Privacy policy

The following outlines the privacy policy of the High Mobility website. We take the protection of your personal data very seriously. In this Privacy Policy, we inform you how we collect, process and use personal data.
Hi there!
Welcome to High Mobility’s privacy policy! Here on the right, you'll find our plain-English Terms of Use. This part isn’t legally binding, so please use them only as an aid when reviewing the legal language.
1. Controller, Personal Data, Contact
1.1 The person responsible (Controller) for the collection, processing and use of your personal data in accordance with Art. 4, Section 7 Data Protection Ordinance ("GDPR") is:

High-Mobility GmbH
Managing Directors: Risto Vahtra, Kevin Valdek, Martin Lauer
Immanuelkirchstraße 8A, 10405 Berlin, Germany
Tel: 030 26565600

hereinafter referred to as "we" or "us".

1.2 Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4 (1) GDPR).

1.3 If you contact us by email or telephone we will collect and record your disclosed data (e.g. email-address, telephone number) to be able to answer your questions.
In short,
As a data controller, we have strong responsibilities according to the European Union GDPR in keeping your personal data secure.
2. Your Rights
2.1 At all times, you are entitled to claim your rights in relation to us as an affected person. Should the respective statutory requirements be met, these include the following rights:

- Right of access in accordance with Article 15 EU GDPR
- Right to rectification in accordance with Article 16 EU GDPR
- Right to erasure in accordance with Article 17 EU GDPR
- Right to restriction of processing in accordance with Article 18 EU GDPR
- Right to data portability in accordance with Article 20 EU GDPR

You can exercise these rights at any time by contacting us under the contact details listed under section 1.1

2.2 In addition you have the right to lodge a complaint with a responsible data protection authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Visitor entrance: Puttkamerstr. 16-18
Tel: +49 30 13889-0
In short,
GDPR gives you full rights to your personal data and you can get in touch with us at any time to understand how we use it or to direct us on what to do with it.
3. Data Collection, Processing and Use
3.1 If you visit our developer center without registering or providing further information we collect only the personal data transmitted by your browser.

This data is statistically evaluated by us and is only used in order to improve the attractiveness, content and functions of our website. In our server log files, we save information that your browser automatically sends to us for technical reasons. This includes:

- Browser type/version
- Operating system used
- Referrer URL (the most recently visited page)
- Host name of the accessing end device (IP address, anonymised)
- Date and time of the server access

In case of smartphones, tablets and other mobile end devices: manufacturer/model. No person-related saving of this data takes place. This data is also not combined with other data sources.

The legal basis for the processing of your IP address is Article 6 Paragraph 1 Letter f) EU GDPR. Our legitimate interest arises from the purposes of the processing listed below:

- Guaranteeing a seamless connection
- Guaranteeing comfortable use of our website
- Assessment of system security and stability

Your IP address is generally saved by us in anonymous form and no personal analysis takes place during this process. A full saving of the IP address only takes place in order to trace technical errors and hacking attempts, as well as to record consent, for example in the newsletter subscription.

3.2 To receive the services of our developer center you have to register and create a user account. In that case we will collect the following data:

- e-mail address
- first name
- last name
- billing and payment information

The visibility of your personal data is restricted, will be accessible only by us, or in case of a team account, by your team members. Your email address, first and last name are visibly by the people you send an invitation to, or from whom you accept an invitation. In case you accept somebody’s invitation, the inviter will be able to access your personal data to the same limited extent. You are free to decline any invitation, and if you do so, the inviter will not get access to your personal data.We use the submitted information for functional and improvement reasons, and we do not sell any of the submitted information.

The legal basis for the processing of your IP address is Article 6 Paragraph 1 Letter b) EU GDPR. Once your account is deleted the personal data is deleted from our servers within 24 hours.
In short,
We keep the amount of data that we store about you to the very minimum. Apart from the information that you enter, we gather technical information about your connection in an anonymous form. In exceptional cases we store the full IP address to track down bugs.
4. Billing
We use third party payment services to provide you the possibility to receive fee-based services. Such payment services are rendered by Stripe Payments Europe, Limited, C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1, Republic of Ireland (hereinafter Stripe Payments).

Stripe Payments uses your billing and payment information on our behalf to fulfil the agreement between you and us. We entered into a processing agreement with Stripe Payments in accordance with Article 28 EU GDPR.

Your billing and payment information may be transferred to Stripe Payments’ affiliated company Stripe, Inc. within the USA. We entered in to a processing agreement with the provider in accordance with Article 28 EU GDPR. Stripe, Inc. guarantees to provide adequate level of protection for personal data based on Standard Contractual Clauses.
In short,
We use a global leader, Stripe, for processing payments when you purchase car data with a credit card.
5. Hosting
Our website is hosted by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS). The hosting services include infrastructure and platform services, computing capacity, storage capacity, database services, security services as well as technical maintenance which are necessary to provide our developer center and services. In this context the host provider processes the data mentioned in this Privacy Policy on our behalf.

We entered in to a processing agreement with the host provider in accordance with Article 28 EU GDPR. The data will not be transferred outside the European Union.
In short,
Our platform is hosted by well known cloud provider Amazon Web Services.
6. Error Reporting
We use third party services for error reporting. This service is rendered by Rollbar, Inc., 221 Main St Suite 780 San Francisco, CA 94105, USA (Rollbar). Rollbar uses cookies to gather information about errors occurred during the use of our developer center. Rollbar will use such information on our behalf to identify errors which occur during the use of the developer center and the reasons for such errors.

We only use Rollbar with activated anonymization of the IP address. That means that the IP address of the user will be masked or omitted to be used. Such information may be transferred to the USA. We entered in to a processing agreement with the provider in accordance with Article 28 EU GDPR.

Rollbar guarantees to provide adequate level of protection for personal data based on Standard Contractual Clauses.

The legal basis for the engagement of the service provider is Article 6 Paragraph 1 Letter f) EU GDPR. Our interest in accordance with Article 6 Paragraph 1 Letter f) EU GDPR to commercially optimize our service is considered to be legitimate in the sense of the regulation referred to above.
In short,
We use a service called Rollbar for error reporting. This way we automatically get notified when something goes wrong and can solve it as quickly as possible.
7. Language Settings
Functions of the translation service Weglot SAS, 138, rue Pierre Joigneaux in Bois-Colombes, 92270 France are integrated on this website. Weglot is loaded when you visit our website so that you can change the language in the header of the website. This allows a direct connection between your browser and the Weglot server when you visit this website. Weglot thereby receives the information that you have visited our website with your IP address.

The legal basis for the engagement of the service provider is Article 6 Paragraph 1 Letter f) EU GDPR. Our interest in accordance with Article 6 Paragraph 1 Letter f) EU GDPR to commercially optimize our service is considered to be legitimate in the sense of the regulation referred to above.
In short,
We use an external service called Weglot to provide you the website experience in your preferred language.
8. Car Makers
Under certain programs, car makers may engage us to provide them with certain processing services related to information controlled by the car makers. We are not responsible for any car makers’ use of information for which it is the controller. To learn more about how a car maker may use such information, you should review its privacy policy.

As far as we provide car data to you or third parties the separate Car Data Privacy Policy applies.
In short,
By using some functionality we might ask you to share additional data with car manufacturers that we work with. But don’t worry, we will always explicitly ask your permission before doing so.
9. Disclosure to Third Parties
We do not disclose your data to third parties for commercial purposes (sale, rental). Should your data be processed by service providers who support us with customer service the scope of the transferred data is limited to the necessary minimum. The data transfer takes place in encrypted form. Within the framework of processing by a processor, our partners were carefully selected by us and are obliged, in accordance with the statutory provisions of Article 28 EU GDPR, to handle your data in a trustworthy manner and to comply with our own data protection standards. In particular, our partners are not permitted to transfer the data of our customers to third parties for direct marketing purposes or to use the data themselves for commercial purposes.
In short,
We do not share or sell your data to any third party — nor will we ever!
10. Our Newsletter
With our newsletters we inform you about us and our products.

If you want to receive the newsletter, we need a valid email address from you. The registration for the newsletter takes place in the so-called double-opt-in procedure, which means that when you sign up for the newsletter, you will initially receive a non-promotional confirmation e-mail, which you must confirm by clicking on the link contained in the e-mail. Only then we start to send you newsletters from time to time. You can revoke your consent to the sending of the newsletter at any time. The revocation can take place via a link in the newsletter itself, in your profile area (if you have created a user account) or by notification to the contact options listed under point 1.

The legal basis for our newsletter is Article 6 Paragraph 1 Letter a) EU GDPR.

If you register for our newsletter the service of sending out the newsletters will be fulfilled by the company Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France. We entered in to a processing agreement with the provider in accordance with Article 28 EU GDPR.
In short,
We send monthly newsletters to all our registered users, including to you.
11. Cookies
For signed in users of the website we use Cookies in order to provide you with a comfortable and functioning experience. Cookies are small files which contain information to identify recurring users only while visiting our website. Cookies will be stored on your device and will not cause any damage. Cookies help to identify popular sections of our website. By using Cookies we are able to provide the contents of our website adjusted to your needs.In addition, we use non-permanent Cookies (so called "Session Cookies") in order to identify your Browser when using the website. Such Session Cookies contain a pseudonymized ID which will be read by the website server. During the session, the Session Cookies (including the pseudonymized ID) are stored on the website server. After the session, the Session Cookies will be erased automatically.

You can deactivate the use of all Cookies at any time by setting your browser to not accept Cookies. You can delete Cookies stored on your device at any time. The exact instructions for how to do this can be found in the manual for your browser or device. If you deactivate the use of Cookies it might cause a functional limitation of the website or the services.

The legal basis for the use of Cookies is Art. 6, Paragraph. 1 lit. f) GDPR. Our interest in tailoring our services to your requirements as best as possible and optimizing our services in commercial and technical terms is considered to be a legitimate in compliance with Art. 6, Paragraph. 1 lit. f) GDPR. Your IP address is only recorded in shortened form.
In short,
Like all web applications, also our platform uses cookies to function properly. We never attempt to read cookies from other sites that you have visited.