Information about the processing of your data

Pursuant to Art. 12 of the General Data Protection Regulation (hereinafter referred to as GDPR), we are obliged to inform you about the processing of your data when using our website. We take the protection of your personal data very seriously and this data protection declaration informs you about the details of the processing of your data as well as about your legal rights in this regard. We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or corresponding jurisdiction. We recommend that you read the data protection declaration from time to time and include a print out or copy with your documents.

Definitions

  • “Website” or “Internet presence” in all the following means of the responsible person on http://www.gapless-app.com/ and http://www.gapless.app.
  • “Personal data” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data is therefore, for example, the name, email address and telephone number of a person, but may also include data on preferences, hobbies and memberships.
  • Processing means operations or series of operations relating to personal data carried out with or without the aid of automated processes, such as collection, recording, organisation, filing, recording, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, integration, limitation, erasure or destruction.
  • Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the involvement of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
  • Consent is subsequently given in the form of any voluntary, specific, informed and unambiguous expression of will, in the form of a statement or other unambiguous affirmative act, by which the data subject indicates his or her consent to the processing of personal data concerning him or her.
  • Google also refers to Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Scope of application

The privacy policy applies to all pages of http://www.gapless-app.com/. It does not extend to any linked websites or Internet presences of other providers.

Responsible provider

We are responsible for the processing of personal data within the scope of this privacy policy:

New Horizon GmbH
Neue Schönhauser Str. 2
10178 Berlin

contact@gapless-app.com

Questions on data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

Spirit Legal LLP Attorneys at Law
Attorney at Law and Data Protection Officer
Peter Hense

Postal address:

Data Protection Officer
New Horizon GmbH
Neue Schönhauser Str. 2
10178 Berlin

Contact us via email:

datenschutzbeauftragter@gapless-app.com 

Safety and security

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external disturbances. To this end, we regularly review our security measures and adapt them to the state of the art.

Your rights

You have the following rights with regard to the personal data concerning you which you may assert against us:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR)
  • Right to limitation of processing (Art. 18 GDPR)
  • Right to object to the processing (Art. 21 GDPR)
  • Right to revoke your consent (Art. 7 para. 3 GDPR)
  • Right to receive the data in a structured, common, machine-readable format (“data transferability”) and right to forward the data to another responsible party if the conditions of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).

You can assert your rights by notifying the contact details listed in the “Responsible provider” section or by contacting the data protection officer appointed by us. You also have the right to complain to a data protection supervisory authority about the processing of your personal data carried out by us (Art. 77 GDPR).   

Use of the website, access data

In principle, you can use our website for purely informational purposes without disclosing your identity. When calling up the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. This is the following data:
– Browser type/ browser version
– used operating system
– Language and version of the browser software
– Host name of the accessing mobile device
– IP address
– Website from which the request originates
– Contents of the request (concrete page)
– Date and time of the server request
– Access status/HTTP status code
– Referrer URL (the previously visited page)
– Transferred amount of data
– Time zone difference to Greenwich Mean Time (GMT)

The temporary processing of the IP address by the system is necessary in order to technically enable delivery of the website to your computer. A processing of your IP address for the duration of the session is necessary. The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f) GDPR. The access data will not be used to identify individual users and will not be merged with other data sources. The access data are deleted when they are no longer required for the purpose of their processing. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. IP addresses are stored in log files to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context either. The data is generally deleted after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is deleted or altered in such a way that it is no longer possible to assign the calling client. The collection of the data for the provision of the website and the processing of the data in log files is mandatory for the operation of the website. You have the right to object to the processing. Your right of objection exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 GDPR). In the event of your justified objection, we will examine the facts and either discontinue or adapt the data processing or point out to you our compelling defensible reasons on the basis of which we will continue the processing.

Cookies

In addition to the aforementioned access data, so-called cookies are stored in the Internet browser of the end device you are using when you use the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies are not part of the PC system and cannot execute any programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or for other purposes (e.g. analysis/evaluation of website use).

  1. a) Technically necessary cookies

Some elements of our website require that the calling browser can be identified even after a page change. The following data is processed in the cookies:

– Language settings

– Log-in information.

The user data collected by technically necessary cookies are not processed for the creation of user profiles. We also use so-called “session cookies”, which store a session ID with which various requests from your browser can be allocated to the joint session. Session cookies are necessary for the use of the website. In particular, they enable us to recognise the terminal used when you return to the website. We use this cookie to recognize you on subsequent visits to the website if you have an account with us; otherwise you would have to log in again each time you visit. The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f) GDPR. We use session cookies to make the use of the website more attractive and effective. The session cookies are deleted as soon as you log out or close your browser. Your right to object exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 GDPR). In the event of your justified objection, we will examine the facts and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.  You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.

  1. b) Cookies that are not technically necessary

We also use cookies on the website, which enable us to analyse the surfing behaviour of users. For example, the following data is stored and processed in the cookies:

– Frequency of page views

– Use of website functions.

These cookies are used to make the use of the website more efficient and attractive. The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f) GDPR. Cookies that are not technically necessary are automatically deleted after a specified period of time, which may differ depending on the cookie. You can object to the processing of your data by cookies. Your right to object exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 GDPR). If you do not wish to use cookies, you have the option of changing your browser settings to block cookies generally or selectively or to remove cookies that have already been saved. You can also have the corresponding information displayed before setting a cookie. If you change the browser settings for the use of cookies or deactivate cookies, the functionality of this website may be restricted. Insofar as we integrate third-party cookies into our website, we will point this out to you separately below.

Contact

If you contact our company, e.g. by email, the personal data you provide will be processed by us in order to answer your enquiry. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f) GDPR or Art. 6 Para. 1 S. 1 lit. b) GDPR if the purpose of the contact is to conclude a contract. In the case of contact by email, the processing of the contact also constitutes the necessary legitimate interest in the processing of the data.  

In this context, the data will not be passed on to third parties. The data are processed exclusively for the processing of the conversation. We delete the data arising in this connection after the processing is no longer necessary or restrict the processing to compliance with the existing legally mandatory storage obligations. You have the possibility at any time to object to the processing of your personal data for contact enquiries. Your right of objection exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 GDPR). A right of objection is given in particular if the processing is not necessary for the fulfilment of a contract with you, which is described by us in the previous description of the functions. In such a case, the processing of the request may not be continued. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing.

Processing and disclosure of personal data for contractual purposes

We process your personal data if and to the extent necessary for the initiation, justification, execution and/or termination of a legal transaction with our company. The legal basis for this arises from Art. 6 Para. 1 S. 1 lit. b) GDPR.  

After the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or deleted unless we are entitled to further storage and processing as required in the respective context on the basis of a consent given by you (e.g. consent to the processing of the email address for sending electronic advertising mail), a contractual agreement, a legal authorization (e.g. authorization to send direct mail) or on the basis of legitimate interests (e.g. storage for the enforcement of claims).  

Your personal data will be passed on insofar as it is necessary for the establishment, execution or termination of legal transactions with our company (e.g. in the case of passing on data to a payment service provider / a mail order company for the purpose of processing a contract with your person), (Art. 6 Para. 1 S. 1 lit. b) GDPR), or

– a subcontractor or vicarious agent, whom we use exclusively in the context of providing the offers or services requested by you, requires this data (such auxiliary persons are only entitled to process the data to the extent necessary for the provision of the offer or service, unless you are expressly informed otherwise), or
– there is an enforceable administrative order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– there is an enforceable court order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– we are legally obliged to do so (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– the processing is necessary to protect the vital interests of the data subject or another natural person (Art. 6 para. 1 sentence 1 lit. d) GDPR), or
– it is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e), or
– we are authorised or even obliged to pursue overriding legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Any further transfer of your personal data to other persons, companies or bodies will not take place unless you have given your effective consent to such a transfer. The legal basis for the processing is then Art. 6 Para. 1 S. 1 lit. a) GDPR.

Application procedure

We process the data necessary for the online application process (name, email address and location) as well as data you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.

Legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG in the version valid from 25.05.2018. Accordingly, the processing of the data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be necessary for legal prosecution after completion of the application procedure, it may be processed on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO. Our interest then lies in the assertion or defence of claims.

Candidate data will be deleted after 6 months in the event of rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after two years. If you have been awarded a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing is carried out in a permissible manner.

Your applicant data will be viewed by the personnel department after receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The rest of the process is then coordinated. In the company only those persons have access to your data who need it for the proper course of our application procedure.

You have the possibility to object to the processing of your data at any time. Your right to object exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 DSGVO).

A right of objection exists in particular if the processing is not necessary for the fulfilment of a contract with you, which is described by us in the previous description of the functions. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing.

Vehicle transfer function

If you transfer a digital asset of a sold car to another profile as part of the export function in our app, any personal data contained therein will be transferred to the authorized user (buyer) of the app and processed by this user. Processing by other parties does not take place. The purpose of the processing is to make all relevant car content as easily accessible as possible for the buyer, to fulfil the contractual obligations according to our terms of use and to save the buyer the effort of creating a new asset. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b) DSGVO. Data processing is necessary for the fulfilment of contractual obligations. In accordance with our terms of use, users are obliged to grant the purchaser of a car rights of use to the digital assets, including any personal data contained therein. In the event that the data is not made available, the granting of rights of use and thus the execution of the contract is not possible. Insofar as the processing goes beyond the contractual purpose in accordance with the terms of use, the legal basis is Art. 6 Para. 1 S. 1 lit. f) DSGVO. The legitimate interest on our part is to offer our users a platform that is as attractive as possible with the highest possible range of services. Processing ends as soon as the user relationship has ended and there are no other legal storage obligations. If the data processing is based on Art. 6 Para. 1 S. 1 lit. f) DSGVO, you may object to the processing at any time. Your right to object exists for reasons arising from your particular situation. In the event of an objection, we will cease processing unless we can prove compelling reasons worthy of protection which outweigh your interests, freedoms and rights or the processing is necessary for asserting or exercising or defending against legal claims.

Email marketing

Newsletter

You have the opportunity to subscribe to our email newsletter in the app, with which we will regularly inform you about the following contents:

  • Technical information and product updates.
  • Information about new functions of the App,
  • New offers from our portfolio of services.
  • New deals and offerings regarding our products and services.
  • Customer service.
  • Inquiries regarding customer feedback.
  • Invitations to participate in beta user groups.
  • Invitations to company events.

In order to receive the newsletter, the following personal data must be provided. Recipient (name or pseudonym), valid email address. Registration for our email newsletter is done using the double opt-in procedure. After you have entered the data marked as mandatory, we will send you an email to the email address you have specified, in which we will ask you to expressly confirm your subscription to the newsletter (by clicking on a confirm link). In this way, we ensure that you actually wish to receive our email newsletter. If the confirmation is not received within 24 hours, we block the information sent to us and delete it automatically after one month at the latest.

Once you have subscribed to the Beta User Group newsletter, you will regularly receive newsletters with new information about upcoming products, functions and services. In these newsletters, you will be asked to provide evaluations and feedback for alternative app designs, and to take surveys about future features of our app.

Furthermore, the following data will be processed at the time of the subscription:

  • IP address,
  • Date/time of subscription to the newsletter,
  • Time of your confirmation of the confirm link.

We process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent the misuse of your personal data. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f) DSGVO. We process this data for a period of two years after termination of the contract. If the newsletter registration takes place outside of a contract conclusion, we process these data up to the expiration of two years after termination of the use process. We delete this data when the newsletter subscription ends.

After your confirmation, we process the email address and name of the recipient concerned for the purpose of sending you our email newsletter. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. a) DSGVO. We delete this data when you cancel your newsletter subscription. You can revoke your consent to the processing of your email address to receive the newsletter at any time, either by sending us a message (see the contact details in the “Responsible provider/representative of the provider in the European Union” section) or by directly clicking on the unsubscribe link contained in the newsletter. This does not affect the legality of the processing of your data, which was carried out on the basis of your consent up to your revocation. In the event of a revocation of your consent, we will process your data, in particular your email address, to ensure that you do not receive any further newsletters from us. For this purpose, we put your email address on a so-called blacklist, which we can use to carry out a comparison to ensure that you do not receive any further newsletters from us. The legal basis for the processing is Art. 6 Para. 1 S.1 lit. c) DSGVO in order to comply with our obligation to retain data, otherwise Art. 6 Para. 1 S.1 lit. f) DSGVO. Our legitimate interests are to comply with our legal obligation not to send you any further newsletters after exercising your right of revocation.

SendGrid

We use the email marketing service SendGrid (SendGrid Inc., 1801 California Street, Suite 500, Denver, CO 80202) to send you emails and messages within our app for various administrative and Marketing purposes, such as resetting your password. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b) DSGVO, insofar as the processing is necessary for the purpose of fulfilling the contract. Otherwise, processing will be based on Art. 6 para. 1 sentence 1 lit. f) DSGVO. Our legitimate interests are to make the use of our app as simple and attractive as possible for you and to inform you about technical changes to our app. Your data will be deleted as soon as it is no longer required for data processing for the purposes described here, or processing will be discontinued if there are legal storage obligations. SendGrid also processes data outside the European Union. However, SendGrid has submitted to the EU-US Privacy Shield and is thus committed to compliance with the European Data Protection Standards (https://www.privacyshield.gov/participant?id=a2zt0000000TRktAAG&status=Active). You can find further provisions on data protection at SendGrid at: https://sendgrid.com/policies/privacy/services-privacy-policy/If the data processing is based on Art. 6 Para. 1 S. 1 lit. f) DSGVO, you may object to the processing at any time. Your right to object exists for reasons arising from your particular situation. In the event of an objection, we will cease processing unless we can prove compelling reasons worthy of protection which outweigh your interests, freedoms and rights, or the processing is necessary for the assertion or exercise of or for the defence against legal claims.

Advertising to existing customers

We reserve the right to use the email address provided by you during registration in accordance with the statutory provisions to send you the following content by email during or after registration, unless you have already objected to this use of your email address:

– technical information and product updates,
– Information about new functions of the App,
– new offers from our portfolio,
– new offers for services of our products and services,
– individual customer advice,
– inquiries regarding customer feedback
– invitations to participate in beta user groups and as well as
– Invitations to company events.

Insofar as the sending of electronic information is not necessary for the execution of the contract (e.g. email in informational form) and the legal basis from Art. 6 Para. 1 S. 1 lit. b) GDPR is relevant, the processing is based on the legal basis according to Art. 6 Para. 1 S. 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct mail and ensuring customer satisfaction. We delete your data when you terminate your user contract, at the latest, however, three years after termination of the contract. We draw your attention to the fact that you can object at any time to the receipt of direct advertising as well as data processing for the purpose of direct advertising without incurring any costs other than the transmission costs according to the basic tariffs. You are entitled to a general right of objection without giving reasons (Art. 21 para. 2 GDPR). After exercising your right of objection, we will delete your data in connection with the acquisition of existing customers. Click on the unsubscribe link in the respective email or send us your objection to the contact details listed in the “Responsible provider” section. In the event of an objection, we will process your data, in particular your email address, to ensure that you do not receive any further direct mail from us. For this purpose, we put your email address on a so-called blacklist, which we can use to carry out a comparison to ensure that you do not receive any further newsletters from us. The legal basis for data processing is Art. 6 Para. 1 S.1 lit. c) DSGVO in order to comply with our obligation to retain data, otherwise Art. 6 Para. 1 S.1 lit. f) DSGVO. Our legitimate interests are to comply with our legal obligation not to send you any further newsletters after exercising your right of objection.

Hosting

We use external hosting services from Amazon Web Services (Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States) to provide you with the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. It processes all data necessary to operate and use our app. We use external hosting services to operate this app offering. Amazon processes your data exclusively within the European Union. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f) DSGVO. Our legitimate interests in the use of external hosting services are the efficient and secure provision of our app offering. You can object to the processing. Your right of objection exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 DSGVO). In the event of your justified objection, we will examine the facts and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Cloudfront

We also offer Cloudfront as Content Delivery Network (CDN). The provider is Amazon Web Services Inc, 440 Terry Ave N, Seattle, WA 98109, USA. When you visit our website, requests are forwarded to the CDN server. Your IP address will be transmitted and processed. Data processing does not take place exclusively within the European Union. However, AWS has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active). We have no knowledge of the storage period of the corresponding data at AWS and have no possibility of influencing it. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f) GDPR. We use Cloudfront to make our website more attractive and to optimise the loading times of the website. You have the right to object to the processing of your data. Your right of objection exists for reasons arising from your particular situation, unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, and also if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 GDPR). You can exercise your right of objection by sending a message to the contact details given under “Responsible provider”.

Zendesk

We use Zendesk, a service provided by Zendesk, Inc. (1019 Market Street, San Francisco, CA 94103, United States privacy@zendesk.com), in order to process email communications with our users more quickly and efficiently. We use Zendesk to improve our customer service and to simplify email communication. The legal basis for the processing of data through Zendesk is Art. 6, para 1, line 1, lit f) of the GDPR. Our legitimate interests in the processing of data lie in the optimisation and improvement of our customer service, as well as in guaranteeing customer satisfaction. Zendesk processes these data in the USA but submits to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The certification of Zendesk can be found at the following website: https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active. We delete any data associated with Google Forms, after we no longer need to process them, or reduce our processing in accordance with legally binding storage conditions. Additional information about data privacy can be found at the following website: https://www.zendesk.com/company/customers-partners/privacy-policy/

We hereby point out, that you can refuse to receive advertising at any time. You may also forbid us from processing your data for the purpose of advertising at any time, without incurring any additional costs. In addition, you have the general right to object without having to provide reasons under (Art. 21 para 2 of the GDPR). To invoke this right, simply click on the unsubscribe link found at the bottom of our emails, or send notice of your objection to the contact details listed in the “Responsible Provider” section.

Google Tag Manager

We use the Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect personally identifiable information. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.


Back to Top