DATA PROTECTION DECLARATION
1. General information
Pendix GmbH (hereinafter “we”) as provider of the app “Pendix.bike PRO” takes the protection of your personal data very seriously. When you use our app, various personal data are processed depending on the type and extent of use. Personal data is information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person who can be identified directly or indirectly (e.g., by means of assignment to an online identifier) is considered identifiable. This includes information such as name, address, telephone number, date of birth or IP addresses.
With this data protection declaration we inform you according to Art. 12 ff. GDPR about which personal data is processed when you use our app. In particular, below you will find information on what data we collect in connection with the use of our app, what we use the collected data for, and for what purposes the data is collected. In addition, you will find information about the rights you have in connection with the processing of your personal data.
We reserve the right to adjust the data protection declaration with effect for the future, in particular in the event of further development of our app, the use of new technologies or changes to the legal basis or the corresponding case law. This data protection declaration applies exclusively to the app “Pendix.bike PRO” offered by us. It does not extend to any websites or internet presences of other providers linked within the app.
2. Controller and data protection officer
The controller pursuant to Art. 4 para. 7 GDPR is
Innere Schneeberger Straße 20
08056 Zwickau, Germany
Tel.: +49 (0)375 270 667 10
You can reach our data protection officer at:
GP Data GmbH
Attn. Mr. Stephan Schuldt
Grimmaische Str. 2.4
E-mail: datenschutz(at)pendix.de; firstname.lastname@example.org
3. App installation
Our app is available through Google’s Play Store (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Apple’s app store (Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014). Downloading our app may therefore require prior registration with the respective app store and installation of the app store software.
When you download our app, certain data about your person required for the download is transmitted to the operator of the respective app store. In particular, it can be your e-mail address, your user name, the customer number of the downloading account, the individual device identification number, your payment information and the time of the download.
We have no influence on the collection and processing of this data, it is carried out exclusively by the app store you have selected. Accordingly, we are not responsible for this processing; the responsibility for this lies solely with the respective app store operator.
4. Required permissions
In order for our app to function properly, it is necessary for you to grant access to certain features of your terminal device. You will be asked to grant the corresponding access authorisation when you use our app for the first time or only when you use the respective function.
- Network Access & Network Connection
Network access is required to connect to our server and enable the retrieval of information through the app.
Our app requires access to your location to provide navigation and activity tracking functionality. Depending on the device used, this requirement may also exist in order to use the Bluetooth function at all.
In order to connect your user account created for the use of our app with your Pendix eDrive, a Bluetooth connection is required.
You can view and withdraw the authorisations you have granted at any time in the system settings of your end device. Unless you grant or withdraw the above permissions, the functionality of our app may be limited.
5. Data collection and processing when using our app
5.1. Log files for the provision of our app
When you use our app, certain information is automatically transmitted to us and stored in so-called log files. In particular, the following information is stored in the log files:
- Date, time, access status (file found, not found, etc.) and the request made to the server;
- Amount of data transferred;
- Accessed functionalities of our app
- Errors that occurred in the Pendix drive
- Device type of the terminal device used
- IP address
The data stored in the log files is processed for the purpose of providing and optimizing our app, ensuring technical operation, and identifying and eliminating errors. The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest consists in the above-mentioned purposes.
The above data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. Insofar as the collected data is necessary for the provision of our app, the data will be erased when the respective session has ended. Otherwise, the data stored in the log files is usually erased after 12 months at the latest. Any longer storage rights or obligations remain unaffected.
Registration is required to use our app. For registration, only the specification of an e-mail address and the assignment of a password is required. Subsequently, we will send a verification code to the e-mail address you provided for security reasons, to make sure that the e-mail address you provided is indeed your e-mail address.
After successfully verifying your email address by entering the verification code within our app or via the link provided in the email, the registration process is complete.
After registration, you can voluntarily add the following information to your user profile:
- Phone number
- Date of birth
- Size (in cm)
- Weight (in kg)
The aforementioned data is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts on the basis of Art. 6 para. 1 lit. b GDPR.
The data collected in connection with registration, as well as any data you may voluntarily provide to complete your profile, will be stored by us for as long as you are registered as a user of our app and will subsequently be erased. The legal retention periods remain unaffected.
5.3. Provision of information
Within our app, information about the linked Pendix eDrive is prepared and visualised for you individually and according to your needs. In particular, you will receive an overview of the components used as well as further technical information about your Pendix eDrive.
To provide the information within our app, your user account must be linked to your Pendix eDrive. To do this, your Pendix eDrive must be connected via Bluetooth to the terminal device you are using to use our app. When the user account is linked to your Pendix eDrive, the following information in particular is usually processed - in some cases differently depending on the type of user (consumer / dealer / workshop):
- Part number
- Serial number
- HMI firmware version
- BMS firmware version
- BMS charging cycles
- BMS RFCC
- Max. cell voltage
- Min. cell voltage
- Difference cell voltage
- Support in %
- Connection status battery
- Wheel circumference in mm
- Part number
- Serial number
- Firmware version
- Torque sensor (view for workshop only)
In addition, the following data are processed:
- The date and time of the connection between your Pendix eDrive and the device you
use to access our app
- Date and time of changes to the Pendix drive wheel circumference (workshop related
- If supported by the drive/battery, the individually set driving profiles (set motor support in NM and max. speed (max. 25 km/h) up to which motor support takes place per support level (eco, smart, sport)
The processing of the aforementioned data is carried out to provide the functionalities of our app on the basis of Art. 6 para. 1 lit. b GDPR. In addition, we process the above data on the basis of Art. 6 para. 1 lit. f GDPR in order to be able to document manipulation of the drive power beyond what is legally permissible. Our legitimate interest consists in the aforementioned purpose.
The information we collect about your Pendix eDrive is stored by us for as long as you are registered as a user of our app and is subsequently erased. The legal retention periods remain unaffected.
5.4. Navigation/Activity tracking
You can use location-based services within our app to calculate and display routes and for navigation. Additionally, every activity with your Pendix eDrive can be recorded and visualized within our app (activity tracking). When using the location-based services provided within our app, the following data may be processed:
- Location data/position data
- Activities (average speed, pedalling cadence, distance, duration)
In order for you to use the location-based services within our app, it is necessary that your site is transmitted to our app by the operating system of the terminal device you use to use our app. Your location is only collected if and when you have enabled it in the device settings of the device you use to access our app.
The legal basis for the processing of the above data is your consent declared with the release of your location in accordance with Art. 6 para. 1 lit. a GDPR.
You can deactivate access to your site in the device settings of the terminal device you use to use our app at any time and thus withdraw your consent.
5.5. Google Maps
Our app uses the Google Maps API operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the display of the map integrated into the app, for the provision of map information, and for the navigation function. When you use our app, Google receives the information that you are using our app as well as information about your use of the map function. If you are logged in with your Google account on the device you use to access our app, this information may be assigned to your Google account. If you do not wish to do so, you should log out of your Google account before using our app.
You can find more information about data processing by Google in the data protection information of Google:
The legal basis for processing your data in connection with the use of Google Maps is Art. 6 para. 1 lit. b GDPR, as the data processing is necessary to provide our app functionalities.
Insofar as personal data is transmitted to the USA when using Google Maps, further protection measures are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with Google in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.
6. Recipient of the data
Within our company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us (e.g. technical service providers) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary, taking into account the data protection requirements. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obligated to special confidentiality and confidentiality due to their professional status.
7. Duration of data storage
We initially process and store your personal data for the duration of the respective purpose of use (see above for the individual processing purposes). On this basis, personal data are erased on a regular basis, unless their temporary further processing is necessary for the following purposes:
- Fulfilment of legal obligations to retain data, which arise, for example, from the German Commercial Code (Art. 238, 257 para. 4 HGB) and the German Fiscal Code (Art. 147 para. 3, 4 AO). The periods specified there for storage and documentation are up to ten years.
- Preservation of evidence in compliance with the prescription rules. According to Art.194 et seq. of the German Civil Code (BGB), these prescription periods can be up to 30 years, with the regular prescription period being three years.
8. Your rights
As a person affected by the processing, you are entitled to the following rights under the legal conditions:
8.1. Right to information
You are entitled to request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to receive information about this personal data and certain other information (in particular, processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data. The restrictions of Art. 34 BDSG (Federal Data Protection Act) apply.
8.2. Right to rectification
In accordance with Article 16 of the GDPR, you are entitled to demand that we correct personal data stored about you if it is inaccurate or incorrect.
8.3. Right to erasure
You are entitled, under the conditions of Art. 17 GDPR, to demand that we erase personal data relating to you without delay. The right to erasure does not exist, among other things, if the processing of your personal data is necessary, e.g. to fulfil a legal obligation (e.g. legal retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of Art. 35 BDSG apply.
8.4. Right to restriction of processing
You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
8.5. Right to data portability
You are entitled, under the conditions of Art. 20 GDPR, to demand that we hand over the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
8.6. Right of withdrawal
You can withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please observe that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected by the withdrawal of consent. An informal communication, e.g. by e-mail to us, is sufficient to declare the withdrawal.
8.7. Right to object
You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. Moreover, our interests may conflict with the termination of the processing, so that we are entitled to process your personal data despite your objection. We will consider an objection to any direct marketing measures immediately and without further balancing of the existing interests.
In this respect for your information about your right to object according to Art. 21 GDPR as follows:
You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 para. 1 lit. f GDPR (data processing on the basis of a balance of interests) or Art. 7 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
The objection can be made form-free and should preferably be addressed to:
Innere Schneeberger Straße 20
08056 Zwickau, Germany
8.8. Right of complaint to a supervisory authority
Under the conditions of Art. 77 GDPR, you have a right of complaint to a competent supervisory authority. In particular, you can submit a complaint to the supervisory authority responsible for us (Saxon Data Protection Officer; www.saechsdsb.de/kontakt) or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found in the following link:
8.9. Other concerns
For further data protection questions and concerns, please contact our data protection officer using the contact details provided above.
9. Obligation to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not, we will not be able to provide you with our app without restrictions. Personal data that we do not absolutely require for the above-mentioned processing purposes are marked accordingly as voluntary information.
10. Automated decision making/profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).