as of April 2025

1. Introduction

drivo places the highest value on the protection of your personal data. drivo collects, processes and uses your personal data exclusively in compliance with the applicable data protection laws, in particular the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). Therefore, we inform you in detail about the processing of your personal data and your rights.

2. Contact details

drivo GmbH

Konsul-Smidt-Strasse 24

28217 Bremen

3. Data protection officer

You can contact our data protection officer with questions or objections:

Ms Bärbel Rolfes

E-Mail: baerbel.rolfes@hec.de

4. Purpose of processing

• Technical provision of drivo and related functions

• Carrying out the test of drivo

• Processing and, if necessary, responding to test feedback

• Processing service and support requests

The processing for the aforementioned purposes is permitted pursuant to Art. 6 para. 1 b) DSGVO, as the processing is necessary for you to be able to use drivo. This constitutes the fulfillment of our obligations under the free-of-charge usage agreement via drivo. In addition, the processing of usage data that is required for the use of drivo is permissible pursuant to Section 15 (1) of the German Telemedia Act (TMG).

Other purposes of the processing of personal data are:

Analysis and processing (including anonymization if necessary) of the collected data.

Product improvement of drivo in terms of functions and performance features

Prevention of malfunction and misuse.

The processing for the aforementioned purposes is permitted under Art. 6 (1) f) DSGVO, as the processing is necessary to protect our legitimate interests. It is our legitimate interest to analyze the test data and use it for product improvement as well as to prevent malfunctions and misuse where possible. The rights and freedoms of the data subjects are safeguarded by our pseudonymization concept. Since all test users use drivo voluntarily and can get to know the app for possible further use at a later date, the processing is also carried out in the interest of the test users.

We do not see any overriding conflicting interests of the test users.

Should you consent to the processing of personal data in individual cases, irrespective of the specific purpose, by means of a clearly confirming action, Art. 6 (1) a) DSGVO is the legal basis for this. You can revoke all consent given at any time with effect for the future.

If we want to process your personal data for a purpose not mentioned above, we will inform you of this beforehand within the framework of the legal provisions.

We collect personal data directly from test users in the course of using drivo.

We process the following personal data about you:

• E-mail address

• First and last name

• Password

5. General information about the processing when downloading the app:

When you download the app, certain required information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store). In particular, the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number may be processed. However, this data is processed exclusively by the respective app store and is beyond our control.

You can find more information at https://policies.google.com/privacy?hl=de&gl=de (Google Play Store) or https://www.apple.com/de/privacy/ (Apple App Store).

6. Information about the processing in the context of the use of our app:

Registration: When you register, we process your email address to authenticate you as a user and your name to display it in the app.

Login: When you log in, we process your email address and password to log you in to the app.

7. Location, Bluetooth, Activity Permissions & data sources

In order to record your trips accurately, we kindly ask you to give the following permissions in the registrations process:

• Bluetooth: In order to connect to a provided drivoTag Bluetooth Beacon we ask you to allow our app to use the bluetooth services of your smartphone to discover and to connect/disconnect to the beacon when your trips start and end.

• Location data: In order to collect positions, distances, routes and scores in the background, we need access to your location data at all times, even when the app is closed. Therefore we ask you to grant our app the „allow always“ permission.

• Activity & Health data: When our app is used without a drivoTag, we ask you to grant us access to your Health and Activity data. By doing so, we are able to detect your current activity, such as driving, to record your trips accurately. 

Additionally, we collect the following data in the background to record your trips accurately:

• System time

• Accelerometer

• Gyroscope

The position data is used, among other things, to determine the route driven. Accelerations are recorded and evaluated to assess your driving style and to track your activity, such as walking and driving in order to start and end the trip recording when no drivoTag is used. The information collected about your driving behavior can only be viewed by you, the operator and the respective partner. We will only pass on personal data relating exclusively to the tracking and scoring of your completed journeys to authorized and named partner companies, but never to unauthorized third parties.

The listed permissions are necessary to provide the features of the drivo app. Please make sure to grant the permissions in order to get the best experience using our app.

8. Recipients of personal data

1. Amazon AWS, Eschborner Landstraße 100, 60489 Frankfurt am Main, Germany

Processing type: Hosting of the platform

Separate information on data protection: https://aws.amazon.com/de/compliance/germany-data-protection/

2. HERE Global B.V. Kennedyplein 222-226 5611 ZT Eindhoven

Processing type: Enrichment of location data with map material

Separate information on data protection: https://legal.here.com/de-de/privacy/policy

3.Smartcar, 1444 Broadway, 10th Floor, New York, NY 10018, USA

Processing type: Vehicle data API provider for querying vehicle data

Separate information on data protection: https://smartcar.com/de/data-security

9. duration of the data storage

We delete your personal data as soon as it is no longer required for the above-mentioned purposes and there are no statutory retention obligations or an exceptional legitimate interest in continued storage.

10. Automated decision making

Automated decision-making including profiling in the sense of Art. 22 DSGVO does not take place.

11. Your rights

You have the following rights:

Right of access (Art. 15 GDPR)

Right to rectification of data (Art. 16 DSGVO)

Right to erasure or restriction of data (Art. 17 and 18 DSGVO)

Right to data portability (Art. 20 DSGVO)

Right to object to processing (Art. 21 GDPR)

In addition, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR.