Privacy Policy

Toll Collect would like to thank you for visiting our website and for your interest in our company. We take the protection of your personal data very seriously; accordingly, our processing of your personal data always and exclusively takes place in compliance with the applicable data protection regulations.

Personal data is information about your identity, such as your name, postal address, e-mail address or phone number, but also usage information like the date and time you accessed our system, what services you used and for how long. Below, we explain what information Toll Collect collects within the scope of toll system operation and during your visit to our website.

Toll Collect processes your personal data for toll collection and enforcement purposes within the scope of operating the toll system for heavy industrial vehicles. The toll system is divided into:

• Automatic toll collection method
• Manual toll collection method
• Enforcement system

For toll collection and the enforcement system, the data listed in §§ 4 para. 3, 7 para. 2 German Federal Trunk Road Toll Act (BFStrMG) as well as in § 2 German Truck Toll Regulations are collected. Toll Collect additionally processes personal data on the basis of Art. 6 para. 1 subpara. 1 lit b GDPR for the following purposes:

• Toll Collect On-Board Unit use
• Registration processes
• Receivables management
• Transactions with payment services providers
• Fraud investigation
• Dispute resolution
• Certification and training
• Toll collection in Austria

In order to participate in the automatic and manual log-on procedures it is necessary to specify the information relevant for toll collection and which is required according to §§ 4 paras. 2 and 3, 5 para.1 sentence 3 of the German Truck Toll Regulations. Failure to provide the data means that you cannot use the respective log-on procedure.

When you access the public website and portal applications, Toll Collect process the use data for the online offerings and web analytics data. This includes:

• IP address,
• date and time of the query,
• time zone difference relative to Greenwich Mean Time (GMT),
• content of the query (specific page),
• access status/HTTP status code,
• amount of data transferred,
• website from which the query originated,
• browser,
• operating system and its interface as well as
• language and version of browser software.

This processing is done for the purposes of conducting the web session, to respond to operational problems or in justified cases of abuse as well as to generate usage statistics. The usage statistics for visitors to the website are generated in order to provide a basis for designing the websites and services in accordance with users' needs. The legal basis of processing is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

We additionally process the personal data that you provide to us — for example, to

• register with us,
• sign up for our newsletter,
• ask us a question,
• participate in one of our surveys,
• ask us to send you information material or,
• sign up to visit our Privacy Exhibition.

In these cases, we will need varying degrees of personal data from you. We may, for example, ask for your name, address, telephone number or e-mail address. It is your decision whether to send us this information by filling in the appropriate fields. We will use this information only to process your specific request.

Cookies

Toll Collect uses mainly temporary cookies on its own websites and portal applications. Temporary cookies exist only for a limited time and contain information such as an identification number (known as a session ID). They allow the server to attribute consecutive requests from a browser to the same user. They are automatically deleted once you close the browser.

Toll Collect also generates a persistent cookie to store your language preferences for the portal when you access the portal applications. Permanent cookies are also saved by the software Matomo, which we use for the anonymous statistical usage evaluation of our website.

Most browsers are set to automatically allow cookies. You can change your browser settings at any time or use our website without cookies. However, doing so may limit the functionality of our site. Use of our portal applications is not possible without cookies. The legal basis for the use of cookies is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

Matomo

Toll Collect uses Matomo on the website and portal. Matomo is open-source software used for statistical analysis of user access and also uses cookies. Your IP address will be anonymised immediately after processing and before storage.

Here you can decide whether to allow a unique web analytics cookie to be stored in your browser in order to collect and analyse statistical data regarding your activity on the Toll Collect website. You can also opt out of the collection and use of this information at a later time. In this case, an opt-out cookie with a lifetime of two years will be stored on your computer. If you delete the cookie or the cookie expires, the opt-out cookie will no longer be valid and must be reactivated by you. The legal basis for the use of Matomo is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

You can make public comments on our blog, in which we publish various articles on topics relating to the toll. To do so, you must provide your user name and email address. This data is used to respond to your comment, if applicable. The legal basis is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

All comments are reviewed before being published. Your comment will be published on the article page after the review takes place under the username you provided. However, Toll Collect reserves the right to delete comments or individual sentences thereof if they breach the netiquette rules or do not relate to the article under which they were written.

You can subscribe to our email newsletter by providing your consent. To sign up for our newsletter, we use the "double opt-in procedure". This means that after you sign up, we send an email to the email address you provided, asking you to confirm that you want to receive the newsletter. If you do not confirm your subscription within fourteen days, your information will be automatically deleted. We additionally save the time of your subscription so that we can document it.

The only mandatory information required to receive the newsletter is your email address and desired language of correspondence. If you want to subscribe to the service partner newsletter on the service partner portal, we additionally require that you specify your country. After your confirmation, we save this data for the purposes of sending you the newsletter. The legal basis is Art. 6 para. 1 subpara. 1 lit. a of the EU General Data Protection Regulation (GDPR).

You can revoke your consent to receive the newsletter at any time and cancel delivery of the newsletter. To do so, simply follow the link that appears in every email newsletter, then enter your email address on the form.

Please note that Toll Collect analyses the usage behaviour of all newsletter recipients. To enable this analysis, the emails sent to you contain a feature known as tracking pixels. You can revoke this tracking at any time by clicking the link to cancel the newsletter that appears in every email, or inform us accordingly via a different communication channel.

Toll Collect generally offers its customers the option of using the “direct debit upon invoicing” payment method. When this payment method is used, Toll Collect provides services in advance of payment for the customer, which means that a risk of a payment default could arise for Toll Collect.

Toll Collect has a legitimate financial interest in minimising the risk of payment defaults. To this end, following selection of the “direct debit upon invoicing” payment method, Toll Collect assesses your likelihood of payment by means of a recognised mathematical statistical method. In order to do this, Toll Collect uses only its own internal information (including master data, payment behaviour, payment history, sales trends). Then an automated decision on whether approval for the payment method “direct debit upon invoicing” is granted and the amount of any deposit that may be required is made, based the calculated likelihood of payment and your individual credit needs.

The legal basis for this processing is Art. 6(1)(f) of the GDPR (General Data Protection Regulation).

You have the right to have Toll Collect manually review the automated decision. You also have the right to communicate your own views and the right to challenge the decision.

In the context of toll collection, automated individual decisions

• are made in order to block an account if necessary
• or to decide on the means of payment for a repayment on the basis of user activities.

Toll Collect only your personal data stores for as long as is permissible under data protection law. The specific time of deletion is determined according to the following criteria:

• If a fixed statutory deletion period applies, Toll Collect deletes your personal data no later than the end of the statutory period.
• If a statutory retention obligation applies, Toll Collect deletes your personal data once the data retention obligation ends and the data is no longer required for the business processes of Toll Collect.
• If neither a statutory deletion period nor a statutory retention period applies, Toll Collect deletes your personal data as soon as it is no longer required for the businesses processes of Toll Collect.

Timely deletion is safeguarded by a deletion concept in accordance with DIN 66398.

Toll Collect discloses – to the extent necessary – the personal data that relates to you, and which is processed within the scope of the automatic and manual toll collection procedure, to the following recipients and categories of recipients:

• The Federal Office for Goods Transport (BAG)
• ASFINAG, an interoperability partner (Toll2GO participants)
• Those involved in payment processing
• Order processors

Personal data collected within the scope of your accessing our public website and the portal is not disclosed to any other recipients.

Toll Collect does not transmit your personal data to other countries or to international organisations.

Our website uses plugins for various social media, namely:

• Facebook plugins (“Like” button): Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA
• LinkedIn button: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Dublin, 2, Ireland
• Twitter (Retweet): Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
• WhatsApp button: WhatsApp Inc. 650 Castro Street, Suite 120-219, Mountain View, CA 94041, USA
• Xing button: Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany

These plugins are identifiable by their respective logos.

Our solution for sharing content from our site on Facebook, LinkedIn, Twitter, WhatsApp and Xing using special buttons is provided by Shariff. You'll find these buttons at the bottom of each of our blog posts, for example. By default, these buttons do not transmit information to third parties. Only after clicking on the button is the relevant social network permitted to request data from users.

If you click the Facebook “Like” button while you are logged into your Facebook account, your Facebook profile will be linked to our site. This allows Facebook to track your visits to our site.

If you do not want Facebook to be able to track your activity on our site, log out of your Facebook account.

To learn how your personally identifiable information is used by these social media sites, please refer to the privacy policy of the corresponding provider.

• Facebook: https://www.facebook.com/policy.php
• LinkedIn: http://www.linkedin.com/legal/privacy-policy
• Twitter: http://twitter.com/privacy
• WhatsApp: https://www.whatsapp.com/legal/
• Xing: http://www.xing.com/privacy

Toll Collect uses Google Maps to assist you with finding toll terminals and service partners.

When you visit the website, Google receives the information that you have requested the respective sub-page on our website. This occurs regardless of whether you are logged into a Google account. If you are logged into Google, your data will be directly associated with your account. If you do not wish to have the data associated with your Google profile, you must log out before activation. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or designing the website to meet users' needs. Such analysis is carried out in particular (even for users who are not logged in) in order to provide usage-related advertising and to inform other users of the social network about your activities on our website. You are entitled to revoke permission for the creation of this user profile, however to do so, you must contact Google directly.

Additional information regarding the purposes and scope of data collection and data processing by the plugin providers is available in the data protection policies of the respective providers. You can also find more information there about your rights and the options/settings available to protect your personal information:
https://policies.google.com/privacy?hl=en-GB.

Toll Collect hereby advises that as a user of Google Maps, you are bound by the Additional Terms of Service for Google Maps/Google Earth, including Google's Privacy Policy. Google also processes your personal data in the USA.

Toll Collect is not responsible for the content of external sites accessed through external links on the Toll Collect website (see also our Legal notices). Many links on our site refer to content which is not stored on our servers.

If you access an external website from our site, your browser may notify the external site of the site that referred you. The external provider is responsible for this information. We, like any other provider, have no control over this process.

Toll Collect has implemented extensive security measures to protect stored personally identifiable information against unauthorised access, misuse, destruction and loss. Communications between our web server and your browser are encrypted. E-mails sent by Toll Collect while using the internet portal are not end-to-end encrypted. Our security measures are continuously adapted to reflect the latest changes in technology.

You have the following rights vis-a-vis Toll Collect with regard to personal data that relates to you:

• Right to information,
• Right to correction,
• Right to deletion ("right to be forgotten"),
• Right to restrict processing,
• Right to revoke permission for processing,
• Right to data communicability.

Once consent is granted, you have the right to revoke that consent at any time. The legality of processing remains unaffected before the time at which consent is revoked.

You have the right to file a complaint with a data protection supervisory authority regarding the processing of your personal data by Toll Collect.

Please direct any further questions about the processing of your personal data to: info@toll-collect.de.

The name and contact information for the party responsible for data processing can be found in our Imprint.

Data Protection Officer
Toll Collect GmbH
10875 Berlin
Germany
tc_datenschutz@toll-collect.de