For the use of our ioki Route App (hereinafter: „App “), a contract is concluded for the provision of the ioki Route License. The app is released to qualified users via ioki Route Control (Control Centre).
This privacy statement provides you with information about the data we collect from you, the way we use it and how you can object to the use of your data.
The provider of this App and the party responsible for data collecting and processing is:
ioki GmbH
An der Welle 3
60322 Frankfurt am Main
You can contact the data protection officer of Deutsche Bahn AG, Dr Marein Müller, at privacy@ioki.com. The privacy representatives at the DB Group company ioki GmbH are Mr Stephan Klöckner, stephan.kloeckner@ioki.com and Ms Majura Ganeshamoorthy, majura.ganeshamoorthy@ioki.com.
However, if you have any questions, suggestions, or complaints regarding data protection on ioki GmbH’s Route App, we recommend that you first contact our DB Group data protection officer, Dr Marein Müller (privacy@ioki.com). We recommend that you also provide us with your last name and first name in addition to your e-mail address so that we can process your request quickly.
This privacy statement describes how your personal data is collected, recorded, used, disclosed, transmitted, and stored („processed “). We only collect and process your data for specific purposes. These may result from technical necessity or contractual requirements.
No personal data is processed during the specific use of the app.
This statement relates to the following App:
This privacy statement is subject to continuous updates due to the evolution of our services or based on legal or official requirements.
We use the Google Play Store to give customers access to the app on Android devices. When the app is downloaded, the necessary information is transmitted to the App Store, i.e. in particular the username, e-mail address and customer number of your account, time of download and individual device identification number. We have no influence on this data collection and are not responsible for it.
The privacy policy of Google’s Play Store can be found at: https://policies.google.com/privacy
If you use the app on your smartphone, your device establishes a connection with our servers. In this case, the operating system and the currently used version of our app are transmitted to us and processed. The transmission and processing are carried out for the purpose of improving the app and troubleshooting. The legal basis for this is Art. 6 (1) sentence 1 (f) GDPR.
We collect and analyze anonymized data on user behavior in order to improve our app. This includes, for example, which pages have been opened, which buttons have been clicked, or how long a user has spent on a particular page. The data collected does not allow any conclusions to be drawn about a natural person and does not constitute personal data. They are therefore not covered by the GDPR.
To be able to use the app, it must first be linked to an ioki Route Control product. For this purpose, an ioki Route Control Account is required. If a device is linked to an ioki Route Control product, the app can be used without a login and user account. When using the app, the following information is collected:
To function optimally, the app needs permission to use the location services of the end device.
You have the option of granting permission to use the location services when you use the app for the first time. If you do not grant permission, the app will not be usable. You can revoke the permission granted at any time in the settings of your device.
Companies that process data (see 3: Tools for the address and privacy policies of the companies below): - MapTiler - IP address - Sentry – Device information, IP address - Mapbox – IP address
We collect and analyze anonymized data on usage behavior in order to improve our app. This includes, for example, which pages have been opened, which buttons have been clicked, or how long a user has spent on a particular page. The data collected does not allow any conclusions to be drawn about a natural person and does not constitute personal data. They are therefore not covered by the GDPR.
The App uses MapTiler, a service by MapTiler AG, Höfnerstrasse 98, Unterägeri, Zug 6314, Switzerland ("MapTiler").
For more information, please refer to MapTiler’s Privacy Policy: https://www.maptiler.com/privacy-policy/
We use MapTiler to display the map while navigating. Only necessary data is sent to the MapTiler servers. This includes the IP address and the position of the visible map section. This data is not stored by MapTiler.
The App uses Sentry, a registered trademark of Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105.
For more information, please refer to Sentry’s Privacy Policy: https://sentry.io/privacy/
With the help of this tool, information is transmitted to us anonymously in the event of an app error to be able to trace the cause of the respective error and to be able to fix it more quickly. Existing errors are analysed and identified, and the quality of the app is ensured. The transmission includes device information and the IP address.
The App uses Mapbox, a service by Mapbox, 50 Beale St floor 9, San Francisco, CA 94105, USA.
For more information, please refer to Mapbox’s Privacy Policy: https://www.mapbox.com/legal/privacy
With the help of this application, we make it possible to navigate through our app. The data transmitted is purely technical and has no personal context.
In some cases, we use external service providers (see 3: Tools) to process your data (e.g. Troubleshooting). For this purpose, it is necessary for us to transmit your personal data to our external service providers for a specific purpose (limited to the respective purpose). No personal data will be transmitted. Our service providers have been carefully selected by us and commissioned in writing. Insofar as you work for us as a processor, you are bound by our instructions, and we have informed ourselves about their technical and organisational measures for the security of processing personal data. Furthermore, we require our service providers to comply with the applicable data protection regulations. We mainly work with service providers from the EU. For this purpose, we have concluded data processing agreements with our external service providers within the EU or the European Economic Area in accordance with Article 28 (3) GDPR, insofar as this is necessary due to the purpose of the contract.
If necessary for our purposes, we may also transmit your data to recipients outside of the EU in individual cases. If we transfer data to third countries, we ensure that the recipients have implemented an adequate level of data protection within the meaning of Art. 45 GDPR or suitable safeguards within the meaning of Art. 46 (2) and (3) GDPR and that no other legitimate interests speak against the data transfer.
We do not store your personal data.
We protect your data from unauthorized access, loss, or destruction by means of technical and organizational measures. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection-related laws and to handle personal data confidentially. Our employees are trained accordingly.
We do not use your personal data for automated individual decisions or for profiling measures.
In the case of the processing of personal data for the performance of tasks in the public interest (Art. 6 (1) sentence (1) e) GDPR) or for the protection of legitimate interests (Art. 6 (1) sentence (1) f) GDPR), you can object to the procession of your personal data at any time with effect for the future. In the event of an objection, we must refrain from any further processing of your data for the aforementioned purposes, unless
Within the framework of the legal requirements, you have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time free of charge. Furthermore, you have the right to rectification, deletion, and restriction of your personal data, insofar as this is legally permissible and is possible within the framework of an existing contractual relationship.
The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data held by us, we usually need time to verify this. For the duration of the audit, you have the right to request the restriction of the processing of your personal data (Art. 16 GDPR).
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion (Art. 17 GDPR).
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion (Art. 18 GDPR).
If you have lodged an objection, a balance must be struck between your interests and ours. If it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data (Art. 21 (1) GDPR).
If you have restricted the processing of your personal data, this data may only be processed – apart from their storage – with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.
Whether and to what extent these rights exist in individual cases and what conditions apply to them results from the GDPR. The GDPR also grants you a right to data portability under certain circumstances (Art. 20 GDPR). If you have given your consent under data protection law, you can revoke it at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection supervisory authority.
The supervisory authority responsible for ioki GmbH is:
Hessischer Datenschutzbeauftragter
Gustav-Stresemann-Ring 1
65189 Wiesbaden
To exercise your rights, simply send a letter or e-mail to the following address:
ioki GmbH
An der Welle 3
60322 Frankfurt am Main
Germany
We update our privacy statement in line with changes to functions or the legal situation. We therefore recommend that you review our privacy statement at regular intervals. In cases where your consent is required or where parts of our privacy notice include provisions of our contract with you, any such changes will take place only if you give consent.
March 2024