Privacy Policy

PRIVACY POLICY

1. general information

Pendix GmbH (hereinafter "we") as the provider of the app "Pendix.bike PRO" takes the protection of your personal data very seriously. When you use our app, various personal data are processed depending on the type and scope of use. Personal data is information that relates to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified directly or indirectly (e.g., by means of association with an online identifier). This includes information such as the name, address, telephone number, date of birth or IP addresses.

With this privacy policy, we inform you in accordance with Art. 12 et seq. DSGVO, which personal data is processed when using our app. In particular, you will find information below about what data we collect in connection with the use of our app, what we use the collected data for, and for what purposes the data is collected. In addition, you will find information on which rights you are entitled to in connection with the processing of your personal data.

We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of the further development of our app, the use of new technologies or changes to the legal basis or the corresponding case law. This data protection declaration applies exclusively to the "Pendix.bike PRO" app offered by us. It does not extend to any websites or internet presences of other providers linked within the app.

2. responsible person and data protection officer

The responsible party pursuant to Art. 4 (7) DSGVO is

Pendix GmbH

Innere Schneeberger Straße 20

08056 Zwickau, Germany

Tel.: +49 (0)375 270 667 10

E-mail: info@pendix.de

You can reach our data protection officer at:

P Data GmbH

Attn: Mr. Stephan Schuldt

Grimmaische Str. 2.4

04109 Leipzig

E-mail: datenschutz@pendix.de; s.schuldt@gp-data.de

3. installation of the app

Our app is available via the Play Store of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as well as via the App Store of Apple (Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014). Downloading our app may therefore require prior registration with the respective app store and installation of the app store software.

When downloading our app, certain personal data required for the download will be transmitted to the operator of the respective app store. This may include, in particular, your e-mail address, your user name, the customer number of the downloading account, the individual device identification number, your payment information and the time of the download.

We have no influence on the collection and processing of this data; it is carried out exclusively by the app store selected by you. Accordingly, we are not responsible for this processing; the responsibility for this lies solely with the respective operator of the app store.

4. required permissions

In order for our app to function properly, it is necessary that you grant access to certain functions of your terminal device. You will be asked to grant the corresponding access authorization when using our app for the first time or even only when using the respective function.

  • Network access & network connection

Network access is required to connect to our server and enable the retrieval of information through the App.

  • Location

Our app requires access to your location to provide navigation and activity tracking functionality. Depending on the device you are using, this requirement may also exist in order to use the Bluetooth feature at all.

  • Bluetooth

A Bluetooth connection is required to connect your user account created to use our App to your Pendix eDrive.

You can view and revoke the authorizations you have granted at any time in the system settings of your end device. If you do not grant or revoke the above authorizations, the functionality of our app may be limited.

5. data collection and processing when using our app

5.1 Log files for the provision of our app

When using our app, certain information is automatically transmitted to us and stored in so-called log files. In particular, the following information is stored in the log files:

  • Date, time, access jams (file found, not found, etc.) and the request made to the server;
  • Amount of data transferred;
  • Functionalities called up in our app
  • Errors that occurred in the Pendix drive
  • Device type of the end device used
  • IP address


The data stored in the log files is processed for the purpose of providing and optimizing our app, ensuring technical operation, and identifying and eliminating faults. The legal basis for the processing of this data is Art. 6 (1) lit. f DSGVO. Our legitimate interest lies in the above-mentioned purposes.

The above data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Insofar as the collected data is required for the provision of our app, the data will be deleted when the respective session has ended. Otherwise, the data stored in the log files is usually deleted after 12 months at the latest. Any longer retention rights or obligations remain unaffected.

5.2 Registration

In order to use our app, registration is required. Registration requires only the provision of an e-mail address and the assignment of a password. Subsequently, we will send a verification code to the e-mail address you have provided for security reasons, in order to ensure that the e-mail address provided is indeed your e-mail address.

After successfully verifying your email address by entering the verification code within our app or via the link provided in the email, the registration process is complete.

After registration is complete, you can voluntarily add the following information to your user profile:

  • Name
  • Address
  • Phone number
  • Date of birth
  • Height (in cm)
  • Weight (in kg)


The processing of the aforementioned data is carried out for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts on the basis of Art. 6 (1) lit. b DSGVO.

The data collected in connection with the registration as well as the data you may voluntarily provide to complete your profile will be stored by us for as long as you are registered as a user of our app and will then be deleted. Statutory retention periods remain unaffected.

5.3 Provision of information

Within our app, information on the linked Pendix eDrive is prepared and visualized for you individually and according to your needs. In particular, you will receive an overview of the components used as well as further technical information about your Pendix eDrive.

To provide the information within our app, your user account must be linked to your Pendix eDrive. To do this, your Pendix eDrive must be connected via Bluetooth to the terminal device you are using to use our app. When linking the user account with your Pendix eDrive, the following information in particular is usually processed - sometimes differently depending on the type of user (consumer / dealer / workshop):

Battery

  • Part number
  • Serial number
  • HMI firmware version
  • BMS firmware version
  • BMS charge cycles
  • BMS RFCC
  • Max. Cell voltage
  • Min. cell voltage
  • Difference cell voltage
  • Support in
  • Connection status battery

Drive

  • Wheel circumference in mm
  • Part number
  • Serial number
  • Firmware version

Torque sensor (view for workshop only)

  • Voltage (Voltage)


In addition, the following data is processed:

  • Date and time of the connection between your Pendix eDrive and the terminal device you use to use our app.
  • Date and time of changes to the Pendix drive's wheel circumference (workshop view only).
  • If supported by the drive/battery, the individually set driving profiles (set motor support in NM and max. speed (max. 25 km/h) up to which motor support takes place per support level (eco, smart, sport).


The processing of the aforementioned data is carried out to provide the functionalities of our app on the basis of Art. 6 (1) lit. b DSGVO. In addition, we process the aforementioned data on the basis of Art. 6 (1) lit. f DSGVO in order to be able to document manipulation of the drive power beyond what is legally permissible. Our legitimate interest lies in the aforementioned purpose.

The information collected about your Pendix eDrive is stored by us for as long as you are registered as a user of our app and is then deleted. Legal retention periods remain unaffected.

5.4 Navigation/activity tracking

You can use location-based services within our app to calculate and display routes and for navigation. In addition, any activity with your Pendix eDrive can be recorded and visualized within our app (activity tracking). When using the location-based services provided within our app, the following data may be processed:

  • Location data/position data
  • Activities (average speed, cadence, distance, duration).


In order for you to use the location-based services within our app, it is necessary that your location is transmitted to our app by the operating system of the end device you use to use our app. Your location will only be collected if and when you have enabled it in the device settings of the end device you use to use our app.

The legal basis for the processing of the above data is your consent declared with the release of your location in accordance with Art. 6 para. 1 lit. a DSGVO.

You can deactivate access to your location in the device settings of the end device you use to use our app at any time and thus revoke your consent.

5.5 Google Maps

Our app uses the Google Maps API operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the display of the map integrated into the app, for the provision of map information and the navigation function. When you use our app, Google receives the information that you are using our app as well as information about your use of the map function. If you are logged in with your Google account on the device you use to use our app, this information may be assigned to your Google account. If you do not wish this, you should log out of your Google account before using our app.

For more information about data processing by Google, please refer to Google's privacy policy:

policies.google.com/privacy

The legal basis for the processing of your data in connection with the use of Google Maps is Art. 6 (1) lit. b DSGVO, as the data processing is necessary to provide our app functionalities.

Insofar as personal data is transmitted to the USA when using Google Maps, further protective measures are necessary to ensure the level of data protection of the DSGVO. To ensure this, we have agreed standard data protection clauses with Google in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

6. recipients of the data

Within our company, access to your data is granted to those offices that need it to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us (e.g. technical service providers) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary, taking into account the requirements of data protection law. In some cases, the recipients receive your personal data as order processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently in their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.

Finally, in individual cases, we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obligated to special confidentiality and secrecy due to their professional status.

7. Duration of data storage

We initially process and store your personal data for the duration of the respective purpose of use (see above for the individual processing purposes). On this basis, personal data are regularly deleted unless their temporary further processing is necessary for the following purposes:

Fulfillment of statutory retention obligations, e.g. those arising from the German Commercial Code (sections 238, 257 (4) HGB) and the German Fiscal Code (section 147 (3) and (4) AO). The periods specified there for retention or documentation are up to ten years.


Preservation of evidence taking into account the statute of limitations. According to §§ 194 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.


In particular, we delete your personal data as soon as the contractual relationship with you for the use of the app is terminated and no conflicting retention rights or retention obligations exist. The contractual relationship ends in accordance with the provisions in the Terms of Use. Please note in particular that the deletion of the app alone does not result in a termination of the contract with regard to the registered user account and the account continues to exist. However, we are entitled to terminate and/or delete inactive user accounts in accordance with the provisions of our Terms of Use, which we will do in particular if there are data protection requirements for this.

8. your rights

As a person affected by the processing, you are entitled to the following rights under the statutory requirements:

8.1 Right to information

You are entitled at any time to request confirmation from us within the scope of Article 15 of the Data Protection Regulation as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Article 15 of the Data Protection Regulation to receive information about this personal data as well as certain other information (in particular, processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data. The restrictions of § 34 BDSG apply.

8.2 Right to rectification

In accordance with Art. 16 DSGVO, you are entitled to demand that we correct personal data stored about you if it is inaccurate or incorrect.

8.3 Right to deletion

You are entitled, under the conditions of Art. 17 DSGVO, to demand that we delete personal data concerning you without delay. The right to erasure does not exist, among other things, if the processing of your personal data is necessary, e.g., to comply with a legal obligation (e.g., statutory retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of § 35 BDSG apply.

8.4 Right to restriction of processing

You are entitled, under the conditions of Art. 18 DSGVO, to demand that we restrict the processing of your personal data.

8.5 Right to data portability

You are entitled, under the conditions of Art. 20 DSGVO, to demand that we hand over to you the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

8.6 Right of revocation

You may revoke a given consent to the processing of personal data at any time vis-à-vis us. This also applies to the revocation of declarations of consent given to us before the DSGVO came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by the revocation of consent. An informal communication, e.g. by e-mail to us, is sufficient to declare the revocation.

8.7 Right of objection

You have the right to object to the processing of your personal data under the conditions of Art. 21 DSGVO, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 DSGVO. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. We will consider an objection to any direct marketing measures immediately and without weighing the existing interests again.

In this respect, for your information about your right to object according to Art. 21 DSGVO as follows:

You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 (1) f DSGVO (data processing on the basis of a balance of interests) or Art. 7 (1) p. 1 e DSGVO (data processing in the public interest), if there are grounds for doing so that arise from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made form-free and should preferably be directed to.

Pendix GmbH

Innere Schneeberger Street 20

08056 Zwickau, Germany

E-mail: datenschutz@pendix.de

8.8 Right of appeal to a supervisory authority

Under the conditions of Art. 77 DSGVO, you have a right of appeal to a competent supervisory authority. In particular, you can address a complaint to the supervisory authority responsible for us (Saxon Data Protection Commissioner; www.saechsdsb.de/kontakt) or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found in the following link:

www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

8.9 Other concerns

For further data protection questions and concerns, please contact our data protection officer using the contact details provided above.

9 Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with our app without restrictions. Personal data that we do not absolutely require for the above-mentioned processing purposes are marked accordingly as voluntary information.

10 Automated decision making/profiling.

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).