This post is also available in: Deutsch (German)

Responsible in terms of the data protection laws is

Marcel Templin
Velotaxi Stuttgart
c/o Impact HUB Space
Quellenstr. 7A
70376 Stuttgart

With this data protection information we inform you (in the following text also referred to as “user” or “data subject”) in a general way about the data processing on this platform and in a special way about the data processing within the scope of a call of our website, the contacting via the contact form of our website, when contacting us via e-mail, telephone or by post. Furthermore, we inform you about your rights with regard to the processing of your data. The term “data processing” always refers to the processing of personal data.

1. general information on data processing
1.1 Categories of personal data
We process the following categories of personal data:
– inventory data (e.g. names, addresses, functions, organizational affiliation, etc.);
– contact data (e.g. e-mail, telephone/fax numbers, etc.);
– Content data (e.g. text entries, image files, videos, etc.);
– usage data (e.g. access data);
– Meta/communication data (e.g. IP addresses)

1.2 Recipients or categories of recipients of personal data
If, in the course of our processing, we disclose data to other persons and companies such as web hosters, contract processors or third parties, transfer it to them or otherwise grant them access to the data, this is done on the basis of a legal authorization (e.g. if transfer of the data to third parties is necessary for the performance of the contract in accordance with Art. 6 Para. 1 letter b DS-GVO), if the persons concerned have consented or if a legal obligation provides for this.

1.3 Duration of storage of personal data
The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of the period, the corresponding data will be deleted if they are no longer required for achieving the purpose, fulfilling the contract or initiating a contract.

1.4 Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special requirements of Art. 44 ff. DS-GVO, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized establishment of a level of data protection equivalent to that in the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

2. data processing within the scope of visiting our website
2.1 Log files
Every time a person concerned accesses our website, general data and information is stored in the log files of our system:
– Date and time of the access (time stamp);
– request details and target address (protocol version, HTTP method, referrer, user agent string);
– Name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes);
– message whether the retrieval was successful (HTTP Status Code).
When using this general data and information, we do not draw any conclusions about the person concerned. There is no personal evaluation or an evaluation of the data for marketing purposes or a profile formation. The IP address is not stored in this context.
The legal basis for the temporary storage of data is Art. 6 Para. 1 lit. f DS-GVO. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the secure operation of our website. There is therefore no possibility for the person concerned to object.

2.2 Malware detection and log data evaluation
We collect protocol data that are generated during the operation of communication technology of this platform and evaluate them automatically, as far as this is necessary for the recognition, limitation or elimination of disturbances or errors in the communication technology or the defense of attacks on our information technology or the recognition and defense of malicious programs.
The legal basis for the temporary storage and evaluation of the data is Art. 6 para. 1 lit. f DS-GVO. The storage and evaluation of the data is necessary for the provision of the website and for its secure operation.

2.2 Malware detection and log data evaluation
We collect protocol data that are generated during the operation of communication technology of this platform and evaluate them automatically, as far as this is necessary for the recognition, limitation or elimination of disturbances or errors in the communication technology or the defense of attacks on our information technology or the recognition and defense of malicious programs.
The legal basis for the temporary storage and evaluation of the data is Art. 6 para. 1 lit. f DS-GVO. The storage and evaluation of the data is absolutely necessary for the provision of the website and for its secure operation. There is therefore no possibility for the person concerned to object.

2.3 Cookies
So-called cookies are used on our website. Cookies are small text files that are exchanged between the web browser and the hosting server. Cookies are stored on the user’s computer and are transmitted by the user to our site. In the web browser used in each case, you can restrict or generally prevent the use of cookies by means of a corresponding setting. Already stored cookies can be deleted at any time. If cookies are deactivated for our website, this may mean that the website cannot be displayed or used to its full extent.
The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 letter f DS-GVO.

2.4 Hosting
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating our website.
For this purpose, we or our order processor process inventory data, contact data, content data, contract data, usage data, meta and communication data of users of our website on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f DS-GVO in conjunction with Art. 28 DS-GVO (conclusion of an agreement for order processing).

3. data processing within the scope of the establishment of contact
3.1 Contact by e-mail
You can contact us by e-mail using the e-mail addresses published on our website.
If you use this method of contact, the data you provide (e.g. last name, first name, address), at least however the e-mail address, as well as the information contained in the e-mail together with any personal data you may have provided will be stored for the purpose of contacting you and processing your request. In addition, the following data is collected by our system:
– IP address of the calling computer;
– Date and time of the e-mail.
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f DS-GVO.

3.2 Contacting us via website contact form
If you use the contact form provided on our website for communication purposes, it is necessary to provide your name and surname and your e-mail address. Without these data, your request transmitted via the contact form cannot be processed.
In addition, the following data is collected by our system:
– IP address of the calling computer;
– Date and time of registration.
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f DS-GVO.

3.3 Contact by letter
If you send us a letter, the data transmitted by you (e.g. name, first name, address) and the information contained in the letter together with any personal data you may have transmitted will be stored for the purpose of contacting you and processing your request.
The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6 para. 1 lit. b or lit. f DS-GVO.

3.4 Online presence in social media
We maintain online presences within social networks: Facebook, Instagram, LinkedIn in order to inform the users active there about us and, if interested, to communicate via these platforms. Our social media channels can only be accessed via an external link. As soon as you access the respective social media profiles in the respective network, the terms and conditions and data processing guidelines of the respective operators apply.
We have no influence on the data collection and its further use by the social networks. We have no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore expressly point out that your data (e.g. personal information, IP address) is stored and used for business purposes by the operators of the networks in accordance with their data use guidelines.
We process data with regard to social media presences insofar as comments or direct messages are sent to us via these. The legal basis for the processing of data after the user has given his or her consent is Art. 6 para. 1 lit. a DS-GVO.

4. data processing when receiving our newsletter
If you subscribe to our newsletter distribution list, your e-mail address and the newsletter you have chosen will be stored on a server.

In addition, the following data is collected by the system when you register:

– IP address of the calling computer;
– Date and time of registration.

For the processing of the data, your consent will be obtained during the registration process and reference will be made to this privacy policy. The processing of the data is based on your consent in accordance with Art. 6 Par. 1 letter a DS-GVO and within the scope of the legitimate interest in accordance with Art. 6 Par. 1 letter f DS-GVO.

We use this data exclusively for sending the newsletter. We do not pass on your data to third parties and do not use them for any other purposes of our own. The registration system with an additional confirmation message containing a link to the final registration (double opt-in) ensures that the newsletter was requested by you and not by a third party. During the registration process, your data is stored on our servers and a confirmation message with a link to the final registration is generated to the e-mail address provided. If you do not confirm the registration through the link in this e-mail, the data will be deleted after 24 hours. Only after you confirm the link in the e-mail will your data for the newsletter be stored for the duration of your use of our offer.

If you no longer agree to the storage of your data for this purpose and thus no longer wish to use our offer, you can unsubscribe from our newsletter at any time. For this purpose you will find a corresponding link in every newsletter. The personal data provided by you to subscribe to our newsletter will then be deleted.

5. your rights
As a data subject, you have the following rights in connection with the processing of your personal data:
5.1 Right of information
1. The data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him/her are being processed; if this is the case, he/she shall have the right to be informed of such personal data and to receive the following information:
(a) the purposes of the processing;
b) the categories of personal data being processed;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
(d) if possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
(e) the existence of a right of rectification or erasure of personal data relating to him or her or of a right of objection to their processing by the controller;
(f) the existence of a right of appeal to a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 of the DPA in connection with the transfer.

5.2 Right of rectification
The person concerned has the right to ask the data controller to rectify incorrect personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

5.3 Right of deletion
1. The data subject shall have the right to request the controller to delete personal data relating to him/her without delay and the controller shall be obliged to delete personal data without delay if one of the following reasons applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
b) the data subject withdraws the consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the DPA and there is no other legal basis for the processing.
c) The data subject objects to the processing pursuant to Art. 21 (1) FADP and there are no legitimate reasons for processing, or the data subject objects to the processing pursuant to Art. 21 (2) FADP.
d) The personal data have been processed unlawfully.
(e) erasure of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject
f) The personal data has been collected in relation to information society services offered in accordance with Article 8 (1) of the DPA.

Where the controller has made the personal data public and is obliged to delete them pursuant to paragraph 1, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that a data subject has requested that all links to such personal data or copies or replications of such personal data be deleted.

(3) Paragraphs 1 and 2 shall not apply insofar as the processing is necessary

(a) to exercise the right to freedom of expression and information
(b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest relating to public health pursuant to Article 9 (2) (h) and (i) and Article 9 (3) of the DPA;
d) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1, insofar as the right referred to in para. 1 is likely to make it impossible or seriously prejudices the attainment of the objectives of such processing, or
e) to assert, exercise or defend legal claims.

5.4 Right to limit processing
1. The data subject shall have the right to obtain from the controller the restriction of the processing if one of the following conditions is met

(a) the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data
(b) the processing is unlawful and the data subject refuses to have the personal data deleted and requests instead that the use of the personal data be restricted;
(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
d) the data subject has lodged an objection to the processing pursuant to Art. 21 (1) DPA, as long as it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

2. If processing has been restricted in accordance with paragraph 1, such personal data may be processed – apart from storage – only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

5.5 Right to data transferability
1. The data subject shall have the right to obtain the personal data concerning him/her that he/she has provided to a controller in a structured, common and machine-readable format and the right to have such data communicated to another controller without interference by the controller to whom the personal data has been provided, provided that
a) the processing is based on a consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the DS-GVO or on a contract pursuant to Art. 6(1)(b) of the DS-GVO and
(b) processing is carried out by means of automated procedures.
2. In exercising his or her right to transfer data in accordance with paragraph 1, the data subject shall have the right to obtain that personal data be transferred directly from one controller to another controller, in so far as this is technically feasible.
The right referred to in paragraph 1 shall not prejudice the rights and freedoms of other persons.
This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.6 Right of objection
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the DPA, including profiling based on these provisions. The controller no longer processes the personal data unless it can demonstrate compelling reasons for processing that are worthy of protection, which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his right of objection by means of automated procedures involving technical specifications.

5.7 Right of withdrawal
The person concerned has the right to revoke his or her declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

5.8 Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she resides, works or is alleged to have worked, if he/she considers that personal data relating to him/her are being processed in breach of this Regulation.