Privacy policy

For MILES Mobility GmbH, handling your data in accordance with data protection regulations is more than just a legal requirement. Regardless of whether you use our mobility services, obtain information about our services or our company, are in contact with us as a service provider or partner, or work for us or want to work for us as an employee or applicant - you can rely on us to handle your data correctly. For easy understanding and accessibility we have refrained from using both the feminine and masculine forms of language in the following. All personal terms apply equally to all genders.In this privacy policy you can find out how, to what extent and for what purposes we process your data, whether we pass on your data to partners and service providers, when we delete your data and other points that may be important to you.

Who we are

Contact details of the responsible person
Managing Directors: Oliver Mackprang, Eyvindur Kristjansson, Andre Feldhuis
MILES Mobility GmbH
Leibnizstrasse 49
10629 BerlinE-mail: hello@miles-mobility.com
Website: miles-mobility.comContact details of the data protection officer
ISiCO GmbH
Am Hamburger Bahnhof 4
10557 Berlin
E-mail: data-protection@miles-mobility.com 
Website: www.isico-datenschutz.de/en/start

General information on
data processing

1. Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons, the processing of data is permitted by legal regulations, or we have a legitimate interest. As stated in the general terms and conditions, it is necessary to complete the registration process properly and confirm that the present privacy policy has been read and accepted in order to become a MILES user. This includes the fact that MILES may create a driving profile for each of its users.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

4. Data transfer and commissioning of processors

If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests.If we commission the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this only occurs if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

5. Rights of the data subjects

5.1 Revocation of consentYou have the right to revoke declarations of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.5.2 Right of objectionPursuant to Article 21 of the GDPR, you have the right, under certain conditions, to object to the processing of your personal data at any time on grounds relating to your particular situation. If you object to such processing, we will terminate or interrupt this data processing process and re-examine whether we can demonstrate compelling legitimate grounds for the processing that outweigh your interest.If personal data is processed for direct marketing purposes, you have the right to object to this processing at any time. An objection to direct advertising means that we will no longer use your data for advertising purposes.5.3 Right to complain to a supervisory authorityYou have the right to complain to the competent supervisory authority if you have the impression that we are violating applicable data protection law. To do this, you can contact the state data protection commissioner or the state data protection commissioner at your place of work, residence or stay.As a rule, your request will be forwarded to the office responsible for us.Berlin Commissioner for Data Protection and Freedom of InformationAlt Moabit 59-6110555 BerlinPhone: 030 13889-0Fax: 030 2155050E-mail: mailbox@datenschutz-berlin.de 5.4 Right to information / right to rectificationYou have the right to receive information about the processed data. We have already compiled all the necessary information in accordance with Article 15 (1) of the Data Protection Regulation here on the privacy statement. Article 15 (3) GDPR also grants you the right to receive a copy of your data. If you are not sure whether we process your data, we will be happy to send you a confirmation.You may have the right to ask us to correct any inaccurate personal data relating to you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration. Partially, your data can be changed in the customer account. If you are unable to correct your data yourself, we will support you in exercising your right to rectification in accordance with Article 16 of the GDPR.5.5 Right to restriction of processing / right to erasureThe data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 of the GDPR.In accordance with Article 17 of the GDPR, you can request that your data be deleted without delay. We are obliged to delete your data immediately if one of the legally prescribed reasons of Art. 17 (1) of the GDPR applies and none of the exceptions according to Art. 17 (3) or similar provisions apply. We are legally authorised under Art. 17 (3) (e) of the GDPR to retain data relating to journeys. The relevant limitation periods of § 14 StVG of up to 30 years are decisive here.If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted in accordance with Art. 18 GDPR. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or to enforce our own legal claims. In particular, we reserve the right to permanently store data of blocked users (e.g. due to accidental driving, fraud, non-payment) in order to prevent re-registration. This is a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.According to Article 18 (1) of the GDPR, you may, under certain circumstances, request the restriction of the processing of your data. If processing has been restricted, this personal data may - apart from being stored - only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.5.6 Right to data portabilityAccording to Article 20 of the GDPR, you have the right to request that we assist you in transferring your contractual data or data that we process on the basis of consent to third parties if we process the data using automated processes, e.g. if you want to switch to a competitor. Let us know who you would like us to transfer your data to and we will contact the service provider. Alternatively, you can also receive this data in a machine-readable format.5.7 Right to informationIf you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.Furthermore, you have the right to be informed about these recipients.

6. Privacy policy for users of the website and visitors to our social media presences

Below we explain how we handle the data of the users of our website and our presences in social media.6.1 Overview of our web presencesWe operate this website (www.miles-mobility.com) with some sub-sites (including www.support.miles-mobility.com).You can also find us on Twitter, Facebook, Instagram, LinkedIn, Xing and YouTube.6.2 General information on data processing6.2.1 Affected personsData subjects of the data processing are visitors to our website or our channels in the social media (hereinafter also users or interested parties).6.2.2 PurposesThe purpose of the processing is to provide information about our company and our services, to offer communication channels to our company, to address interested parties in an advertising manner, to analyse the effectiveness of our advertising measures, to conduct anonymised market research and to ensure the security of our websites.6.2.3 Categories of data / types of data
  • The following data types can be processed:
  • IP address 
  • Access times and approximate location of users
  • Meta/communication data (e.g. device information) 
  • Visited websites 
  • Interest in content 
  • Demographic characteristics (via our advertising partners)
The data is usually collected when the offers are used.6.2.4 Recipients / categories of recipientsThe recipients of data are primarily the integrated service providers. Below we list an overview of the service providers. Further information can be found in the respective paragraphs on processing.
  • Google (Statistics/Marketing/Map Clippings/Videos) 
  • Facebook (Marketing)
  • Zendesk
  • Braze 
  • Invers (driving data)
  • Whatsapp
6.2.5 Reservation(s) on the location of storage and processing of dataWe would like to inform you that our company works with partners in third countries (Google, Facebook, Braze Inc, WhatsApp, Sentry, and PayPal). Personal information that we collect from you may be processed in the United States or other third countries. Some of these third countries, including the United States, have received an adequacy decision from the European Union under Article 45 of the GDPR (e.g., the EU-U.S. Data Privacy Framework). This means that your data enjoys an adequate level of protection in these countries. In cases where such a decision is not in place, we rely on exceptions for specific situations as outlined in Article 49 of the GDPR and, where applicable, on safeguards under Article 46 of the GDPR. Specifically, we only collect and transfer personal data to the United States or other third countries with your explicit consent, or to fulfill a contract with you. We and our processors are committed to implementing appropriate measures to protect the privacy and security of your personal data and to use it solely in accordance with your relationship with us and the practices described in this privacy policy.6.3 The data processing operations in detail6.3.1 Server log files / log filesEach time the website is visited, a log file is created by the web server. The following characteristics are recorded in this file.
  • Browser type and browser version of the user
  • Operating system used by the user
  • Referrer URL Host name of the accessing computer 
  • Date and time of access
  • IP address of the user
  • Internet service provider of the user
This data is not merged with other data sources. The provider may collect this data and store it for a period of 7 days. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the secure operation of a technically error-free presentation and the optimisation of our website - for this purpose, the server log files must be collected. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. We use encryption to meet the requirements of Art. 32 GDPR, which requires that we take appropriate measures for the security of the website. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.6.4 Cookies and personalised trackingOur website uses so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.Cookies that are required to carry out the electronic communication process or to provide certain functions desired by you are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for the analysis of surfing behaviour) are stored, these are dealt with below in this data protection declaration and used with the corresponding consent.You can access our cookie banner and change your settings via the following link:Cookie settings6.4.1 Managing the analysis tools using Google Tag ManagerWe use the Google Tag Manager in order to be able to integrate and manage website evaluations centrally and via a user interface. Tags are different tracking codes (JavaScript code lines) with which we can record and track your activities on our website.The advantage of the tag manager is that we can use it not only to manage Google services, but also to centrally manage other analytics services. In this way, we can better identify which tracking technology provides us with the information we need and avoid unnecessary data collection. The tag manager itself does not process any data, but helps us organise the data from Google Analytics, Facebook or Instagram.We use the tag manager to make our website as useful, comfortable and usable as possible for you and other visitors. For this purpose, we need the analysis data. We use the tag manager on the basis of Art. 6 para. 1 lit. f GDPR, which allows processing on the basis of a balance of interests. We have a legitimate interest in seeing which content appeals to our prospective customers. This allows us to realign our marketing to attract more people to our offers. Please read section 6.2.5 for more information about this provider.6.4.2 Cookies and other tools for the purpose of range measurement and statisticsWe use cookies for reach measurement and to create statistical evaluations of our website and social media interactions. For this purpose, we rely, among other things, on Google Analytics.6.4.3 Google AnalyticsThe provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.Google Analytics uses so-called "cookies" and similar technologies. Cookies are text files that are stored on your computer and enable an analysis of your use of the website (target group reports, conversion reports, interaction and behaviour reports, real-time reports, etc.). The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. When using Google Analytics, your IP address is usually shortened to make subsequent identification more difficult.Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. a GDPR, in accordance with the corresponding consent of the user.You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Deactivate Google AnalyticsOur goal in using Google Analytics is to further optimise our service and offer more to potential users. The Google Analytics statistics help us to better understand our customers and support us in achieving this goal.Google Analytics sets the following cookies:Name: _ga (Google Analytics js) Purpose: Google uses this cookie to store the user ID and distinguish users. Expiry date: after 2 yearsName:_gid Purpose: Expiry date: after 24 hoursName: gatgtag_UA_<property-id> Intended use: If Google Analytics is provided via the Google Tag Manager, this cookie is given this name. Expiry date: after 1 minuteStorage period: We have limited the storage period to 14 months in order to comply with the principle of storage limitation from Art. 5 GDPR. This retention period applies to data linked to cookies, user recognition and advertising IDs. Results of reports are based on aggregated data and are stored independently of user data.You can find more information on the handling of user data with Google Analytics in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de 6.4.4 Facebook tracking PixelThis website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland; "Facebook"). Via this Pixel, the behavior of website visitors can be tracked after they have been redirected to the operator's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.The collected data is anonymous for us as the operator of this website. We cannot draw any conclusions about the identity of the users. However, the personal data is processed by Facebook. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.Specifically, the following data is processed by Facebook and us:
  • IP address
  • User agent
  • Facebook user ID
  • Browser type
  • HTTP header
  • Device information (device ID, device operating system).
  • Geographic location
  • Browser information
  • Usage/click behavior, including content viewed and items clicked on
  • Facebook cookie information
  • Pixel ID
  • Pages visited
  • Referrer URL
  • Marketing information, including ads viewed and interactions with ads, services, and products
The use of the Facebook Tracking Pixel takes place exclusively with and on the basis of your prior consent, Art. 6 para. 1 lit. a GDPR. Your consent can be revoked at any time via the "Your cookie settings" function provided on our website, effective from this point forward. The legality of processing based on your consent prior to the revocation remains unaffected.As long as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility and is the sole responsibility of Facebook. Our joint obligations have been set forth in a Joint Processing Agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for implementing the tool on our website in a privacy-secure manner. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights against us, we are obliged to forward your request to Facebook.According to Facebook, the collected data is also transferred to the US and other third countries, and processed there. Facebook bases the data transfer to the US on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.Please note: Despite the fact that Facebook Ireland Ltd. is based in Ireland, your personal data, including the IP address of the internet connection you are using, may be transferred to Facebook servers in the United States or other third countries if you consent to our performance cookies. The United States of America is currently covered by an adequacy decision pursuant to Article 45 of the GDPR through the EU-U.S. Data Privacy Framework. This means that personal data can be transferred to U.S. companies certified under the framework without the need for additional safeguards, as these companies are deemed to provide an adequate level of data protection. With the transmission of your data, both Facebook and, if applicable, US or other third country authorities have access to the transmitted data. Facebook may combine your data with other data, such as your personal accounts, usage data from other devices, and any other data Facebook holds about you, and may also share your personal data with third parties. In addition, US or other third country authorities may access and process your data without notice or notification to you (during and after the processing is completed) or without providing you with similar remedies and data subject rights. Unfortunately, we have no influence on the processing by Facebook and US or other third country authorities in these cases.If you wish, you can deactivate the "Custom Audiences" remarketing feature in the ad settings section at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are registered with Facebook. If you do not have a Facebook account, you can also deactivate Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.For more information about Facebook's privacy practices, please see Facebook's privacy policy at the following link: https://de-de.facebook.com/about/privacy/.6.4.5 Facebook Custom AudiencesWith the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences").The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, you can find general information on the display of Facebook ads in Facebook's data usage policy: https://www.facebook.com/policy. For specific information and details on the Facebook Pixel and how it works, please visit Facebook's help section: https://www.facebook.com/business/help/651294705016616.You can opt out of the Facebook Pixel's collection and use of your data to display Facebook ads. To control which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers or mobile devices. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.You can also opt out of the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).6.4.6 AdjustIn order to statistically evaluate visitor data, we use the analysis tool Adjust on our website. This is offered by:Adjust GmbH Saarbrücker Str. 37A 10405 Berlin, Germany.Adjust is a service that evaluates visitor behaviour and feedback through combined analytics and feedback tools. We receive heatmaps, conversion funnels, visitor recordings, incoming feedback, feedback polls and surveys.We use these evaluations to optimise the usability and user experience of the site and to additionally collect customer opinions via the feedback channel. We receive reports and visual representations from Adjust that show us where and how users "move" on our site. The personal data is automatically anonymised. Neither can we assign the interactions to a user nor is the data transmitted to Adjust.Adjust automatically collects usage data. For this purpose, a tracking code of the website is linked to a cookie.The following data is collected and stored:
  • Time of the visit 
  • Screen size and resolution.
  • Browser version
  • Approximate location (IP location) 
  • Language
  • Visited subpages 
  • Date and time of access to one of our sub-pages (web pages)
  • IP address (anonymised)
  • Name: _hjid 
Purpose: The cookie is used to maintain a Hotjar user ID that is unique to the website in the browser. This allows user behaviour to be associated with the same user ID on subsequent visits. Expiry date: after one year6.4.7 Newsletter dispatchWe send out mandatory information about the MILES Mobility GmbH offer via our newsletter. Furthermore, users of the app can subscribe to a newsletter and receive information about additional offers and promotions. To do this, we require your email address and consent to receive the newsletter, which we obtain via a so-called double opt-in procedure. Further data will not be collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties, apart from the respective newsletter senders.In principle, the data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). In some of the cases mentioned below, which are directly related to the sending of newsletters, the processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR).You receive all newsletters of an advertising nature on the basis of your consent to the storage and use of the data; you can revoke this consent at any time. You can unsubscribe at any time by clicking on the "unsubscribe" link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.We also send newsletters as customer information letters with relevant technical and organisational information on terms of use, changed tariffs or business areas.We consider it imperative that this information reaches our customers, so you cannot automatically unsubscribe here. Your right to object according to Art. 21 GDPR remains unaffected, but in this case it is your duty to actively inform yourself.We use the services of Braze Inc. and PostMark to send the newsletters.Braze Inc 330 West 34th Street, 18th Floor New York, NY 10001 USA.We have concluded a so-called "Data Processing Agreement" with Braze Inc. in which we oblige the service provider to protect our customers' data and not to pass it on to third parties.We use a method to analyse the reach of our newsletter. When you open one of our emails, a file contained in the email connects to the servers of Braze Inc. in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). However, this information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.After unsubscribing from the newsletter distribution list, the email address is stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interest outweighs our legitimate interest. However, you may then be contacted by us again.6.4.8 Communication via WhatsappWe use WhatsApp, a communication service provided by WhatsApp Inc. (Merrion Road, Dublin 4, D04 X2K5, Ireland), to send you messages regarding additional offers, promotions, and advertising via WhatsApp. If you opt-in to receive these messages, we process your personal data, such as your phone number and information about whether you have opened a WhatsApp message (i.e., "reads"). This data is used solely to send you messages via WhatsApp and analyze interactions with these messages.You can opt-out of the communication at any time by replying with "Unsubscribe" or “Abmelden” to the WhatsApp message. Your phone number will then be removed from the recipient list, and you will no longer receive any further messages.The legal basis for processing this data is your prior, voluntary, and informed consent according to Art. 6, para. 1, lit. a of the GDPR. You can withdraw your consent at any time without facing any disadvantages.The data transfer to WhatsApp takes place in accordance with WhatsApp's privacy policy, which you can view at the following link: WhatsApp Privacy Policy.6.4.9 AdaChat - contacting and requesting via chatOur website also embeds AdaChat, an AI-based communication and conversation service provided by Ada Support Inc. (371 Front Street W, Suite 314, Toronto, Ontario, M5V 3S8, Canada), to provide you with high-quality chatbot-based customer support and to respond to your inquiries efficiently, quickly, and with and resource-efficient way.If you contact us via our chat, we process your information for the processing of your request and in case follow-up questions arise. The data processed in this context includes the information you provide when contacting us or in the course of follow-up communication. Note: In order to comply with the data minimization principle in the best possible way, we kindly ask you, to limit your information to what is necessary, as far as possible.AdaChat also uses so-called "cookies". These are text files that are stored in your internet browser or by your internet browser on your terminal device as a result of your consent. By setting the cookies, we are enabled to collect and process the data listed below and to analyze the content and use of the chat. The collection and processing of this data is done for the purpose of providing, security and functionality of the chat, for the analysis of your data, for the purpose of answering your requests and for the purpose of further development of the service itself. You can find more information about cookies here: https://www.ada.cx/cookies. The following personal data is collected and processed by us by means of these cookies:
  • IP address 
  • Chatter ID 
  • Chatter token 
  • Time and date of chat request and use 
  • Browser information (type, version, language setting) 
  • Operating system information (type, version) 
  • Device information (device identification number, type, hardware and software properties) 
  • Location information (country) 
The legal basis for the use of the tool and the data processing carried out on our behalf is your prior, voluntary and informed consent in accordance with § 25 TTDSG (German Telecommunications-Telemedia Data Protection Act) and art. 6 para. 1 lit. a GDPR, which we request via our cookie banner. Once you have given your consent, you can revoke it at any time with future effect using the "Your cookie settings" function on our website or by sending an email to data-protection@miles-mobility.com (mailto:data-protection@miles-mobility.com). Processing that has already taken place up to the time of the revocation remains unaffected by this. The chatbots used by us can "remember" a chatter from one conversation to the next ("chatter persistence"), provided that the conversations are not longer than 7 days apart. Within the scope and for the purpose of this reminder function, the chatter, the associated data and the chat history are recorded and stored by a bot. After the 7-day period selected by us has expired, the bot then automatically forgets the stored data.Please note: Regardless of this automatic deletion after a certain period of time, your data may also be stored and processed by us, if and to the extent that this is required and permissible or we are subject to a legal obligation that requires further processing of your data. In order to ensure the data protection compliant processing and protection of your data in the context of the use of the tool, we have concluded a data processing agreement with Ada Support Inc. in the sense of art. 28 GDPR, which states in particular that your data may only be processed for the purpose of providing the service. The data transfer to Canada is covered by an adequacy decision of the European Commission, which certifies that Canada provides an adequate level of protection with regard to your data and data subjects' rights (art. 45 GDPR).For more information about AdaChat and the privacy policy of Ada Support Inc. please visit: https://www.ada.cx/legal-resources/privacy-policy6.5 Google MapsThis site uses the mapping service Google Maps via an API. Provider is:
  • Google Ireland Limited ("Google")
  • Gordon House
  • Barrow Street
  • Dublin 4
  • Ireland.
In order to use the functions of Google Maps, it is necessary to save your IP address and to transmit it to a Google server and it is also saved on this server. The provider of this site has no influence on the specific content of this data transmission. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of our business areas.This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de. 8 (https://www.facebook.com/settings?tab=ads).6.6 Contact form, chat request by e-mail or telephoneYou can send us enquiries via contact form, chat, e-mail or telephone. In this case, your enquiry with the contact details and, if applicable, further details from the enquiry form or the enquiry will be stored in our CRM system for processing the enquiry and for possible follow-up enquiries.The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.We keep your data until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.6.7 Ada VoicebotOur customer service also integrates a voicebot solution from Ada Support Inc. (371 Front Street W, Suite 314, Toronto, Ontario, M5V 3S8, Canada), an AI-based communication and conversation service. This tool is used to provide you with fast, efficient, and resource-conscious voice-based customer support.If you contact us via the voicebot, we process your personal data to handle your inquiry and in case follow-up actions are necessary. The data processed in this context includes the phone number from which the call is made, the length of the call, and your consent status regarding recording. No recording is made unless you explicitly consent to it during the call.Note: To comply with the principle of data minimization, we kindly ask you to share only the information that is necessary for processing your request.The legal basis for the use of the tool and the data processing carried out on our behalf is your voluntary and informed consent in accordance with Art. 6 para. 1 lit. a GDPR and, if applicable, § 25 TTDSG. If consent for recording is not given, no recording is made, and only the metadata mentioned above is retained.To ensure the secure and GDPR-compliant handling of your data, we have concluded a data processing agreement with Ada Support Inc. pursuant to Art. 28 GDPR. This agreement ensures that your data is processed exclusively for the purpose of providing the voicebot service.The data transfer to Canada is based on an adequacy decision by the European Commission under Art. 45 GDPR, confirming that Canada ensures an adequate level of data protection for data subjects.For more information about Ada Support Inc. and its privacy practices, please visit: http://www.ada.cx/legal-resources/privacy-policy6.8 YoutubeWe have embedded YouTube videos on our website. This allows us to present videos from our YouTube channel directly on our site. The portal is operated by YouTube, a Google company. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings).Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe. If you want to find out more, we recommend that you read the data protection declaration at https://policies.google.com/privacy?hl=de. 6.9 ZendeskWe have integrated various services from Zendesk on our website. Zendesk serves as our service provider for the provision of our support page and our contact forms. Various personal data may be shared with Zendesk. For more information, please see Zendesk's privacy policy https://www.zendesk.de/company/privacy-and-data-protection/ and section 7.9.2 of this privacy policy (appropriate safeguards for data transfers to third countries, among others).6.10 Participation in the PAYBACK Bonus ProgramUsers have the option to link their MILES account with their PAYBACK account in order to collect PAYBACK °Points while using MILES services. To do so, the user enters their ten-digit PAYBACK customer number in the MILES app and confirms the linkage.As part of this linkage, MILES transmits the user’s PAYBACK customer number and transaction-related ride data (such as the invoice amount and date of ride) to PAYBACK GmbH, Theresienhöhe 12, 80339 Munich. This processing is carried out solely for the purpose of enabling the accrual of PAYBACK °Points and is based on Art. 6(1)(b) GDPR (performance of a contract relating to participation in the PAYBACK program).Users may unlink their PAYBACK account from their MILES account at any time via the MILES app. Once unlinked, no further data will be transmitted to PAYBACK. Data that has already been transferred remains unaffected and is subject to the applicable statutory retention periods.PAYBACK is TÜV-certified for data protection and complies with the requirements of the GDPR as well as other applicable data protection laws (e.g. the German Federal Data Protection Act – BDSG). PAYBACK uses modern security technologies and encryption methods to ensure the confidentiality and integrity of personal data. PAYBACK does not sell or share personal data with third parties for commercial purposes.For further information on how PAYBACK processes personal data, please refer to: https://www.payback.de/info/hinweise-datenschutz-23

7. privacy policy for users of the app and mobility services

Overview of the purposes, the type of data as well as the categories of recipients and the storage period.In order to execute rental contracts with MILES Mobility GmbH, a user account with the MILES Mobility App is required (see also the General Terms and Conditions and the Rental Conditions). This personal data is processed by MILES Mobility GmbH (Germany). The processing of data via apps of partner companies which offer joint mobility services with MILES Mobility GmbH takes place in accordance with the privacy policy of the respective app.7.1 Purposes of data processingCustomer management, customer approach and customer supportRegistration with identification and verification of the driver's licenceVehicle booking via the app / service provision (provide vehicle) Billing and payment tracking Processing of violations of the law, in particular against the StVO Receivables management and collection Security checks and fraud control Claims settlementDetection and documentation of in-vehicle smoking incidents through sensor technology for the enforcement of the contractual smoking ban, including the collection of contextual data (such as location and speed) and the assignment of the incident to a specific booking for the purpose of imposing a contractual penaltyEvaluation of driving behaviour for the purpose of promoting safe use of the vehicle, preventing misuse, and supporting internal measures related to the enforcement of the German Road Traffic Act (StVO)Sensor-based event data for detecting smoking incidents inside the vehicle, including particle measurement data over time, timestamp, GPS location, vehicle speed, smoke event duration and morphology, confidence metrics, and linkage to booking and customer ID (only processed in the event of a potential smoking incident)7.2 The following of your data will be processedFirst name, last nameAddress Date of birthLanguageEmail addressTelephone (mobile) Device-Key (Number of the device)PasswordBank details / Preferred payment method Schufa - extractCustomer number/ reference numberVerification of driving licence, driving licence number, identity documentSelfieGeolocation data (for vehicle search / and vehicle booking / tracking the vehicle in ride)Location data at registration (city / business area)Contract data / Tariffs / Discounts (E-mail) correspondence / contact history Trip logBlack box in the vehicle (no personal data collection, but can be related to individuals) (e.g. subject matter of the contract, term, customer category)Telemetry and vehicle usage data , including but not limited to speed, braking intensity, cornering, acceleration patterns, driven distance, timestamped event logs, and vehicle zone-based speeding information (no personal data collection, but can be related to individuals)7.3 Nature and origin of the dataThe following data is collected directly from the data subject during registration:First name, last nameDate of birthLanguageAddress E-mail addressTelephone (mobile) Bank detailsCustomer number/ reference numberVerification of driving licence, driving licence number, identity card numberLocation data (city)Contract data / Tariffs / Discounts The following data is collected in the course of using the offer:Device-Key (Number of the device)Geolocation data (for vehicle search / vehicle booking / during the journey) (E-mail) correspondence / contact history Trip log for accounting purposes. Black box in the vehicle (no personal data collection, but can be related to individuals) Contract data / tariffs / discounts (in case of changes)The following data is collected via third parties:Schufa score as part of the credit report (Schufa) Reports on driving behaviour by other road users Master data and, if applicable, verification data from mobility partners (Jelbi, FreeNow) 7.4 Automated decisionAn automated decision takes place within the framework of our security checks.Furthermore, an automated decision is made within the framework of the Schufa statement, although the responsibility for this does not lie with MILES Mobility GmbH.You have the right to make your point of view known to us and to challenge these decisions. In this case, we will be happy to carry out a manual review of the automated decision.7.5 Storage period7.5.1 Deletion on requestFor processing operations based on consent:Withdrawal of consent concerns the receipt of the newsletter.As a rule, the withdrawal of consent is implemented immediately and automatically by the mailing service provider's systems. In rare cases, the synchronisation of the unsubscription from different mailing lists may take a few hours.If customers request their right to data deletion for data processed on a legal basis other than consent, the user account will be deleted in accordance with the following information:The personal data of the data subject to be deleted will be blocked system, partially made unrecognisable or blacked out and access to the data strictly restricted. After two years, the data listed above will be automatically deleted from the system, with the exception of personal data, which must be retained for a period of eight years in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO). After eight years, this data is also automatically and irrevocably deleted.Recipients of the data will be informed of the deletion request.If overriding interests stand in the way of deletion, the customer will be informed of the reasons for the restriction of the right to deletion. This is particularly the case if MILES Mobility GmbH requires the data to enforce or defend legal claims.7.5.2 Deletion after the purpose has ceased to existIf data is processed for the fulfilment of the contract, the data is generally stored for the duration of the contractual relationship. Following the termination of the contractual relationship (cessation of the purpose), the personal data of the data subject to be deleted will be blocked in the system, partially rendered unrecognisable or blacked out and access to the data strictly restricted. After three years, the data listed above will be automatically deleted from the system, with the exception of personal data which must be retained for a period of ten years in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO). After eight years, this data is also automatically and irrevocably deleted.If data is processed to comply with legal requirements, the rights of the data subjects to have the data deleted shall lapse until the expiry of the respective time limits with regard to the data to be stored. MILES Mobility GmbH does not use this data for any further purposes. This expressly includes storage for the purpose of proving proper accounting. For violations of the StVG, the retention periods are based on the limitation periods. These are up to 30 years.MILES Mobility GmbH reserves the right to permanently store data of blocked users in order to prevent re-registration. This is a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.7.6 Registration with verificationThe registration of the user account takes place via the MILES app. During registration, the surname, first name, contact details, preferred language, and date of birth (as proof of age and identification feature) are requested. In addition, the user provides an email address (with the option to consent to receiving the newsletter), banking and payment details, and verification of the driving licence and a valid identification document.The approximate location (city) and date of registration as well as the activation of the email address are stored for the duration of the customer relationship. We sometimes use the services of processors to verify the accuracy of the data provided. The email address is confirmed using an activation email. The telephone number is validated via a processor (BudgetSMS).For the verification of the driving licence and the identity document, the user is asked to capture an image sequence of the documents to be verified and of their face. The sequence consists of several still images taken in quick succession. During this process, the user may be prompted to move their head slightly or adjust the document to different angles so that the images are clear and free from glare or blur. The purpose of this step is to confirm that the person presenting the identity document is physically present and identical to the person shown on it. The resulting images are used to perform a biometric liveness and similarity check using automated image analysis. The image sequence is used solely for verifying the authenticity of the document and the user’s identity and is not used for any other biometric profiling or analysis.MILES Mobility GmbH uses the verification service provider Persona Identities, Inc. (Persona Identities, Inc., 345 California Street, Suite 600, San Francisco, CA 94104, USA) for the verification of driving licences and user identities. Persona’s technology uses artificial intelligence and machine learning models to detect document tampering and verify biometric consistency. These automated systems assist in the verification process but do not make solely automated decisions with legal or similarly significant effects under Article 22 GDPR. Verification results are subject to review and confirmation by MILES.Processing by Persona involves data transfers to the United States. Persona is certified under the EU–U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection recognised by the European Commission. In addition, MILES has entered into Standard Contractual Clauses (SCCs) with Persona in accordance with Article 46(2)(c) GDPR to ensure appropriate safeguards for data transfers and processing in the United States. Persona also implements extensive technical and organisational measures, including encryption of all data in transit and at rest, strict access controls, and regular security audits.Further information about Persona’s privacy policy can be found here: https://withpersona.com/legal/privacy-policyPersona holds internationally recognised security certifications such as ISO/IEC 27001 and SOC 2 Type II and, as a processor, acts solely on MILES’ documented instructions in accordance with Article 28 GDPR.The legal basis for the verification of the driving licence arises from Article 6 paragraph 1 letter c GDPR in conjunction with § 21 paragraph 1 no. 2 StVG. Accordingly, MILES Mobility GmbH, as the vehicle owner, is legally obliged to verify that a valid driving licence exists before a vehicle is made available. In addition, a copy of a customer’s identity document is requested in order to unequivocally verify the customer’s identity in the event of accidents, for the settlement of claims, and for compliance with legal obligations, for example in the case of administrative offences or criminal investigations. The verification of an additional document also serves to make identity theft more difficult.Where biometric data (facial image comparison) are used for identity verification, processing is carried out on the basis of explicit consent under Article 9 paragraph 2 letter a GDPR. Users can withdraw this consent at any time with effect for the future.This purpose and corresponding data processing remain in place for the duration of the customer relationship. Even at a later point in time, particularly in the event of damage, MILES Mobility GmbH may be obliged to prove that its legal verification obligations have been fulfilled. For this reason, data from driving licence and identity verification are retained for the duration of the customer relationship and subsequently for a limited period in accordance with statutory retention and limitation requirements7.7 Use of the app7.7.1 Vehicle booking and trip accountingThe app is used during the customer relationship to locate and book the vehicles.We need access to the location of your device. When a request is made, we collect the current location via GPS in order to be able to quickly provide information about the vehicles in the immediate vicinity. We also use location data of the device at the moment of the opening of the vehicle to check the distance to the vehicle. This serves the purpose of preventing vehicle misidentification, theft or unauthorized vehicle handovers. Data about your location is used to process the request, i.e. at the beginning and end of a journey and in the event of interruptions.During the journey, the location data of the vehicle is regularly compared with the data of the device; this is done via an encrypted connection. The location data is anonymised after the end of the request and statistically analysed to improve our service.The vehicle's location data is primarily processed for billing purposes; we reserve the right to also use the location data query for fraud prevention and to match the device location with the route driven.To determine addresses based on geographic coordinates (reverse geocoding), we use the services of our data processor LocationIQ. This service is provided by Unwired Labs (India) Pvt. Ltd., 128, Prashasan Nagar, Rd 72, Jubilee Hills, Hyderabad, TS, IN – 500033.In the course of processing, we transmit geographic coordinates (latitude and longitude) to LocationIQ in order to convert them into a human-readable address (e.g. street name and postal code). These addresses may be used, for example, for invoice display or operational purposes.No additional personal information (such as user ID, trip details, or device identifiers) is transmitted to LocationIQ. The service provider processes the data on our behalf and in accordance with a data processing agreement pursuant to Art. 28 GDPR. The transfer to India is based on contractual safeguards in accordance with Art. 46 GDPR.7.7.2 Customer data managementIn the app, the user's data can be accessed via the login area. Here you will find the trip log, the master data and contact data as transmitted during verification. Furthermore, the payment and billing data. The data from the app is transmitted in encrypted form and stored in a CRM system.The provider of the CRM system is Braze Inc.Braze Inc 330 West 34th Street, 18th Floor New York, NY 10001 USA.We have concluded a so-called "Data Processing Agreement" with Braze Inc. in which we oblige the service provider to protect our customers' data and not to pass it on to third parties. The transfer to the USA takes place on the basis of suitable guarantees.Furthermore, we use order processors to store the data.As this data is collected and processed for the purpose of fulfilling contracts or legal requirements, users' rights to erasure or blocking may be limited. The right to rectification and information is unaffected.7.7.3 App security, usage analysisWe have a legitimate interest according to Art. 6. para. 1. lit. f GDPR in a secure and reliable operation of the app as well as in the further development of the app and the optimisation of the economic operation.We use the tool Sentry, which is provided to us by the company Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, to evaluate error messages and to analyse system parameters of the app. Sentry transmits error reports to servers in the USA and provides us with evaluations, e.g. about programming errors and compatibility problems. We only have access to data about the version of the operating system and the type of device.We have concluded an order data processing contract with the provider and have ensured that there are sufficient guarantees for the data transfer to the USA in accordance with data protection requirements. We cannot see any countervailing interest on the part of the users. You can still prevent the transmission of bug reports at any time.With your express consent, which can be revoked at any time, we also use Google Analytics for Firebase and Firebase Crashlytics. The legal basis is Art. 6 para. 1 lit. a GDPR. When you first start the app, you can select whether Google Analytics for Firebase and Firebase Crashlytics should be used; you can deactivate the collection of analytics data in the app.Firebase / Crashlytics transmits your anonymised IP address, your anonymised advertising ID as well as usage and analysis data to a Google server in the USA and stores them there. The IP anonymisation in Analytics is done by shortening the addresses. If you have agreed to the use of Google Analytics for Firebase and Firebase Crashlytics, we use the app usage data for statistical, anonymous evaluations and to improve the app.7.8 Credit assessmentAs a company, we have a legitimate interest in protecting ourselves against payment defaults. In accordance with our General Terms and Conditions, we are entitled to verify the creditworthiness of customers with credit agencies or Schufa.The processing of personal data in the context of the credit assessment is based on Art. 6.1.f GDPR. We assume that the check and confirmation of solvency is usually also in the interest of the customers, as this form of credit assessment does not pose any significant risks to rights and freedoms, in this way the transmission of additional data on creditworthiness can be avoided and a simple and convenient process can be provided.The credit assessment is necessary for the enforcement of rights and claims of MILES Mobility GmbH.The credit checks serve to protect MILES Mobility GmbH from payment defaults and are intended to ensure that MILES Mobility GmbH has recourse to the originator in the event of a claim (please refer to the price list https://miles-mobility.com/preise/).When determining your creditworthiness, your data will be transmitted to Schufa. This can be e.g. name, address, date of birth and bank details, insofar as these are necessary for establishing your identity. We receive a scoring value from Schufa or other credit agencies involved, as well as other information from which the risk of non-payment can be derived. These are, for example, outstanding debts, deferments due to insolvency, current insolvency proceedings, participation in debt counselling. If we receive a too low scoring value in the course of the credit assessment, we can temporarily deactivate the user account. You have the right to explain your point of view to us and to challenge the decision. In this case, we will gladly carry out a manual review of the automated decision.As a rule, we do not report any payment defaults to Schufa. However, we reserve the right to do so if the legal requirements for a report are met. In this case, the customers will be reminded repeatedly in compliance with formal requirements and the possibility of transmission will be pointed out in the reminder.SCHUFA processes your data and also uses it for profiling purposes (scoring). Schufa is responsible for passing on your data to companies in the EEA and Switzerland and, if applicable, to third countries outside the EEA. Further information on the activities of SCHUFA can be obtained at www.schufa.de/datenschutz. Data processing and profiling is carried out by Schufa; Schufa is the body responsible for this processing within the meaning of data protection law. Therefore, Schufa is also responsible for the lawfulness of the processing.General information about the data used by Schufa can be found here: https://www.schufa.de/de/faq/privatpersonen/daten/. To find out exactly what data Schufa processes about you, please contact Schufa.7.9 Customer management, customer approach and customer support7.9.1 Customer managementWe use the CRM system of the provider Braze to manage customer data.Braze Privacy Policy Issues 330 West 34th Street, 18th Floor New York, NY 10001 USAWe have concluded an order processing contract with Braze. The service provider has provided us with appropriate safeguards for transfers to non-European jurisdictions.All data from the registration as well as billing data and the customer history are stored in the customer database. We use the customer administration to be able to organise customer care quickly and effectively and to be able to respond to enquiries.In principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c. GDPR.We process the data of our customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual services. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship.Furthermore, we use the contact data to inform users about relevant changes to our services. In the context of the use of our service, we process inventory data, communication data, contract data, location data and payment data of the users.Processing is carried out for the purpose of providing contractual services, billing, customer service, customer communication, accident investigation and claims settlement.The processing is based on Art. 6 para. 1 lit. b (data processing for the performance of contractual services) and Art. 6 para. 1 lit. c GDPR (fulfilment of legal obligations). Legally prescribed processing results, for example, in archiving or from the keeper obligations of the StVG.Insofar as we make use of service providers who process data in a third country, the conditions of Art 44. ff. GDPR are checked.7.9.2 Customer supportWe use the CRM system "Zendesk", from the provider Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA, in order to be able to process user enquiries more quickly and efficiently (legitimate interest pursuant to Art. 6 Para. 1 lit. f. GDPR).Zendesk has provided us with appropriate safeguards in accordance with Art. 44 et seq. GDPR and has undertaken to comply with European data protection law. Zendesk only uses the users' data for the technical processing of the requests and does not pass them on to third parties. In order to use Zendesk, at least a correct email address must be provided. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).If users do not consent to data collection via and storage in Zendesk's external system, we provide them with alternative means of contact to submit service requests by email, telephone or post.For more information, users should refer to Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.The customer approach for private customers is carried out via Customer Care using Zendesk and the customer database. We use the master data, contact data and the stored language to contact customers.For customer support, we also use the telephone service provider Aircall:Aircall SAS (GmbH & Co.KG (http://co.kg/))11 Rue Saint-Georges75009 ParisFranceFor customer support, we also use the SMS service provider Seven:Seven communications GmbH & Co. KGWillestr. 4-624103 KielDeutschlandRegistered in Local Court of Kiel, Register number: HRA 11707 KI7.10 Accounting, bookkeeping and payment trackingWe process the data of our customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual services and to invoice them.We process data that are required for the justification and fulfilment of the contractual services and point out the necessity of their provision, unless this is evident to the contractual partners.The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).As a rule, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims pursuant to Art. 6 Para. 1 lit. f. GDPR or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR. We expressly reserve the right to use the services of legal service providers (debt collection, lawyers, etc.) to assert claims and to transmit data of the contractual partners and customers to them to the extent necessary.The deletion of the data takes place when the data is no longer required for the fulfilment of contractual or legal duties of care and for dealing with any warranty and comparable obligations. Statutory retention obligations remain unaffected.In order to be able to process payments efficiently, securely and conveniently, we use other payment service providers in addition to banks and credit institutions.It is necessary to pass on data to the payment service providers so that they can carry out the transaction. The payment service providers receive the name and address, the stored payment method and, if applicable, bank data, a pseudonymous ID and the invoice data. MILES Mobility GmbH will be informed by the payment service providers of any payment made or missed.We use the following service providers:LogPay: LogPay Financial Services GmbH, Schwalbacher Str. 72, 65760 Eschborn, GermanyPrivacy policy: https://documents.logpay.de/de/datenschutzinformationen.pdf PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-fullStripe: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Privacy policy: https://stripe.com/de/privacyAn order processing agreement was concluded with Stripe. In addition, it was verified whether the requirements according to Art. 44-49 of the GDPR for the transfer of personal data are met.7.11 Outstanding receivables/collectionsMILES Mobility GmbH works together with collection service providers.PAIR Finance GmbH, Hardenbergstraße 32, 10623 BerlinThe involvement of a debt collection service provider is a legal service within the meaning of the Legal Services Act § 10 para. 1 sentence 1. It is the free decision of MILES Mobility GmbH to use the services of a lawyer or a debt collection agency in disputes regarding an - even if only alleged - outstanding debt. In these cases, MILES Mobility GmbH may and must pass on personal data of the debtor (in particular name and address, the reason for the claim, the amount and due date of the claim, etc.) to the collection agency.The following data will be passed on within the framework of the collection procedures.First name, last name (title, if recorded and e.g. name component) Name of the company (for commercial customers)Address (business) (for commercial customers) Address (private)Invoice address (if different and recorded) E-mail addressTelephone numberDate of birthCustomer numberContact history (as far as relevant)Bank detailsContract dataData on solvencyOnly with this data is it possible for the collection agency to approach the debtor and assert the claim. The user's/customer's consent for the transfer of data to a legal service provider is not required, as it is based on the legal facts of Art. 6 para. 1 sentence 1 lit. b) and lit. f) DS-GVO (data processing for the performance.7.12 Violations of the law, esp. against the StVGUnfortunately, user accounts are blocked time and again due to reports of unusual driving behaviour. MILES Mobility GmbH may become aware of this in various ways:Reporting by other road usersNotification via police / public order officeIn the event of a report by another road user (third person), the driving behaviour described is recorded together with the telephone number/email of the reporting person.No automated decision is made; rather, the support staff check the information for plausibility. For the protection of third parties and in order to comply with the owner's obligations under Article 21 of the German Road Traffic Act (StVO), MILES Mobility blocks the accounts of registered users as a precautionary measure if there is any suspicion of driving misconduct. This measure results not least from the special situation that MILES Mobility GmbH only checks the existence of a driving licence and fitness to drive by means of a query at the beginning of the contractual relationship and thus grants its users a high degree of trust.A review of reported allegations only takes place in the event of an objection by the person concerned or in the event of enquiries by government agencies. In addition to the data transmitted by the app during the journey, the data from a black box, which is installed in all vehicles, is evaluated.The black box determines the G-forces and activities of the driver. These are e.g. (acceleration and deceleration, steering movements, indicators, jolts). These data are not collected on a personal basis (but can be related to individuals); they are only evaluated by the staff in case of suspicion and linked to the last journeys.Data will only be passed on to legal counsel or government agencies if MILES Mobility GmbH is legally obliged to do so or if this is necessary to enforce legal claims against the user. The data is processed in the European legal area.7.13 Breaches of the GTC/RTC, fraud prevention and security checksMILES Mobility GmbH has a legitimate interest in protecting themselves against fraud attempts and breaches of our General Terms and Conditions and Rental Terms and Conditions. The processing of personal data in the context of fraud prevention is based on Art. 6.1.f. GDPR. We assume that these checks are generally also in the interest of the customers. The type of security checks do not represent a significant interference with the rights and freedoms of our users. Fraud prevention measures are necessary for the enforcement of rights and claims.Furthermore, MILES Mobility GmbH reserves the right, with reference to § 32 para. 1 no. 4 BDSG, to publicly present the security checks carried out in detail.In addition to the driving licence verification, further details from the registration are checked. This can be the e-mail address, telephone number and bank account details. Newly entered data is regularly compared with the existing data in order to prevent multiple registrations. In addition, data transmitted from the vehicle is randomly compared with data transmitted from the app using defined parameters in order to prevent account disclosure. In addition, the individual device key of personal devices is used to impede and prevent the sharing, sale, and multiple use of account data.If an irregularity is detected during the security checks, the account will initially be blocked. You have the possibility to object to this and explain your point of view to us.7.13.1 Processing of driving data to detect irregular driving behaviorDuring the use of our vehicles, data on vehicle usage is collected via a telematics box (see also section 7.12). We process this data on vehicle usage in order to identify risky or irregular driving behavior at an early stage, thereby protecting our vehicles and other road users preventively, ensuring compliance with our terms of use, and, if necessary, being able to reconstruct traffic violations or accident events.The data on vehicle usage is analyzed for potentially risky driving events such as speeding, harsh braking, or sharp cornering. The driving data collected includes, in particular: speed and the applicable speed limit, acceleration values, pedal and steering wheel positions, event duration, geolocation coordinates, and timestamps.In cases of irregular driving behavior, we assign this driving data to your customer account and notify you by e-mail of your duty to drive considerately in accordance with the terms of use. After manual review, further measures such as access restrictions or contractual penalties may be imposed, especially in cases of serious misconduct or repeated violations.The processing is based on our legitimate interests in protecting our vehicles and other road users, preventing accidents, and enforcing our terms of use and legal claims (Article 6(1)(f) GDPR). Insofar as the processing serves the enforcement of our contractual terms of use—particularly when irregular driving behavior is detected and measures are initiated—we additionally rely on the necessity of processing for the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR).The collection of driving data is carried out with the involvement of our processor, INVERS GmbH (Untere Industriestraße 20, 57250 Netphen), which also provides information on the applicable speed limit.No exclusively automated decision-making within the meaning of Article 22 GDPR takes place. The analysis of driving behavior is initially carried out automatically; however, measures with legal or similarly significant effects are only taken after a thorough manual review by our internal team.Driving data relating to irregular events is generally stored for three months and beyond that only as long as necessary for evidence preservation, legal enforcement, or compliance with legal obligations. Billing data related to contractual penalties is subject to statutory tax retention obligations of ten years.Objection: Where processing is based solely on legitimate interests, you have the right to object (see section 5.2).The driving data is automatically collected during use and is necessary for the performance of the contract. Without this data collection, vehicle use is not possible.7.13.2 Processing of sensor data to detect smoking violationsSmoking (including e-cigarettes and other liquid or tobacco vaporizers) is prohibited in our vehicles in accordance with the terms of use. To enforce this smoking ban, vehicles in our fleet are equipped with smoke sensors. We process sensor data to detect violations of the smoking ban, identify affected vehicles, enforce contractual penalties, ensure compliance with the smoking ban, and protect subsequent users.When a smoking event is detected—i.e., when certain thresholds are exceeded in combination with characteristic smoke patterns—the following sensor data is transmitted: particle measurement data (concentration over time, progression, duration, intensity, morphological features such as the number and distance of individual smoke impulses), contextual data (ambient air quality, timestamp, GPS location, vehicle speed), and allocation to the booking and customer number. Transmission occurs only in the event of a detected smoking incident, not continuously or without cause.The transmitted particle measurement data is technically validated against reference data. Upon confirmed detection of a violation, a contractual penalty of €100 is automatically imposed in accordance with our terms of use.The processing is carried out to enforce our contractual terms of use, in particular for identifying and penalizing violations of the agreed smoking ban. It is therefore necessary for the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR). Additionally, we rely on our legitimate interest in protecting our vehicles, ensuring high service quality, enforcing our terms of use, avoiding significant cleaning and downtime costs, and protecting the legitimate interests of subsequent users in smoke-free vehicles (Article 6(1)(f) GDPR).The collection of sensor data is carried out with the involvement of our processor, Robert Bosch GmbH (Robert-Bosch-Platz 1, 70839 Gerlingen), which also technically validates the particle measurement data against reference data and transmits the corresponding result to us.The determination of a violation and imposition of a contractual penalty constitutes automated decision-making within the meaning of Article 22(1) GDPR, which is necessary for the enforcement of the contractual terms of use due to the high number of rental transactions and the technically unambiguous nature of such violations (Article 22(2)(a) GDPR). You have the right to contest the decision, present your point of view, and request a manual review. Please contact our customer service at hello@miles-mobility.com or one of the contact points listed in this privacy policy. Further measures, such as temporary or permanent suspension from the service, are only taken after manual review.Sensor data relating to smoking incidents is generally stored for up to twelve months to review and enforce incidents, and beyond that only as long as necessary for evidence preservation, legal enforcement, or compliance with legal obligations. Billing data related to contractual penalties is subject to statutory tax retention obligations of ten years.Objection: Where processing is based solely on legitimate interests, you have the right to object (see section 5.2).The sensor data is automatically collected during use and is necessary for the performance of the contract. Without this data collection, vehicle use is not possible.7.14 Settlement of claimsIn the event of damage, it is unfortunately necessary to process further data.The purposes of the processing are theSupport for our customers in the event of damage (Art. 6.1.b GDPR) Reconstruction of the course of the accident (Art. 6.1.f GDPR possibly in conjunction with Art. 6.1.c GDPR as well as § 24 BDSG) Settlement/liquidation of damages (Art. 6.1.b and c GDPR) Pursuit of own legal claims. (Art. 6.1.f GDPR) For these purposes, we process your master data, usage data, data from the vehicles, statements and information from third parties (police, other parties involved in the accident, witnesses, other Miles users) and payment data.Under certain circumstances, we may also receive health-related data in this context. Examples of this are injuries or indications of alcohol and narcotic consumption. In this case, Art. 9 (2) lit. f GDPR is relevant.In the event of an incident for which you are responsible and for which we receive a claim for damages or another lawsuit from an injured or otherwise entitled third party (e.g. costs due to a private towing operation in the event of disturbance of the property owner), we transmit your stored contact data to the claimant and/or to our insurance broker (SHL Versicherungsmakler GmbH), so that the liability issues can be clarified directly in the relationship between you as the party responsible and the claimant or you can release us from the claim following the provisions of the GTC. The transfer is necessary to fulfil your contract with us (Art. 6.1.b GDPR) and to protect the legitimate interest in pursuing the legal claims that the claimant and we have against you (Art. 6.1.f GDPR).In the event of damage, we are legally obliged to cooperate in documenting the course of the accident. Furthermore, there are contractual obligations towards, among others, claims adjusters, the fulfilment of which constitutes a legitimate interest to process the data of those who caused the damage. As the defence of legal claims is decisive here, the right to object is subject to the restrictions of Art. 21 GDPR.7.15 Video Recording by Tesla Model 3 VehiclesTesla Model 3 vehicles have certain factory features which record video of the exterior area around the car.You can identify the relevant vehicles by the following pictogram, which is displayed on the outside of the cars and whose QR code may have led you to this privacy policy:We have put in place several measures to protect your personal data concerning the exterior video recordings made by the Vehicles. These measures strictly define the scenarios in which stored recordings from the vehicles are viewed and the extent to which they may be used to investigate specific offences.7.15.1 The data processing in detailTesla Model 3 vehicles have the following recording systems:Dashcam: While the vehicle is ready to drive, four camera systems continuously record the outside area around the car and temporarily store the footage locally. The stored recordings are generally automatically overwritten every 60 minutes. If a safety-relevant behaviour is registered by the vehicle (e.g. triggering of the airbags), local storage takes place, and the overwriting is suspended for this recording so that, for example, an accident can be reconstructed and reviewed. The stored records are specially protected and can only be viewed by our service team on-site at the vehicle; we cannot access them via the Internet. In the car, appropriate symbols indicate to the tenants that the dashcam function is active.Sentry mode: When the car is parked, the four cameras remain in "standby" mode. They record the outside area around the car to detect threats to the vehicle (sentry mode is also called "guard mode"), and these recordings are constantly being permanently overwritten. If the car recognises a potential threat (e.g. if the vehicle is touched), the last ten minutes of the video recording prior to the event and the subsequent 30 seconds is temporarily stored locally. The stored recordings are specially protected and can only be viewed by our service team on-site at the vehicle; we cannot access them via the Internet. Depending on the impact's severity on the vehicle, persons near the car will be alerted of the storage of a recording by the flickering of the headlights (“warning mode”), a message on the large screen in the vehicle that is visible from the outside and the activating of an alarm (“alarm mode”).Review and utilisation of the recordings: We only retrieve and view the locally stored recordings for evaluation if:there are liability issues due to involvement in an accident, there is suspicion of a criminal offence resulting from vandalism of the vehicle,there are hints that the car was driven in a grossly irregular and reckless manner, and thus, a criminal offence could have been committed. The evaluation of the recordings is then carried out following a strict internal guideline by specially authorised employees and only for the specific purposes of providing evidence exclusively to the necessary extent. In particular, it is ruled out that the recordings are utilised without cause or concerning bystanders.7.15.2 Legal basis and purposes of data processingVideo recordings of the vehicle's exterior are processed exclusively to clarify and prove involvement in accidents or criminal offences such as vandalism to the car or grossly irregular and reckless driving. The information on breaches of the law according to section 7.12 of this data protection declaration also applies with regard to the investigation of such incidents.The collection, storage, physical retrieval and, if applicable, utilisation for the purposes mentioned above is necessary and thus justified according to Art. 6.1.f GDPR for the protection of our property and the assertion, exercise or defence of legal claims. In pursuing our legal claims, we also support our customers (drivers of a Tesla Model 3) in reconstructing an accident and providing evidence if they were involved in an accident. In this case, the exploitation is carried out based on Art. 6.1.b and Art. 6.1.f DSGVO, as we also pursue legitimate third-party interests and fulfil our obligations under the respective rental agreement.In processing claims, further personal data may be processed in addition to the video recording. The processing of personal data is governed by the principles of claims settlement, which are explained in section 7.14 of this privacy policy.7.15.3 Nature and origin of the dataThe video recordings may involve the renter of the vehicle or passers-by as party to an accident or claim.7.15.4 Recipients of Video RecordingsWe will only disclose video recordings to other persons after viewing by specially authorised and trained employees if this is necessary to clarify or enforce claims or criminal offences. In this case, the disclosure only concerns the time period of the video recording relevant for clarification or enforcement. The disclosure is only made to third parties with a legitimate interest or claims for disclosure (claimants, insurance companies, lawyers, involved public bodies and courts). We deliberately do not disclose any video recording to Tesla Inc. or its affiliates.7.15.5 Storage periodDashcam: Recordings stored locally are overwritten every 60 minutes. Safety-relevant recordings (e.g. after airbag deployment) are stored locally and usually for a maximum of one week before being overwritten due to limited storage space. The local storage period is shorter if we view the recording beforehand as we have been informed by a third party (police report, bystander) that an incident has occured. Immediately after viewing, the record is manually deleted unless persistent storage is necessary to achieve the purposes described above.Sentry mode: Exclusively safety-relevant recordings (e.g. when the vehicle is touched) are stored locally and usually for a maximum of one week before being overwritten due to the limited storage space. The local storage period is shorter if we view the recording beforehand based on the aforementioned informed notice. Immediately after viewing, the record is manually deleted unless further storage of the record is necessary to achieve the purposes described above.7.15.6 Rights as a data subjectYou have the following rights under the GDPR in connection with the processing of your personal data: The right to information, deletion or blocking, as well as the right to object to the processing of your personal data. For more details on this and how to exercise these rights, see section 5 of this privacy policy.We want to point out at this point that we do not store any further personal data alongside the video recordings allowing us to identify you. Such an allocation would only take place in the context of concrete measures to clarify or enforce claims or criminal offences. Therefore, if you exercise your rights, we will generally not be able to identify you without further details, nor will we be able to determine whether you are part of a video recording.Automated decision-making does not take place. In the limited cases described, a member of our claims department always views and checks the video recordings and the necessity of further use.

8. Privacy policy for business customers, partners and service providers

8.1 Business customersFor business customers, essentially all the points described above apply to users of the app. However, company-related contact data and billing data may also be stored.For the administration and support of business customers, we use the service provider Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estonia, in addition to our general customer administration.We have concluded a contract with Pipedrive with so-called standard contractual clauses, in which Pipedrive undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. You can access Pipedrive's privacy policy here: https://www.pipedrive.com/en/privacy.We use the CRM system Pipedrive of the provider Pipedrive OÜ on the basis of our legitimate interests (efficient and fast processing of user enquiries, existing customer management, new customer business).8.2 General Administration, Accounting and Corporate DevelopmentWe process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The legal processing bases are Art. 6 para. 1 lit. c. GDPR, as well as for all processing not affected by a legal obligation our legitimate interest according to Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.In this context, we disclose or transmit data to the tax authorities, advisors such as tax consultants or auditors, as well as other fee offices and payment service providers.Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.8.3 Business analysesIn order to run our business economically, to be able to recognise market trends, wishes of the contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with information, e.g. on the services they have used. The analyses serve us to increase user-friendliness, to optimise our offer and to improve business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values.If these analyses or profiles are personal, they will be deleted or anonymised upon termination of the users, otherwise after two years from the conclusion of the contract. Otherwise, the macroeconomic analyses and general tendency determinations are created anonymously if possible.

9. Applicants and employees

We only process the applicant data for the purpose of and within the scope of the application procedure in accordance with the legal requirements. The processing of the applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure within the meaning of Art. 6 para. 1 lit. b. GDPR. Art. 6 para. 1 lit. f. GDPR is applicable insofar as the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).The application procedure requires that applicants provide us with the applicant data. The necessary applicant data are marked if we offer an online form, or otherwise result from the job descriptions and generally include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information.By submitting an application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severely disabled status). Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) a GDPR (e.g. health data, if this is necessary for the exercise of the profession).If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.Furthermore, applicants can send us their applications via e-mail. Please note, however, that e-mails are generally not encrypted and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or sending by post. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us the application by post.The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a vacancy is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.Subject to a justified revocation by the applicant, deletion takes place after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.9.1 Talent poolAs part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of two years on the basis of consent within the meaning of Art. 6 Para. 1 lit. a. and Art. 7 GDPR.The application documents in the talent pool will be processed solely within the framework of future job advertisements and the employee search and will be destroyed at the latest after the deadline. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future.9.2 Handling of applicant dataWe offer you the opportunity to apply to us (e.g. by e-mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential. 9.3 Scope and purpose of data collectionWhen you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given us consent - Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 Para. 1 lit. b GDPR for the purpose of implementing the employment relationship.9.4 Retention period of the dataIf we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.
Status: October 2025

Company

About usFleetJobsPress

Services

How it worksCar sharingCar rentalCar subscriptionFor businessParkingCities

Rates & savings

PricingMILES PassCredit & dealsFees

Cities & partners

PartnersPAYBACKPAYBACK logoCharitySustainabilityFor citiesAffiliate partners

Need help?

Help & contactFAQ
MILES App logo

Sign up for free

Download the app
MILES logo

© 2025 MILES Mobility GmbH