Data protection

Toll Collect would like to thank you for visiting our website and for your interest in our company. We take the protection of your personal data very seriously; accordingly, our processing of your personal data always and exclusively takes place in compliance with the applicable data protection regulations.

Personal data is information about your identity, such as your name, postal address, e-mail address or phone number, but also usage information like the date and time you accessed our system, what services you used and for how long. Below, we explain what information Toll Collect collects within the scope of toll system operation and during your visit to our website.

Toll Collect processes your personal data for toll collection and enforcement purposes within the scope of operating the toll system for heavy industrial vehicles. The toll system is divided into:

• Automatic toll collection method
• Manual toll collection method
• Enforcement system

For toll collection and the enforcement system, the data listed in §§ 4 para. 3, 7 para. 2 German Federal Trunk Road Toll Act (BFStrMG) as well as in § 2 German Truck Toll Regulations are collected. Toll Collect additionally processes personal data on the basis of Art. 6 para. 1 subpara. 1 lit b GDPR for the following purposes:

• Use of the Toll Collect on-board unit
• Registration processes
• Receivables management
• Transactions with payment services providers
• Fraud investigation
• Dispute resolution
• Certification and training
• Toll collection in Austria

In order to participate in the automatic and manual log-on procedures it is necessary to specify the information relevant for toll collection and which is required according to §§ 4 paras. 2 and 3, 5 para.1 sentence 3 of the German Truck Toll Regulations. Failure to provide the data means that you cannot use the respective log-on procedure.

When you access the public website and portal applications, Toll Collect process the use data for the online offerings and web analytics data. This includes:

• IP address,
• date and time of the query,
• time zone difference relative to Greenwich Mean Time (GMT),
• content of the query (specific page),
• access status/HTTP status code,
• amount of data transferred,
• website from which the query originated,
• browser,
• operating system and its interface as well as
• language and version of browser software.

This processing is done for the purposes of conducting the web session, to respond to operational problems or in justified cases of abuse as well as to generate usage statistics. The usage statistics for visitors to the website are generated in order to provide a basis for designing the websites and services in accordance with users' needs. The legal basis of processing is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

We additionally process the personal data that you provide to us — for example, to

• register with us,
• sign up for our newsletter,
• ask us a question,
• participate in one of our surveys,
• ask us to send you information material or,
• sign up to visit our Privacy Exhibition.

In these cases, we will need varying degrees of personal data from you. We may, for example, ask for your name, address, telephone number or e-mail address. It is your decision whether to send us this information by filling in the appropriate fields. We will use this information only to process your specific request.

Cookies

We only use “necessary cookies” to operate this web portal. These cookies are only stored for the duration of your Internet session. Without these cookies, you cannot use all of the functionality of our web portal.

“Necessary cookies” are used to implement the following functionalities:

• Loading and routing the website:
  The technology is used to get to and load the website. Without this technology, the website would not be accessible or would not be loaded. Users might receive an error message when they tried to load the page.
• User identification and authentication:
  The technology is used for user identification and authentication: e.g. for managing and transferring security tokens to different services within a website in order to identify the status of the user (e.g. whether they are logged in or not)
• Security of the website:
  The technology is used to ensure the security of the website and the users. (e.g. sessions timing out for security reasons)

You can make public comments on our blog, in which we publish various articles on topics relating to the toll. To do so, you must provide your user name and email address. This data is used to respond to your comment, if applicable. The legal basis is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

All comments are reviewed before being published. Your comment will be published on the article page after the review takes place under the username you provided. However, Toll Collect reserves the right to delete comments or individual sentences thereof if they breach the netiquette rules or do not relate to the article under which they were written.

You can subscribe to our email newsletter by providing your consent. To sign up for our newsletter, we use the "double opt-in procedure". This means that after you sign up, we send an email to the email address you provided, asking you to confirm that you want to receive the newsletter. If you do not confirm your subscription within fourteen days, your information will be automatically deleted. We additionally save the time of your subscription so that we can document it.

The only mandatory information required to receive the newsletter is your email address and desired language of correspondence. If you want to subscribe to the service partner newsletter on the service partner portal, we additionally require that you specify your country. After your confirmation, we save this data for the purposes of sending you the newsletter. The legal basis is Art. 6 para. 1 subpara. 1 lit. a of the EU General Data Protection Regulation (GDPR).

You can revoke your consent to receive the newsletter at any time and cancel delivery of the newsletter. To do so, simply follow the link that appears in every email newsletter, then enter your email address on the form.

Please note that Toll Collect analyses the usage behaviour of all newsletter recipients. To enable this analysis, the emails sent to you contain a feature known as tracking pixels. You can revoke this tracking at any time by clicking the link to cancel the newsletter that appears in every email, or inform us accordingly via a different communication channel.

Toll Collect generally offers its customers the option of using the “direct debit upon invoicing” payment method. When this payment method is used, Toll Collect provides services in advance of payment for the customer, which means that a risk of a payment default could arise for Toll Collect.

Toll Collect has a legitimate financial interest in minimising the risk of payment defaults. To this end, following selection of the “direct debit upon invoicing” payment method, Toll Collect assesses your likelihood of payment by means of a recognised mathematical statistical method. In order to do this, Toll Collect uses only its own internal information (including master data, payment behaviour, payment history, sales trends). Then an automated decision on whether approval for the payment method “direct debit upon invoicing” is granted and the amount of any deposit that may be required is made, based the calculated likelihood of payment and your individual credit needs.

The legal basis for this processing is Art. 6(1)(f) of the GDPR (General Data Protection Regulation).

You have the right to have Toll Collect manually review the automated decision. You also have the right to communicate your own views and the right to challenge the decision.

Toll Collect uses data stored in anonymised form in accordance with the German Federal Trunk Road Toll Act (BFStrMG) for statistical and traffic management purposes. For these purposes, Toll Collect anonymises the data collected in accordance with Sections 4 para. 3 sentence 3, para. 2 sentence 1 BFStrMG before using it for statistical or traffic management purposes.

The legal basis for this processing is Section 9 para. 6 BFStrMG in conjunction with Sections 4 para. 3, sentence 3, 7 para. 2 sentence 1 BFStrMG.

Toll Collect does not disclose the data collected in accordance with Sections 4 para. 3, sentence 3, 7 para. 2 sentence 1 BFStrMG to any other recipients in connection with its use for statistical or traffic management purposes. A disclosure will only take place in the form of anonymous statistical results or in the form of anonymous responses to traffic management surveys.

Toll Collect erases the data collected in accordance with Sections 4 para. 3, sentence 3, 7 para. 2 sentence 1 BFStrMG in accordance with the erasure obligations of Section 9 BFStrMG. Anonymisation for statistical and traffic management purposes takes place within these erasure deadlines.

Transfer to a third country or an international organisation does not take place.

Automated decision-making including profiling does not take place.

In the context of toll collection, automated individual decisions

• are made in order to block an account if necessary
• or to decide on the means of payment for a repayment on the basis of user activities.

Toll Collect only your personal data stores for as long as is permissible under data protection law. The specific time of deletion is determined according to the following criteria:

• If a fixed statutory deletion period applies, Toll Collect deletes your personal data no later than the end of the statutory period.
• If a statutory retention obligation applies, Toll Collect deletes your personal data once the data retention obligation ends and the data is no longer required for the business processes of Toll Collect.
• If neither a statutory deletion period nor a statutory retention period applies, Toll Collect deletes your personal data as soon as it is no longer required for the businesses processes of Toll Collect.

Timely deletion is safeguarded by a deletion concept in accordance with DIN 66398.

Toll Collect discloses – to the extent necessary – the personal data that relates to you, and which is processed within the scope of the automatic and manual toll collection procedure and their enforcement, to the following recipients and categories of recipients:

• The Federal Logistics and Mobility Office
• ASFINAG, an interoperability partner (Toll2GO participants)
• Those involved in payment processing
• Order processors

Personal data collected within the scope of your accessing our public website and the portal is not disclosed to any other recipients.

A transfer of your personal data to a third country occurs if you use the following functions of our website:

• Social media plugins
• Service partner search

You can find details on these transfers in the corresponding chapter of this data protection information.

Our website uses plugins for various social media, namely:

• Facebook plugins (like button), Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland
• LinkedIn button: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Dublin, 2, Ireland
• Twitter (Retweet): Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
• WhatsApp button: WhatsApp Inc. 650 Castro Street, Suite 120-219, Mountain View, CA 94041, USA
• Xing button: Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany

These plugins are identifiable by their respective logos.

Our solution for sharing content from our site on Facebook, LinkedIn, Twitter, WhatsApp and Xing using special buttons is provided by Shariff. You'll find these buttons at the bottom of each of our blog posts, for example. By default, these buttons do not transmit information to third parties. Only after clicking on the button is the relevant social network permitted to request data from users.

If you click the Facebook “Like” button while you are logged into your Facebook account, your Facebook profile will be linked to our site. This allows Facebook to track your visits to our site.

If you do not want Facebook to be able to track your activity on our site, log out of your Facebook account.

To learn how your personally identifiable information is used by these social media sites, please refer to the privacy policy of the corresponding provider.

• Facebook: https://www.facebook.com/policy.php
• LinkedIn: http://www.linkedin.com/legal/privacy-policy
• Twitter: http://twitter.com/privacy
• WhatsApp: https://www.whatsapp.com/legal/
• Xing: http://www.xing.com/privacy

Toll Collect uses Google Maps to assist you with finding service partners.

When you visit the website, Google receives the information that you have requested the respective sub-page on our website. This occurs regardless of whether you are logged into a Google account. If you are logged into Google, your data will be directly associated with your account. If you do not wish to have the data associated with your Google profile, you must log out before activation. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or designing the website to meet users' needs. Such analysis is carried out in particular (even for users who are not logged in) in order to provide usage-related advertising and to inform other users of the social network about your activities on our website. You are entitled to revoke permission for the creation of this user profile, however to do so, you must contact Google directly.

Additional information regarding the purposes and scope of data collection and data processing by the plugin providers is available in the data protection policies of the respective providers. You can also find more information there about your rights and the options/settings available to protect your personal information: http://www.google.de/intl/de/policies/privacy/

Toll Collect hereby advises that as a user of Google Maps, you are bound by the Additional Terms of Service for Google Maps/Google Earth including the Data protection policy . Google also processes your personal information in the USA.

Toll Collect is not responsible for the content of external sites accessed through external links on the Toll Collect website (see also our Legal Information ). Many links on our site refer to content which is not stored on our servers.

If you access an external website from our site, your browser may notify the external site of the site that referred you. The external provider is responsible for this information. We, like any other provider, have no control over this process.

Toll Collect has implemented extensive security measures to protect stored personally identifiable information against unauthorised access, misuse, destruction and loss. E-mails sent by Toll Collect while using the internet portal are not end-to-end encrypted. Our security measures are continuously adapted to reflect the latest changes in technology.

You have the following rights vis-a-vis Toll Collect with regard to personal data that relates to you:

• Right to information,
• Right to correction,
• Right to deletion ("right to be forgotten"),
• Right to restrict processing,
• Right to revoke permission for processing,
• Right to data communicability.

Once consent is granted, you have the right to revoke that consent at any time. The legality of processing remains unaffected before the time at which consent is revoked.

You have the right to file a complaint with a data protection supervisory authority regarding the processing of your personal data by Toll Collect.

Please direct any further questions about the processing of your personal data to:

info@toll-collect.de

The name and contact information for the party responsible for data processing can be found in our Imprint.

Data protection officer
Toll Collect GmbH
Linkstraße 4
10875 Berlin

If you would like to communicate with us using encrypted e-mails, you can download the public part of our PGP company key.