PRIVACY POLICY

For MILES Mobility GmbH, handling your data in accordance with data protection regulations is more than just a legal requirement. Regardless of whether you use our mobility services, obtain information about our services or our company, are in contact with us as a service provider or partner, or work for us or want to work for us as an employee or applicant - you can rely on us to handle your data correctly. For easy understanding and accessibility we have refrained from using both the feminine and masculine forms of language in the following. All personal terms apply equally to all genders.

In this privacy policy you can find out how, to what extent and for what purposes we process your data, whether we pass on your data to partners and service providers, when we delete your data and other points that may be important to you.

Who we are

Contact details of the responsible person

Managing Directors: Oliver Mackprang, Eyvindur Kristjansson MILES Mobility GmbH Leibnizstrasse 49 10629 Berlin Email: hello@miles-mobility.com Phone: +49 (0) 30 2016 4975 Website: miles-mobility.com

Contact details of the data protection officer Pridatect S.L. Av. de Josep Tarradellas 123, Planta 6 08029 Barcelona, Spain Email: data-protection@miles-mobility.com Website: www.pridatect.de

General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and/or the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

Data transfer and commissioning of processors

4. Data transfer and commissioning of processors

If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests. If we commission the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this only occurs if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of the data subjects

5. Rights of the data subjects

Revocation of consent

+

Right of objection

+

Right to complain to a supervisory authority

+

Right to information / right to rectification

+

Right to restriction of processing / right to erasure

+

Right to data portability

+

Right to information

+

Privacy policy for users of the website and visitors to our social media presence

6. Privacy policy for users of the website and visitors to our social media presences

Below we explain how we handle the data of the users of our website and our presences in social media.

Overview of our web presences

+

General information on data processing

+

The data processing operations in detail

+

Cookies and personalised tracking

+

Google Maps

+

Contact form, chat request by e-mail or telephone

+

Youtube

+

Zendesk

+

Privacy policy for users of the app and mobility services

7. privacy policy for users of the app and mobility services

Overview of the purposes, the type of data as well as the categories of recipients and the storage period.

Purposes of data processing

+

The following of your data will be processed

+

Nature and origin of the data

+

Automated decision

+

Storage period

+

Registration with verification

+

Use of the app

+

Credit assessment

+

Customer management, customer approach and customer support

+

Accounting, bookkeeping and payment tracking

+

Outstanding receivables/collections

+

Violations of the law, esp. against the StVG

+

Breaches of the GTC, fraud prevention and security checks

+

Settlement of claims

+

Privacy policy for business customers, partners and service providers

8. Privacy policy for business customers, partners and service providers

Data protection business customers

+

General Administration, Accounting and Corporate Development

+

Business analyses

+

Applicants and employees

9. Applicants and employees

We only process the applicant data for the purpose of and within the scope of the application procedure in accordance with the legal requirements. The processing of the applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure within the meaning of Art. 6 para. 1 lit. b. GDPR. Art. 6 para. 1 lit. f. GDPR is applicable insofar as the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies). The application procedure requires that applicants provide us with the applicant data. The necessary applicant data are marked if we offer an online form, or otherwise result from the job descriptions and generally include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information. By submitting an application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy. Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severely disabled status). Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) a GDPR (e.g. health data, if this is necessary for the exercise of the profession). If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Furthermore, applicants can send us their applications via e-mail. Please note, however, that e-mails are generally not encrypted and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or sending by post. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us the application by post. The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a vacancy is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified revocation by the applicant, deletion takes place after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Talent pool

+

Handling of applicant data

+

Scope and purpose of data collection

+

Retention period of the data

+

Status: 24 February 2021