data for the purposes of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.

c. Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g. for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 letter c GDPR.

d. In addition, we process personal data for the purposes of safe-guarding our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 para. 1 letter f GDPR. Maintaining the functionality of our IT systems, marketing our own and third-party products and services as well as documenting business con-tacts as required by law are such legitimate interests.


9. Deletion of your personal data

Your IP address and the name of your Internet service provider, which we only store for security reasons, will be deleted after seven days. Otherwise, we delete your personal data as soon as the purpose for which we have collected and processed the data ceases to apply. Beyond this point in time, data is only stored if this is required by the laws, regulations or other legal provisions of the European Union or of a member state of the European Union to which we are subject.


10. Rights of the data subject

a. As a data subject, you have the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data porta-bility (Art. 20 GDPR).

b. If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The legality of processing your personal data before revocation remains unaffected. We may further process such data pursuant to another applicable legal basis, e.g. for the fulfilment of our legal obligations (cf. section "Legal bases of processing").

c. Right to object

You have the right to object at any time to the processing of your person-al data pursuant to Art. 6 para. 1 letter e GDPR (data processing in the public interest) or Art. 6 para. 1 letter f GDPR (data processing on the ba-sis of a balance of interests) on grounds relating to your particular situa-tion. If you object, we will only process your personal data if we can prove compelling legitimate reasons that outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

d. We ask you to address your claims or declarations to the following contact address if possible: kundenservice@car2go.com.

e. If you believe that the processing of your personal data violates le-gal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).


11. Newsletter

If you subscribe to a newsletter offered on our website, the data provided in the newsletter subscription will only be used for sending the newsletter, unless you agree to further use. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.


12. Cookies

Information on the cookies we use and their functions can be found in our Cookie Statement.



Status: May 2018

Android App Permissions

After you download and open the car2go app, your mobile device will ask you for "permissions". Permissions are special authorizations that apps must ask for if they want to access data or functions on your phone. For example, if you'd like to find a car2go near you, the car2go app will ask for permission to see your exact location. Don't worry: We only ask for the bare necessities so that the car2go app will work well for you. You can always view and manage these permissions under your phone’s settings:

To improve GPS location quality so that your location is as precise as possible on the map, we ask for permission to access:

  • Your approximate location  (ACCESS_COARSE_LOCATION)
  • Your precise location (ACCESS_FINE_LOCATION)
  • Information about networks around you (ACCESS_NETWORK_STATE)

To secure your login in the car2go app, we ask for permission to:

  • Authenticate your account (AUTHENTICATE_ACCOUNTS maxSdkVersion=22)
  • Securely retrieve your account information (GET_ACCOUNTS maxSdkVersion=22)
  • Securely manage your account information (MANAGE_ACCOUNTS maxSdkVersion=22)
  • Securely use your account credentials (USE_CREDENTIALS maxSdkVersion=22)

To display available car2go vehicles, we ask for permission to:

  • Check for an internet connection (INTERNET)

To support driver's license revalidation in the car2go app, we ask for permission to:

  • Securely read external storage (READ_EXTERNAL_STORAGE maxSdkVersion=22)
  • Write external storage (WRITE_EXTERNAL_STORAGE)

To support push messaging for car2go's radar feature, we ask for permission to:

  • Vibrate your phone when something important happens (VIBRATE)
  • Wake your phone up when a notification is received (WAKE_LOCK)

To support fingerprint authentication, we ask for permission to:

  • Use your fingerprint data to unlock a car2go instead of using a PIN (USE_FINGERPRINT)

To support Google Maps and Google Cloud Messaging, we ask for permission to:

  • Read Google services’ configuration data (com.google.android.providers.gsf.permission.READ_GSERVICES)