Privacy Policy FERNRIDE

1.   General

This privacy policy informs you about the nature, scope and purpose of the processing of your personal data by the data controller in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

The definitions of the GDPR, in particular according to Art. 4, are used as a basis.

               

1.1. Controller

The controller according to data protection law is:

Fernride GmbH („fernride“, „we“)
Joseph-Dollinger-Bogen 28
80807 München
E-Mail: info@fernride.com

1.2. Data Protection Officer

You can reach the appointed data protection officer as follows:

Intelliant GmbH
Reinhardtstr. 25
10117 Berlin
Email: dsb@fernride.com

2. Details of data processing

2.1. Website operation and website functions

When you visit our website, we process personal data as follows.  

In doing so, we use services provided by third parties. These services also include the use of cookies (Essential). You can find specific information on the individual cookies and individual setting options under "More" in our consent management.  

You can also adjust your preferences at a later date or revoke your consent with effect for the future. These adjustments are possible at any time via the "Privacy settings" button ("fingerprint") in your browser window. Please note that without your consent, individual functions of the website may only function to a limited extent. 

2.1.1. Provision of the website content

Purpose
  • Establishment of the technical connection between the visitor’s terminal device and our website (execution of the session).
  • Maintaining and improving the functionality of the website
  • Maintaining and improving the information security or data security (confidentiality, availability and integrity) of the website (data storage in log files)

Categories of processed data
  • IP address of the accessing system
  • browser type of the end device used and version
  • Internet service provider of the accessing system
  • Date, time and success of the access
  • Third-party websites from which the user’s system accesses our website
  • Third-party websites that are accessed by the user’s system via our website
  • Analyzing website usage (anonymized IP & referrer, no user ID)

Categories of recipients
  • Web hosting - Webflow, Inc.
  • Website analytics – matomo.org
  • Note: Google Tag Manager (Google Inc.) - no processing of personal data.

Third-country transfer
  • US (web hosting) in accordance with appropriate guarantees pursuant to Art. 46 GDPR

Storage period or its criteria
  • Session: data deletion at the end of the respective session
  • Log files: data deletion after 7 days or anonymization

Legal basis
  • Art. 6 (1) f) GDPR (legitimate interests)

2.2. Data processing of Fernride teleoperation and autonomy on company grounds of customers (non-public area)

If you are on the premises of a Fernride customer company while Fernride is performing teleoperated rides, you may be briefly captured and recorded by the video cameras installed on the teleoperated vehicle. This is, of course, only possible in the direct vicinity of the vehicle.

Purpose
  • Real- time remote control of various vehicles on private premises of the client companies by teleoperator
  • Ensuring traffic safety of passers-by in the perimeter
  • Improving the quality of service, vehicle control and vehicle technology
  • Error identification and correction, bug fixing
  • Training of teleoperators
  • Evidence of vehicle control in case of incidents
Categories of processed data
  • Image recording of persons (non-biometric)
  • Motor vehicle data
Categories of recipients
  • Hosting - Google Inc.
Third-country transfer
  • US
Storage period or its criteria
  • 2 days

Legal basis
  • Art. 6 (1) f) GDPR (legitimate interests)

Note: Personal data is processed exclusively for the above-mentioned purposes. The personal recordings are not in the foreground of the processing, but are unfortunately unavoidable to ensure traffic safety and service provision.

In certain cases, your data may also be processed by our partner Continental in accordance with the above-mentioned processing. This processing is carried out for the same purposes, but by Continental as a separate data controller.

In this case, the controller is:

Continental Engineering Services GmbH (“Continental”)

Breitlacherstrasse 94

60489 Frankfurt am Main

Further information on data protection at Continental can be found here.

The form for exercising data subject rights can be found here.

2.3. Contact

We can be contacted via our website using the contact form.

Purpose
  • Contacting Fernride
  • Submitting requests to Fernride to be answered

Categories of processed data
  • Personal general data (name, e-mail address)
  • Message content (optional) 
  • IP address, log data, and tracking

Categories of recipients
  • Microsoft (M365)

Third-country transfer
  • US (mail hosting) in accordance with appropriate safeguards pursuant to Art. 46 GDPR

Storage period or its criteria
  • 3 months after receipt/response to contact request

Legal basis
  • Art. 6 para. 1 a) GDPR (consent)
  • Art. 6 (1) f) GDPR (legitimate interests)

2.4. Application process

Via our website, vacancies at Fernride can be viewed and the application process can be initiated by providing personal data and application documents. This is made possible by the provider Greenhouse.

Purpose
  • Provision of secure application portal
  • Finding and hiring future employees
  • Filling open positions at Fernride
  • Conducting the application process
  • Communication during the application process

Categories of processed data
  • Personal master data (name, e-mail address)
  • Contact data (address, telephone number)
  • CV data (incl. education data, career data)
  • Cover letter (optional)
  • LinkedIn profile information (optional)

Categories of recipients
  • Application management - Greenhouse Software, Inc.
  • Communication - Microsoft, Inc. (Microsoft 365)
  • Captcha - Google LLC (reCAPTCHA)

Third-country transfer
  • US (application management)- in accordance with appropriate safeguards pursuant to Art. 46 GDPR
  • US (Communication) - in accordance with appropriate safeguards pursuant to Art. 46 GDPR
  • US (Captcha) - in accordance with appropriate safeguards pursuant to Art. 46 GDPR

Storage period or its criteria
  • Up to 6 months after completion of the application process (rejection), if there are no other legal requirements for storage (e.g. AGG lawsuit).
  • Extension of storage in case of consent (Talent Pool for 6 months)
  • Upon conclusion of the contract, the data is stored and further managed in personnel data management

Legal basis
  • Art. 6 para. 1 a) GDPR (consent)
  • Art. 6 para. 1 b) GDPR (initiation or performance of a contract)

We ask for your understanding that, for data protection reasons, we cannot process applications received outside Greenhouse.

Under European data protection law, we are obliged to inform you that withholding personal data in your application may put you at a disadvantage compared to other applicants applying for the same position.

2.5 Newsletter

If you decide to subscribe to the Fernride Newsletter on our website, Fernride processes your data based on your voluntary consent until you unsubscribe.

Purpose
  • Managing newsletter subscriptions
  • Distributing newsletter mailings with Fernride relevant updates and information

Categories of processed data
  • Personal general data (name, e-mail address)
  • IP address, log data, and tracking

Categories of recipients
  • Sendinblue GmbH (Brevo)

Third-country transfer
  • -

Storage period or its criteria
  • Deletion once consent is withdrawn/newsletter was unsubscribed

Legal basis
  • Art. 6 para. 1 a) GDPR (consent)

The newsletter consent can be withdrawn anytime with effect for the future, by clicking on ‘unsubscribe’ in any Newsletter mailing by Fernride, as well as by informally contacting ‘dsb@fernride.com‘.

3. Rights of the data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR. You are therefore entitled to the following rights towards the controller:

3.1. Right of access

Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can request the following information from us: Processing purposes; Category of personal data being processed; Recipients or categories of recipients to whom your data have been or will be disclosed; Planned storage period or, if specific information on this is not possible, criteria for determining the storage period; Existence of a right to rectification, erasure, restriction of processing or objection; Existence of a right to lodge a complaint with a supervisory authority; Origin of your data, if it has not been collected by us; Existence of automated decision-making including „profiling“ and, if applicable. meaningful information on their details; transfer of personal data to a third country or to an international organization; appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

3.2. Right to rectification

In accordance with Art. 16 GDPR, you have the right to demand the correction or completion of your personal data stored by us without delay. 

3.3. Right to restriction of processing

Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

3.4. Right to deletion

Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

3.5. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

3.6. Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

3.7. Right to object

According to Art. 21 GDPR, you have the right to revoke your consent at any time. We will then no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to „profiling“ insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

3.8. Right to revoke the declaration of consent under data protection law

In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3.9. Right to complain to a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, workplace or the place of the alleged infringement. The Bayrische Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision) is responsible for Fernride.

4. Actuality and changes to this privacy policy

This data protection declaration shall apply in its currently valid version. The current data protection declaration can be accessed and printed out at any time on the website at https://www.fernride.com/data-privacy.

Latest version: April 2023