The distribution of the services owed by the contract and marketed via this website and also the personal data which is collected and processed in this context is supported by the technologies and resources of the LimoFahr UG (haftungsbeschränkt), Lehrter Str. 41 10557 Berlin. Hence LimoFahr UG (haftungsbeschränkt) as the person responsible within the meaning of Art. 4 No. 7 GDPR provides the following data protection declaration in accordance with Art. 13 GDPR.
DATA PROTECTION DECLARATION OF LimoFahr UG (haftungsbeschränkt)
A. DATA PRIVACY
1) HOW THE COLLECTION OF PERSONAL DATA TAKES PLACE
1.1 The personal data taken from the website or mobile app are tightly secured but the processing of personal data from the website or mobile app are being done in a different manner which all is discussed in Section B and Section C of the document. More precisely the personal data means the individual information that helps in identifying a particular person.
1.2The company which takes care of the General Data Regulation according to Art 4 para. 7 of General Data Protection Regulation is LimoFahr UG (haftungsbeschränkt) located at Lehrter Str. 41 10557 Berlin, Germany, e-mail: [email protected] The data protection officer can be contacted via email: – [email protected]
1.3 Stay assured that your data will be taken due care when you connect via email and will be used only to answer your query. The data will be deleted when there is no requirement of storing it or will not get processed if it is required to be retained by the law
2) THE MAIN SUBJECT OF THE DATA PROTECTION DECLARATION
All services on our website and mobile app abide by the privacy policies and the data protection Declaration is exclusively handled by the LimoFahr UG (haftungsbeschränkt). If the services are done by the subcontractors then the information related to their protection can be found in later part of the document. The LimoFahr UG (haftungsbeschränkt) isn’t liable for the data protection if the services are used through third party then the data protection regulation will be applied as mentioned by the third party.
3) HOW YOUR DATA IS COLLECTED AND PROCESSED WHEN YOU USE OUR SERVICES
Our scheme of handling and processing of your data works in accordance with Art. 6 Para.1 lit b) General Data Protection Regulation for the entire handling of the transportation services (in particular service arrangement and accounting) The provisions laid down by EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) are used when any type of personal information is processed.
3.1 Customer Account/Registration
In order to make bookings for our services, you need to first register on our website by giving your name, mobile number, email address and password under the registration details. This data is needed so that we can identify you and communicate to you further when you make booking for our services. According to Art. 6 para. 1 sentence 1 lit b) GDPR you need to mention the above details so that it would be easy for us to identify you for any further processes. After having your information, we tag your account with the password protected direct access so that no one can access but you. With this registration detail, you can easily manage and change the details in your account and can see all the information related to rides.
3.2 How To Make Use Of Our Services
(a) For booking a ride through our service on website or mobile app, you need to give name, email address mobile number and select the mode of payment whether credit card or cash invoice, electronic direct debit (ELV) or AirPlus credit card (corporate customers). If you have chosen credit card option then we require credit card details and AirPlus credit card information for billing information and if cash then no details needed. We need this information in order to identify you and can communicate with you and the payment details we ask to process the payment procedure.
(b) The payment information is kept safe with us and thus the connection is encrypted using TLS technology.
(c) It is your responsibility to keep the private data secure and don’t abuse it to any unauthorized third party. If any abuse of the password is done by the third party then we are not responsible for the consequences.
(d) The personal data collected from your side through website or mobile app is only passed to third party under following conditions a) when there is a need to perform contractual responsibilities b) for executing payment procedures c) or If the LimoFahr UG (haftungsbeschränkt) has a legitimate interest d) or if you have given your approval of using the data. According to legal formalities of Art. 6 para.1 sentence. 1 lit b) f) GDPR or Art. 6 para. 1 sentence 1 lit. a) GDPR. It is said that the fleet company or other fleet partner company and their chauffeurs will be told and get the information given by you like your name, mobile number, pickup and drop off locations etc. Also, the credit card information will also be received by the payment processors and receive information like name mobile number and credit card information.
Also, at times your data will be processed by our internal software so that the booking function can be processed. Nothing to worry all our software work in accordance to what laid down by GDPR and sometimes the data may be used by the employees of the LimoFahr UG (haftungsbeschränkt) subsidiary companies. But again nothing to worry as the subsidiaries of LimoFahr UG (haftungsbeschränkt) also obey the guidelines set by GDPR.
(e) You will receive ride confirmation details from the fleet company or from the driver or taxi (first name, last name, telephone number, license plate, vehicle type) or the invoice(in case you chosen this option in your user profile) via your email address. For the purpose of sending you this kind of system e-mails we use the mailing services of SendGrid, a service of SendGrid, Inc. (hereinafter referred to as “SendGrid”). For that purpose, we transfer your e-mail address, name, last name and trip details to SendGrid where it is stored only for the period necessary to fulfill the purpose as described before. The legal basis is Art. 6 Para. 1 lit. b) GDPR. The Commission Decision (EU) 2016/1250 of 12.07.2016 allows the transfer of data from an EU controller or processor of orders to organizations in the US that have committed themselves to adhere to the framework principles of the EU-US Data Protection Shield, including the additional principles, by way of self-certification with the US Department of Commerce. SendGrid is subject to these principles through self-certification with the U.S. Department of Commerce. Information of the third-party provider SendGrid on data protection is available at: https://sendgrid.com/policies/privacy/
(f) We also make use of your mobile number to send you details related to driver like name, telephone number, license plate and vehicle. Now to send you SMS, the SMS sending service Twilio, is used, a service of Twilio Inc. (hereinafter referred to as “Twilio”), 645 Harrison St # 3rd Floor, San Francisco, CA 94107 USA. and there your data will remain until you delete your account from LimoFahr. Upon which we inform the required SMS service to delete your date. The legal basis is Art. 6 Para. 1 lit. b) GDPR. The Commission Decision (EU) 2016/1250 of 12.07.2016 allows the transfer of data from an EU controller or processor of orders to organizations in the US that have committed themselves to adhere to the framework principles of the EU-US Data Protection Shield, including the additional principles, by way of self-certification with the US Department of Commerce. Twilio is subject to these principles through self-certification with the U.S. Department of Commerce.Information of the third-party provider Twilio on data protection is available at:https://www.twilio.com/legal/privacy
(g) In order to facilitate you to use our services outside European Union we will transfer your data to the fleet company and other fleet partners and to the chauffeur as well in order to make your request for our service to get fulfilled. The transfer of the data is done according to Adequacy Decision according to rt. 45 Para. 1 GDPR when the European Commission has decided to give complete protection of data else if the complete protection to the data is not guaranteed then legal basis is Art. 49 Para. 1 sentence 1 lit. b) GDPR.
3.3 Processing of the Credit Card Data
Here we are mentioning how the data of the credit card gets processed. The LimoFahr UG (haftungsbeschränkt) is based on the foundation of giving ultimate security standard and is certified by PCI-DSS(Payment Card Industry Data Security). The LimoFahr UG (haftungsbeschränkt) takes care of the data and the information is highly protected from unauthorized access.
3.4 Use of Adyen For Payment By Invoice Or Elv
In the following we inform you about the use of Adyen in case you choose to pay the ride by bank transfer or ELV through the payment provider Adyen. In this case you have to give store your bank details. Then the payment is made when you press the button in your account as ELV. Alternatively, Adyen will send you a fifteen-digit token and its banking information. Into this account you will have to pay the specific riding fee.
3.5 Feedback from customer after ride completion
After every ride, the customer will be requested to give his or her feedback about the driver and the vehicle. This the LimoFahr takes for its quality assurance and for other reforms to be done.
4.1 The newsletter gives you the latest updates of our services and if you are eager to know about our service then you need to give your valid email address. In order to register to get our news letter we use double opt-in procedure which works that we will send you an email on your email address asking you to confirm of receiving our news letter. If you confirm then you will receive our newsletter else if you don’t confirm within 24hrs then your information will be blocked and get deleted after one month. But we keep the IP address and registration time from which you have given your consent on receiving newsletter. The main purpose of keeping this information is to prove that your registration has been done or to clarify any of the disputes related to keeping of your personal data.
4.2 We only take your email address for sending you the newsletter and once you confirm your consent of sending news letter we will save your email address as per the legal basis Art. 6 para. 1 sentence 1 lit. a) GDPR.
4.3 In order to send you the newsletter we use MailChimp component as per the Art. 6 Par. 1 S. 1 lit.f) GDPR. MailChimp is a service rendered by the Rocket Science Group LLC 512 Means Street,Suite 404, Atlanta, GA 30318, USA.
Once you will subscribe to receiving our newsletter your email address will be sent to the server of the Rocket Science Group USA and will be kept there until you unsubscribe from receiving the newsletter which is more explained in point 4.4
According to the Commission implementing Decision (EU) 2016/1250 of 12.07.2016, the transfer of data from an EU controller or order processor to organizations in the US who have committed themselves to adhere to the framework principles of the EU-US Privacy Shield, including the additional principles, by way of self-certification with the US Department of Commerce, is permitted. MailChimp is subject to these principles through self-certification by the US Department of Commerce. Further information about data protection at MailChimp can be found here: https://mailchimp.com/legal/privacy/
4.4 Below of every newsletter you can find the link to unsubscribe at any time. You can also unsubscribe from the newsletter at any time by sending a message to the e-mail address or address given in the imprint of our website or under point 1.2 of section 1. If the newsletter is canceled then personal data stored for providing the newsletter will be deleted unless there is any legal obligation to keep the data.
(5) DATA IS TRANSMITTED SAFELY
The data is transmitted securely through the encryption by the use of TLS coding. We take care of our website in giving best security and thus we secure it by technical and organizational measures.
(6) RIGHT OF AFFECTED PERSONS
6.1 According to Art 15 GDPR, you have the right and can raise request that too free of charge to take any information about your personal data which is stored about you. Also according to Articles 16, 17 and 18 of the GDPR, you have the full flexibility to correct the incorrect data and can get your personal data blocked or deleted or processed to an extent. Also according to Art. 20 of the GDPR, you are very well allowed to access the personal data related to you that has been stored in a structured, common and machine readable format and you can transmit this data to any person without any hindrance by the LimoFahr UG (haftungsbeschränkt). Further according to Art. 21 para. 1 GDPR you are also permitted to raise objection to the processing of your personal data which is carried out on the basis of Art. 6 para. 1 lit e) or f) GDPR for the reasons arising from your particular situation. The LimoFahr UG (haftungsbeschränkt) will look up to your claims only if the legal requirements for the assertion of the respective claims are satisfied.
6.2 The requests raised related to personal data should be made to the address given in the imprint of our website (https://limofahr.com/) or the e-mail address or address specified under item 1 of this data protection declaration.
6.3 You also have a right to file a complaint with data protection supervisor authority in regard to the processing of your personal data.
B. MORE INFORMATION ABOUT THE USAGE OF OUR WEBSITE 1) DATA COLLECTION PROCEDURE WHEN VIEWING OR USING OUR WEBSITE 1.1 Take data for server log files
Sometimes you may wish to only visit our website and don’t want to register, then at that time we only access those details which your browser sends to server. We collect that data only if you want to view our website as per the guidelines laid down by Art. 6 Par. 1 S. 1 lit. f) GDPR.
Name and content of the accessed website, IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transferred, access status/HTTP status code (referrer URL), browser type, your operating system and its interface, language and version of the browser software.
(a) Cookies are used on our website and it is a special file that gets created automatically by the browser and get stored on your device. The cookies have certain kind of information related to the device on which they are stored. So cookie information can be used by us but according to Art. 6 Par. 1 lit. f) GDPR. The cookies get deleted once you go out of our website. You can enable or disable the cookies by accessing the browser’s settings.
(b) We make use of session cookies to recognize that you have visited certain pages of our website and those cookies will be removed or deleted as soon as you leave the website. We also use temporary cookies to optimize the usability of our website and which are stored on your device during a certain period. In case you visit our website again to use our services, you and the inputs or settings you made will be recognized automatically, so you do not have to repeat it.
2) Third parties services Integration 2.1 Use of Google Analytics
(b) The Commission Decision (EU) 2016/1250 of 12.07.2016 allows the transfer of data from an EU controller or processor of orders to organizations in the US that have committed themselves to adhere to the framework principles of the EU-US Data Protection Shield, including the additional principles, by way of self-certification with the US Department of Commerce. Google is subject to these principles through self-certification with the U.S. Department of Commerce.
(c) But to note one thing which is that if IP anonymization is activated on the website, Google will shorten the IP address beforehand within the Member States of the European Union or in other states party to the Agreement of the European Economic Area. There are very few cases in which situation the full IP address will be transmitted to a Google server in the USA and then it will get shortened. If you have activated the IP anonymization on this website then on behalf of LimoFahr UG (haftungsbeschränkt), Google will make use of the data or information to check the usage of the website so that it can compile reports on the activity done on website and can offer other type of services in regard to the website and in regard to the Internet use in comparison with LimoFahr UG (haftungsbeschränkt). Also note that IP address sent by the website in the context of Google Analytics will not get mixed with other Google data as per the legal basis Art. 6 Par. 1 S. 1 lit. a) or f) GDPR.
(d) The IP address sent by your browser in the view of Google Analytics will not be merged with other Google data. You can able to utilize the full functionality of the website only if you have enabled cookies settings in your browser. Also by keeping the cookies settings disabled will prevent the Google from storing the data that is given by the cookies and the usage of the website by you and also keeping the data unprocessed by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
You can find further information on the data use by Google here:
https://www.google.com/analytics/terms/us.html (User Terms and Conditions)
https://support.google.com/analytics/answer/6004245?hl=en (Overview regarding Data Protection)
https://policies.google.com/privacy (Data Protection Declaration)
(a) For advertising and attracting traffic we use Google Adwords on external website. We show you advertisements that are of interest to you so that we can make our website more interesting to you and to have a fair calculation of advertising costs. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
(c) Cookies help in identifying the browser and if a user visits pages of an Adwords customer’s website and the cookie which was stored on their computer has not expired,then Google and the customers can recognize that the user has clicked on the ad and has been directed to the page. Each and every customer clicked on Adwords be given a different cookie and the cookies cannot be traced through the website of the Adwords customer. These evaluations help us recognize that which advertising measures are effective and which are not.
(d) With the help of marketing tools, it is now possible to get a direct connection to the Google server. But not to worry we don’t have any influence on the data which are accessed by this tool of Google. The only use and significance of the integration of the Adwords conversion is that Google can receive the information related to which part of our Internet appearance and the announcement accessed by the user. If you have been registered with any of the Google service then Google may connect your visit with.your account. And if you are not a registered user then also Google will store the IP address.
(e) If you want to prevent this type of participation in the tracking procedure then you can do things like : i) You can set your browser settings by disabling the third party cookies, by deactivating cookies for conversion tracking ii) Setting the browser settings to lock the cookies by the domain www.googleadservices.com, https://www.google.de/settings/ads this will be deleted when you delete your cookies; iii) you can deactivate the ads which are of providers interest and are part of the About Ads self regulation campaign by going to the link https://www.aboutads.info/choices so this setting will be deleted when you delete the cookies. iv) or you can also deactivate Firefox, Internet Explorer or Google Chrome permanently by going to the link https://www.google.com/settings/ads/plugin.
Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org
2.3 USE OF MATOMO (PIWIK)
(a) This website uses the web analysis service Matomo (formerly called Piwik) an analysis software of InnoCraft Ltd. (https://www.innocraft.com, 150 Willis St, 6011 Wellington, New Zealand) through which analysis and improvement of the use of our website can be done. We can improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit.
(b) For analysis, the Cookies are stored on your computer. The person responsible stores the information collected in this way on his server in Germany where it is stored. You can set the analyzation by deleting existing cookies and preventing the storage of cookies. But if you don’t let the storage of cookies to be done then you may not be able to use the website fully.
(c) The Matomo program is an open source project. You can obtain information on data protection from the third-party provider at https://matomo.org/docs/privacy/.
2.4 USE OF HOTJAR
(a) The website make use of the web analysis service HOTJAR which is a software of the European company HOTJAR LTD, Level 2 St.Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta to analyse and improve the use of the website regularly. The legal basis for the use of Hotjar is Art. 6 Par. 1 S. 1 lit. f) GDPR.
(b) In order to evaluate this, the cookies are stored on your computer. Hotjar provides videos from the website so that whatever data you enter in your profile is visible for instance, name, last name, mobile and email. The information synthesized through this process sent to the Hotjar servers in Ireland and stored there and not transmitted to other third parties. The amount of time the cookie is stored varies depending on the type of cookie. For more information, please visit https://www.hotjar.com/cookies. To prevent Hotjar from collecting the data, please follow the instructions at https://www.hotjar.com/opt-out, which are also available in the German language
(c) Information of the third-party provider Hotjar on data protection is available at https://www.hotjar.com/privacy.
2.5 USE OF THE FACEBOOK SOCIAL PLUGINS (LIKE BUTTON)
(a) As per the Art.6 para. 1 lit f). we employ the use of GDPR components of the provider Facebook.com. The Facebook is a service of Facebook Inc. 1601 S. California Ave,Palo Alto, CA 94304, USA . By having the Facebook plugin we facilitate you to interact with the Facebook and other users. The legal basis for using the Facebook plugins is Art. 6 Par. 1 S. 1 lit. a) or f) GDPR.
(b) Whenever you visit our website having such a component it causes the browser to download a corresponding representation of the component from Facebook. Doing so helps the Facebook to know that which page of our website you are visiting currently.
(c) If you access our website by logging onto Facebook same time, then Facebook identifies you and will also look that which page you are visiting and transfer that information in your personal account. The information of our website visits will be shared with Facebook and will remain there until you delete the Facebook account. Even if you are not a member of Facebook, it is still viable for Facebook to take your IP address and store it.
2.6 USE OF GOOGLE+
(a) We are using the Google+ on our website by the plug-in google+1. This is managed by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA94043, USA This plugin helps you to interact with Google+ users. This way helps us to improve our services and make those users get attrcted towards you as a user. The legal basis for using the Google+ plugins is Art. 6 Par. 1 S. 1 lit. a) or f) GDPR.
(b) Using this button on our website will set a direct connection between the servers of Google Inc. and your browser. The content of the “+1” button is sent by the Google to its browser and integrated into the website. This is to state that Google Inc. doesn’t take any personal data until the “+1” button is not clicked. Such personal data as well as the IP address are only collected and processed by visitors to the website who are logged in parallel with your Google+ account and stored until you delete your account.
(c) Further information related to data collection and how the data is used and processed by Google can be found here https://www.google.com/intl/de/+/policy/+1button.htmlhttps://www.google.com/intl/de/+1/button/
(d) You can at any time raise objection of creation of these user profiles by Google+ but you should consult Google to exercise this right.
2.7 INTEGRATION OF GOOGLE MAPS
(a) We are using Google maps on our website which allows us to put the interactive maps on the website and helps you to utilize the map function effectively. The legal basis for this is Art. 6 Par. 1 S. 1 lit. a), b) or f) GDPR.
(b) When you visit our website, the Google receives information that any sub page has been visited by you of our website. The data mentioned in B 1.1. of this declaration is transmitted whether you are logged on to Google account or you are not having any account. If you are logged on to Google, the information will be directly associated with your account. And if you are wishing not to be associated with your profile on Google then you must log out before you activate the button. The Google stores the data for the purpose of advertising, market research and or demand oriented design of the website. This type of activity is being done even if the users are not log on to give demand-oriented advertising and to aware other users about the activities that you do on our website. Google Maps keep ID- related data for 60 days. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
(c) More information regarding what’s the purpose and scope of data and how the data is further processed and the use of data by Google in addition what all your rights and what are the options to set up privacy can be found here: https://www.google.de/intl/de/policies/privacy
C. A GLANCE ON THE USE OF THE MOBILE APP 1. GUIDELINES OF PERSONAL DATA COLLECTED USING OUR MOBILE APP 1.1 ACCESS DATA
(a) Whenever you download the mobile app the information gets transferred to App store like name, e-mail address and customer number of your customer account, time of download, payment information and the device identification number. This is the information which gets transferred to the App store so we don’t have any control for this information and so we will not be responsible for this information. We are only responsible for the data that it is necessary to process the downloading process of the mobile app to your mobile device.
(b) In order to provide convenient functioning when you use mobile app, we collect data such as name and content of the accessed website, IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transmitted, access status/HTTP status code (Referrer URL), browser type, your operating system and its interface, language and version of the browser software. We collect these data as per Art. 6 Par. 1 S. 1 lit. f) GDPR, in order to give you stability and security while using the mobile app it is technically necessary for us to give guaranteed solutions and that’s why we take the above mentioned data.
(c) Other necessary information we require for proper functionality from your mobile are device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WIFI use, name of your mobile device and your e-mail address.
Mobile App doesn’t use any cookies
1.3 DATA COLLECTION AS PER LOCATION
We want to make your ride comfortable and smooth and that’s why we make use of GPS positioning but it will only function when you have given your consent through the pop-up window that we can collect the location data via GPS and your IP address to be used as an anonymous form for the purpose of arranging trips. Besides this, we also collect location data anonymously to store permanently so that we can determine the flow of traffic and on that basis the more efficient route planning can be made for the users. This setting can be allowed or revoked by going in the settings of your operating system and activate or deactivate the access to your location. The thing which you should consider is that your location will only be communicated to us only when you have activated the access to your location as per the the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) or f) GDPR.
2. USE OF THE SERVICES OF THE THIRD PARTY 2.1 INTEGRATION OF GOOGLE MAPS
(a) The mobile app will use Google Maps which is a service provided by Google and helps us to display interactive maps in the mobile app and also help you to use the map effectively. The legal basis for s is Art. 6 Par. 1 S. 1 lit. a), b) or f) GDPR.
(b) When you use the mobile app, Google has the access and get the information that you have used a subpage of our app. So Google receives the data which is mentioned in C 1.1. of this declaration. This has no connection whether you have a Google account or no account. If you are already logged in to the Google account your information will be directly allocated to your account. Another thing is that if you wish not to get associated with your Google account then you must first log out before you activate the button. This data is taken by Google for various purposes and some of which are for advertising, market research and demand-oriented design of the website. This evaluation of the information is being done even for unlogged in users to provide demand-oriented advertising and to also inform other users of the social network about your activities in our app. Google Maps keep ID- related data for 60 days. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
(c) More information regarding what’s the purpose and scope of data and how the data is further processed and the use of data by Google in addition what all your rights and what are the options to set up privacy can be found here: https://www.google.de/intl/de/policies/privacy
2.2 USE OF GOOGLE ANALYTICS
(a) The app uses Google Analytics which is a mobile analysis service of Google. The Google Analytics use the instance ID of your mobile device in order to identify the installation of the mobile app by you. Also one thing to note that each instance ID is unique to a particular device and app which aid the Google Analytics a solution to refer to specific app instances.
(b) But to note one thing which is that if IP anonymization is activated on the mobile app, Google will shorten the IP address beforehand within the Member States of the European Union or in other states party to the Agreement of the European Economic Area. There are very few cases in which situation the full IP address will be transmitted to a Google server in the USA and then it will get shortened. If you have activated the IP anonymization on this mobile app then on behalf of LimoFahr UG (haftungsbeschränkt), Google will make use of the data or information to check the usage of the mobile app so that it can compile reports on the activity done on mobile app and can offer other type of services in regard to the mobile app and in regard to the Internet use in comparison with LimoFahr UG (haftungsbeschränkt). Also note that IP address sent by the mobile app in the context of Google Analytics will not get mixed with other Google data as per the legal basis Art. 6 Par. 1 S. 1 lit. a) or f) GDPR.
(c) By opting-out in the mobile app’s settings, you can prevent Google from collecting the data which is generated by the instance ID and data in regard to your use of the mobile app.
2.3 USE OF FIREBASE
(a) The app is using Firebase which is a mobile service of Google which uses the instance ID of the mobile device to know how many installations of the mobile app is being done on a particular mobile device. As each instance ID is unique to a particular app and device which eventually helps the Firebase to uniquely refer to specific app instances. Also the information related to the instance ID about the usage of the mobile app is transmitted to and stored by Google on servers in the USA. But the IP address sent by this mobile app in the context of the Firebase will not get merged with other Google data as per Art. 6 Par. 1 S. 1 lit. a) or f) GDPR
(b) But to note one thing which is that if IP anonymization is activated on the mobile app, Google will shorten the IP address beforehand within the Member States of the European Union or in other states party to the Agreement of the European Economic Area. There are very few cases in which situation the full IP address will be transmitted to a Google server in the USA and then it will get shortened. If you have activated the IP anonymization on this mobile app then on behalf of LimoFahr UG (haftungsbeschränkt), Google will make use of the data or information to check the usage of the mobile app so that it can compile reports on the activity done on mobile app and can offer other type of services in regard to the mobile app and in regard to the Internet use in comparison with LimoFahr UG (haftungsbeschränkt). Also note that IP address sent by the mobile app in the context of Google Analytics will not get mixed with other Google data
(c) If you are using Android operating system mobile device then Firebase service Analytics is used to provide analytics and attribution information and it collects Mobile ad IDs, Android mobile device IDs, Instance IDs Analytics App Instance IDs. Another thing is that Firebase Analytics keeps the ID associated data for 60 days and stores aggregate reporting and campaign data without expiring it automatically unless the LimoFahr UG (haftungsbeschränkt) changes its retention preference in the Analytics settings or removes the project.
(d) We also use Firebase Cloud Messaging for mobile devices using Android operating system to determine which mobile devices are to be delivered the messages using Instance Ids. Firebase keeps and stores the instance IDs until a deletion request is made. After which the Firebase deletes the personal data within 180 days.
(e) The Firebase service Crashlytics is used in situations for those mobile devices which use Android operating system to determine when exactly your mobile app crashes. And hence the instance IDs and crash reports are sent to Firebase which again keeps and store the personal data until a request for deletion is made. After which the Firebase deletes the personal data within 180 days.
(f) In case if the mobile device is using iOS operating system then we use Firebase service Dynamic links that utilizes the device specs IDs to facilitate the use of newly installed mobile apps. The Dynamic Links stores devices specs temporarily just to provide the service.
(g) The Firebase service Performance Monitoring is used that uses Instance IDs to check and monitor the mobile app’s function and to take action on specific instances. This performance monitoring keeps the instance associated events for 30 days. Firebase keeps and stores the instance IDs until a deletion request is made. After which the Firebase deletes the personal data within 180 days.
(h) By opting-out in the mobile app’s settings, you can prevent Google from collecting the data which is generated by the instance ID and data in regard to your use of the mobile app.
(i) You can find other related information on how the data is used by Google through Firebase here: