for the use of the Gloogs mobility App
We take data protection very seriously. We always process and use personal data confidentially and only to the extent permitted by law or with the user's consent.
However, we would like to point out that data transmission on the Internet is generally subject to security risks. Complete protection against access by third parties is not possible.
Responsible body; contact person
The responsible body within the meaning of the data protection laws is:
Gloogs Marketing SL
Local 9-10 / Calle Llaut
2307610 Playa de Palma
If you have any questions about our processing of your personal data, or if you have any concerns about your rights as set out below in this statement, please contact the aforementioned data controller, either by post or by telephone: +34 971 15 46 70 or by email: email@example.com.
Processing of personal data; purposes; erasure
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data processing when installing the app
When you download the app and install it on an end device, the information required for this purpose - without us having any influence on it - is transmitted to the respective app store, such as in particular your user name, e-mail address, the customer number of your account, the time of the download and the individual device identification number. This data processing is not carried out by us, but by the company operating the app store. We only process the data insofar as it is necessary for downloading the mobile app to your mobile device.
Data processing when using the app
Just browsing the app (without ordering anything)
The use of this app is generally possible anonymously, i.e. without your personal data being processed by us. Exceptions exist only in cases where your terminal device transmits non-anonymous (i.e. personal) data of its own accord. Unless otherwise stated below, the legal basis for the processing of such personal data relating to you is Article 6(1) sentence 1 b) of the General Data Protection Regulation (hereinafter referred to as DS-GVO), because the data processing is necessary for the provision of the functionalities requested by you via the app.
When you access the app, we collect, store and use the following data for a short period of time:
- Time at the time of access
- Content of your request (specific pages accessed)
- Amount of transmitted data in bytes
- the operating system you are using
- the IP address you use and your associated provider
- Your device identification (IMEI = International Mobile Equipment Identity)
- Your unique network subscriber number (IMSI = International Mobile Subscriber Identity).
- MAC address in connection with WLAN use, name of your mobile end device
We do not use this data in any way to identify you or draw conclusions about your person. This data is stored in our server log files for a limited time. The data is only used to enable the app to function correctly, to carry out anonymous statistical evaluations, to improve the app, to detect and trace technical errors in the app if necessary and to initiate a tracing of your personal data in the event of unauthorised access or access attempts or behaviour that is harmful to us (e.g. fake orders). We base our authorisation for these cases on Article 6 paragraph 1 f) DS-GVO. Once the purpose for which the data was stored has been achieved, the data is routinely deleted or, if legal regulations or legitimate concerns prevent deletion, blocked.
Additional data processing when a contract is concluded via the app
We only process personal data that you yourself transmit to us via the app (e.g. in the context of concluding a contract via the app) if it is necessary for the establishment, implementation, termination or settlement of a contractual relationship between us and you or in order to answer other enquiries on your part. The following data is regularly processed by us in such cases:
- First name and surname
- Address, email address, fax and/or telephone number
- Content of the contract or details of the booked service
- Any other information and requests you may have made
- Duration of use of our service (travel time)
- Start and end point of your journey
- Battery status of the vehicle at the beginning and end of your journey
- Username and password
- Data on means of payment chosen by the user
- Identification features of your mobile device
We use the data you provide exclusively for the performance of the contract and billing on the basis of Art. 6(1)(b) DSGVO.
As a matter of principle, we do not pass on your personal data to third parties unless you have given us explicit consent to do so. Exceptions are necessary data transfers to tax advisors and tax offices or other third parties to whom we are obliged to transfer data due to legal requirements. In the case of data transfers to such third parties, however, the scope of the transferred data is limited to the necessary minimum.
We may contact you for purposes related to the provision of our service. Depending on the information you provide, this may be by post, telephone or email. The legal basis for this is Art. 6 (1) b) DSGVO.
When you create a user account with us, this app generates a code with which we can identify your end device. This allows us to see which device is using your account and thus recognise possible misuse of your account. We only use this function to send you a message if your account is being used by another device.
Our app partly includes location-based services with which we offer you our vehicles in a location-based manner. You can only use these functions after you have agreed via a pop-up that we can collect your location data by means of GPS and your IP address in anonymised form for the purpose of providing the service. You can allow or revoke the function in the settings of the app or your operating system at any time by accessing them under "Settings". Your location will only be transmitted to us if, when using the app, you make use of functions that we can only offer you if we know your location. This is in particular the immediate display of available vehicles. If location determination is deactivated, this can lead to functional restrictions and limit the convenience of the app.
Duration of processing and deletion
Personal data of the user will be deleted by us after the purpose for which they have been processed has been achieved, unless we are obliged to store them for a longer period of time due to statutory storage and documentation obligations or you have consented to storage beyond this period in accordance with Article 6 (1) sentence 1 a) DS-GVO or we need the data to protect our own legitimate interests or those of a third party and your fundamental rights or freedoms do not override our interest.
Rights of the user
- information (Art. 15 DS-GVO)
Upon request, we will provide you free of charge with information about which personal data we have processed about you, for what purpose this is done, to which categories of recipients we have disclosed the data or still intend to do so, if possible the storage period or at least criteria for determining this period and, if we have not received the data from you ourselves, about the origin of the data.
- rectification (Art. 16 DS-GVO)
You have the right to request that we correct any inaccurate or incomplete personal data relating to you.
- erasure and "oblivion" (Art. 17 GDPR)
Unless your request conflicts with a legal obligation to retain data or the data processing contravenes our right to freedom of expression and information, or we need the data concerned to assert, exercise or defend legal claims, you have the right to have your personal data deleted without delay.
- restriction of processing (Art. 18 DS-GVO)
You also have the right to restrict processing if at least one of the following conditions is met:
- If you dispute the accuracy of the personal data we process concerning you, we will restrict the processing for a period of time that allows us to verify the accuracy of the data;
- the processing is unlawful but you object to the erasure of your personal data and request instead the restriction of the use of that data;
- we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims;
- in the event that you have objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether our legitimate interests outweigh yours.
- data portability (Art. 20 DS-GVO)
You also have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that
- the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR
- and the processing is carried out with the aid of automated procedures
- and that the rights and freedoms of other persons are not thereby impaired.
When exercising the right to data portability described above, you have the right to obtain that the personal data be transferred directly from us to another controller, where this is technically feasible.
- right to object (Art. 21 DS-GVO)
In cases where we process your personal data on the basis of legitimate interests pursuant to Article 6(1) sentence 1 f) DS-GVO, you have the right to object to the data processing, provided that there are grounds for doing so that arise from your particular situation. You also have the right to object to the processing of your data if it relates to our direct marketing activities.
- right of withdrawal
In cases where we process your personal data on the basis of your consent pursuant to Art. 6 (1) sentence 1 a) or Art. 9 (2) a) DS-GVO, you have the right to revoke your consent at any time. A revocation does not affect the lawfulness of the data processed until the revocation.
- right of appeal (Art. 77 GDPR)
If you believe that our processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with the supervisory authority. To exercise this right, you can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for us.
- exercise of rights
Please address any enquiries regarding the exercise of the aforementioned rights to the responsible person named in A. above.
Payment processing via Stripe
When you make payments in our app by credit card, Apple Pay or Google Pay, these are processed via the payment service "Stripe", of Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Stripe collects personal data of the customer, such as name and address, payment method, credit card number, account numbers and contract amount. In addition, Stripe sets cookies to carry out the payment process and to ensure the security of the payment process.
The legal basis for the processing of data when using Stripe is Art. 6 para. 1 p. 1 lit. b DSGVO. Your data will only be passed on for the purpose of payment processing and only insofar as it is necessary for this purpose.
Stripe acts as a processor for us. We have entered into a corresponding agreement with Stripe on commissioned processing pursuant to Art. 28 DS-GVO. You can view the content of this agreement here: https://support.stripe.com/questions/accept-and-download-your-data-processing-agreement-(dpa)-with-stripe. We would like to point out that when using Stripe, data from outside the EU area may be processed and is therefore no longer directly subject to the strict protection of the GDPR. However, Stripe has adopted the standard contractual clauses for data transfer in its contracts (https://support.stripe.com/questions/does-stripe-offer-new-standard-contractual-clauses-(sccs)). The standard contractual clauses guarantee a level of data protection for the transfer of personal data to third countries that corresponds to that of the GDPR.
For details on data processing by Stripe and the options to object, please refer to the privacy statements and information provided by Stripe at https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
Payment processing via PayPal (via Braintree)
If you make payments in our app via PayPal, this is realised via the service "Braintree". Braintree is a service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A.,22-24 Boulevard Royal,L-2449 Luxembourg. If you decide to pay via Braintree, your personal data will be transmitted to Braintree/PayPal. When you use or open a Braintree/PayPal account, your name, address, telephone number and e-mail address, among other things, must be transmitted to PayPal. The legal basis for the transmission of the data is Article 6 (1) a DS-GVO and Article 6 (1) b DS-GVO.
The personal data transmitted are usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for the processing of payments. Also necessary for the processing of the contract is such personal data that is related to the respective short-term rental contract.
It is possible that this personal data may also be transmitted by PayPal/Braintree to credit agencies. This transmission takes place for the purpose of checking identity and creditworthiness. It cannot be ruled out that PayPal/Braintree may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf.
You have the option to revoke your consent to the handling of personal data at any time vis-à-vis PayPal/Braintree. We would like to point out that a revocation does not affect personal data that must be processed, used or transmitted in order to process payments in accordance with the contract.
For further details, please refer to PayPal's privacy notices at https://www.paypal.com/de/webapps/mpp/ua/privacy-full and Braintree, at https://www.braintreepayments.com/de/legal/braintree-privacy-policy.
We reserve the right to adapt this data protection declaration at the appropriate time to changes in the law or changed specifications/requirements on the part of jurisdiction or the supervisory authorities. The amended data protection declaration will then apply from the time of its publication on our website. We therefore recommend that you visit this page regularly in order to be aware of any updates that may have been made.