Privacy Policy

Responsible Party for Data Processing

Types of Data Collected and Stored

• Inventory data (e.g., names and addresses)
• Contact data (e.g., phone numbers and email addresses)
• Usage data (e.g., access times, pages visited)
• Metadata (e.g., browser type, IP address, operating system)
• Content data (e.g., your text inputs in contact forms, etc.)

Categories of Affected Persons

• Customers
• Prospects
• Users (website/online offerings)

Purposes of Data Collection

• Information
• Communication
• Customer service
• Services for contract fulfillment
• Direct marketing / Marketing
• (Technical) provision of the online offering
• Security measures to protect the (online) offering
• Reach measurement to improve the offering

Legal Basis for Processing

Transfer to Third Parties and Third Countries

Your data generally remains within our company. The transfer or disclosure of your personal data to a third party only takes place

• on the basis of a legal permission
• through your consent
• if we are legally obligated to do so, or
• on the basis of a legitimate interest according to Art. 6 lit. f GDPR

Our data processors are obligated by data processing agreements according to Art. 28 GDPR to comply with the necessary technical and organizational measures to ensure the protection of the rights of data subjects.

The transfer of your personal data to third countries (outside the European Union (EU) / European Economic Area) only takes place to countries

• for which an adequacy decision by the EU Commission exists, or
• appropriate safeguards within the meaning of Art. 46 GDPR exist,
• that provide an adequate level of protection according to Art. 45 ff. GDPR,
• subject to officially recognized contractual obligations such as the so-called 'Standard Contractual Clauses', or
• for which one of the exceptions according to Art. 49 GDPR applies

Duration of Storage

Your personal data will be routinely deleted or restricted in processing or blocked at the latest after the expiry of the respective statutory retention periods (e.g., commercial and tax retention periods), provided that this data is no longer necessary for contract fulfillment and/or there is no legitimate interest on our part for further storage.

Use of Website and App - Creation of Log Files

When visiting our website and using our app, the following information is automatically transmitted from your browser to our provider's server:

• IP address of your device
• Date and time of access
• Name and URL of retrieved files
• Website from which access was made or from where you were directed to our site (referrer URL)
• Browser used and, if applicable, the operating system of your device
• Name of the access provider

This data is not merged with other data sources. The IP address is anonymized.

The collection of this data is carried out to ensure the proper use of the website, to optimize the website and app, and to ensure the security of our IT systems. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR also lies in these aforementioned purposes.

This data is regularly deleted automatically. In case of misuse of the website or app, the relevant data, whose further storage is necessary for evidentiary purposes, will be retained until the matter is clarified.

Hosting by Hetzner

We use the hosting service of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen for the purpose of providing the website on the basis of processing on our behalf. All data collected on our website is processed on Hetzner's servers.

Further information on Hetzner's data protection can be found at the following website: https://www.hetzner.com/de/legal/privacy-policy

Cookies

This website uses cookies. These are small text files that are stored in the internet browser or by the internet browser on the user's device. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

We use cookies that enable an analysis of the user's surfing behavior.

The following data is stored and transmitted in the cookies:

• Frequency of page views
• Use of website functions

The user is informed about the use of cookies for analysis purposes when accessing our website and their consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

The user can revoke their consent at any time via the cookie settings and object to the processing of their personal data.

In addition, the user's objection can also be made via the corresponding settings of their browser.

We may work with advertising partners who help us make our internet offering more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). This also includes providers from unsafe third countries. The data is, for example, passed on to partner companies from the USA.

Google Services

Our website uses various services from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Ads is used to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting).

Contact

The use of our website is generally possible without providing personal data.

If you contact us through other means, such as a contact form, email, or telephone, the data collected here will be treated confidentially and will not be passed on to third parties without consent.

The respective purpose of data processing results from

• the voluntary information provided by the data subject according to Art. 6 Para. 1 lit. a GDPR
• the fulfillment of a contract or the implementation of pre-contractual measures according to Art. 6 Para. 1 lit. b GDPR
• the legitimate interest in the effective processing of inquiries directed to the company according to Art. 6 Para. 1 lit. f GDPR

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

A contact form is available on our website for electronic contact. If this option is used, the data entered in the input mask is transmitted to us and stored. This personal data is optional:

Optional data collected:

• Name
• Email address

Additionally, the following data is stored at the time the message is sent:

• The user's IP address
• Date and time of registration
• Browser and device

The user has the option at any time to object to the processing of personal data. In such a case, the conversation cannot be continued. All personal data stored in connection with the contact will be deleted in this case.

Registration - User Profiles

Registration and creation of a profile is necessary to use our portal. We process the data collected during registration on the basis of Art. 6 Para. 1 lit. b GDPR for the fulfillment of a contract or the implementation of pre-contractual measures, as well as on the basis of Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests, in particular to ensure the security and functionality of our portal.

For registration, we use the double opt-in procedure. This means that after you provide your email address, you will receive a confirmation email from us asking you to confirm your registration. This confirmation is necessary to ensure that no one registers with someone else's email address. Only after successful confirmation will your account be activated.

Direct Marketing

If you have given us your consent, we use your email address and, if applicable, other contact data that you provide during the registration process to regularly send you information and offers that may be of interest to you. The legal basis for this processing is Art. 6 Para. 1 lit. a GDPR.

Of course, you have the right at any time to object to the use of your data for direct marketing purposes. You can submit your objection by email to info@drivto.com. After receiving your objection, we will immediately stop processing your data for this purpose.

Newsletter

Registration for our newsletter is done using the so-called double opt-in procedure. After entering your email address on our website, an email is sent to the specified address asking you to confirm it.

The following data from the input mask is transmitted to us during newsletter registration:

• Email address

In addition, the following data is collected during registration:

• IP address of the calling computer
• Date and time of registration
• Browser and device

Newsletter registration is based on the user's consent according to Art. 6 Para. 1 lit. a GDPR. The purpose of data processing is the proper delivery of the newsletter using the user's email address. In addition, the processing of other personal data during the registration process serves to prevent misuse of the service or email address.

As an existing customer, you will regularly receive product updates from us by email. You will receive these product updates from us regardless of whether you have subscribed to a newsletter. In this case, we use the email address you provided during registration. The legal basis for this data processing is Article 6 Paragraph 1 Letter a) GDPR.

The data is passed on to our service provider

This service enables tracking of opening times by recipients. The information collected is stored and used to analyze the reach of individual campaigns.

You can cancel your newsletter subscription at any time. You will find an option to delete the newsletter at the end of each newsletter email or under this link: [Please insert].

Contract and Business Partners

The data of our contract and business partners is primarily processed by us to fulfill our contractual obligations and for communication. In addition, processing takes place for proper and economical business management and to protect our rights. Processing therefore takes place

• for contract fulfillment and pre-contractual inquiries according to Art. 6 Para. 1 lit. b GDPR,
• from legal obligation according to Art. 6 Para. 1 S. 1 lit. c GDPR or
• from legitimate interests according to Art. 6 Para. 1 S. 1 lit. f GDPR

The disclosure of data to third parties only takes place if it is necessary to fulfill legal obligations or if this is stated in the contract or this privacy policy.

Social Media Presence

For communication and information purposes for users and for advertising purposes, we are present on the following social networks:

• Facebook
• Instagram
• YouTube
• LinkedIn

The processing of data obtained via social media presence is carried out by us only for the purposes mentioned on the legal basis

• the voluntary information provided by the data subject according to Art. 6 Para. 1 lit. a GDPR
• the fulfillment of a contract or the implementation of pre-contractual measures according to Art. 6 Para. 1 lit. b GDPR or
• the legitimate interest in the effective processing of inquiries directed to the company according to Art. 6 Para. 1 lit. f GDPR

The operators of social networks generally process user data for market research and advertising purposes. Using the user's interests and usage behavior, user profiles can be created to display advertising to the user both within and outside the network that corresponds to their profile/interests.

For more information on processing, objection options, and assertion of data subject rights, please refer to the privacy policies of the respective provider.

Your Rights

As a data subject, you have the option to assert your rights in connection with the General Data Protection Regulation against us. These include the following rights: