Data protection in the app

Toll Collect GmbH is pleased that you have decided to use the manual log-on procedure. We take the privacy of your personally identifiable information and toll collection information very seriously. We use this information in strict accordance with the valid data protection laws and road toll laws. Personally identifiable information is information about your identity such as your name, postal address, e-mail address or telephone number, and information about your usage of the manual log-on procedure such as date and time, what services you used and how long you were there.

Below, we explain what information Toll Collect GmbH collects when you use our manual log-on procedure and how this information is used.

Business processes such as log-ons and cancellations are executed between Toll Collect GmbH and you, the user, as part of the manual log-on procedure. Relevant information such as the licence plate number, characteristics of the vehicle, sections that are subject to toll and also the period of validity of the log-on has to be processed for these processes. The legal basis for processing is § 4 para. 3 sentence 3 of the German Federal Trunk Road Toll Act (BFStrMG). The information is transmitted to the central systems and used there for toll collection. If you also have the receipts sent to you by e-mail or text, then the e-mail address or telephone number is used until the end of the process and is then immediately deleted in our systems. In general, Toll Collect GmbH's communication with the e-mail inbox and/or telephone number provided by the user is unencrypted.

You can use the manual log-on procedure as a registered or non-registered user. Registered users with access to the customer portal will automatically receive a log-on account during the initial registration; non-registered users can create a log-on account. A log-on account offers you the following benefits:

• Vehicle management (non-registered users with log-on account only)
• Route management
• Payment method management (non-registered users with log-on account only)
• Ability to view the entire route and the accompanying navigation instructions after completing the log-on
• Easier cancellation of the route

Provision of the facts relevant for toll collection is required for participation in the manual log-on procedure and prescribed according to § 5 paras. 2 and 3 of the German Truck Toll Regulations. Failure to provide the data will result in you not be able to use the manual log-on procedure.

Your explicit consent is required under data protection law during the initial registration in the manual log-on procedure as a registered user and for creating a log-on account.

When doing so, you agree for

• addresses outside of the route subject to toll to be stored until the end of the period of validity of the log-on and
• starting, via and destination points of the booked route and route-relevant data to be stored in accordance with the retention period for the log-on (maximum 120 days).

When logging on as a non-registered user, you also have the option to agree to the storage of addresses not subject to toll, route-relevant data as well as starting, via and destination points. This makes it easier to view or cancel the route (see benefits 4 and 5). The above storage periods also apply in this case.

The route-relevant data is the gross vehicle weight, height, width and hazard class information.

Toll Collect GmbH does not have access to the information in your log-on account, the addresses outside of the route subject to toll or other route-relevant information. Toll Collect GmbH does not use this data in any form and does not send it to third parties. You can opt out of the collection of this additional data at any time by deleting your log-on account (non-registered users) or portal access (registered users) and only using the manual log-on procedure as a non-registered user.

After one year of inactivity, log-on accounts of non-registered and/or registered users with log-on accounts will be deleted. The user will be notified via the e-mail address provided before the log-on account is automatically deleted. Deletion can be revoked by reregistering for the manual log-on procedure.

To store data in the app, we use different types of storage technologies such as local storage (also called "app data") and caching. These technologies store information on your device and can be used to save your activities and preferences. Various parts of your device can be used in the process (internal memory, SD card). To delete the stored data, look for the app in your app manager (under Settings) and select the button "Delete data" or "Clear cache" in the app info section.

The following access permissions are required for the app to function:

• Camera access to scan the QR code on log-on receipts, for easier entry of log-on data
• Location release for easier entry of the start/destination points on the map view

To make your manual log-on easier, you can have your location tracked. Different technologies are used for location tracking depending on the settings of your device:

• GPS
• Wi-Fi networks
• Radio signals (mobile network)
• IP address

You must manually grant the permission on your device for the positioning data to be transmitted. Location tracking is not possible without the explicit consent of the user.

A bar will appear at the top of the screen in most desktop browsers. Smartphone browsers, however, often display a pop-up that the user cannot ignore and that requires a response (consent/rejection).

Consent/rejection is given the first time the app is opened. It can be manually changed in the settings at any time.

For technical reasons, certain data is automatically transmitted to our web servers when you use the manual log-on procedure. This includes the URL of the page from which you accessed our site, the browser you used (for example Firefox or Internet Explorer) and the exact time of your visit. This information cannot be associated with specific individuals. We do not merge it with information from other sources. Therefore, your anonymity is guaranteed as long as you only visit our website. We store this information for up to 48 hours to help us detect and correct errors or outages.

In addition, the following information may be stored in log files for up to 42 days for error and performance analysis and transaction tracking purposes when you use the manual log-on procedure:

• User identification
• Time of the enquiry as well as our response
• Amount of data transferred
• Accessed transactions (URLs)
• Error messages from authentication tools and applications

The legal basis for the processing of this data is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

If the app is terminated by the system for an unexpected reason, users can send an error report with an error description to Toll Collect. The error report contains the following information:

• Date and time
• Information on the app: App version, database version, server version, REST API version
• Information on the unit: Manufacturer, model, operating system
• Information on crash event
• User message (optional)

When you visit a website, cookies store specific information on your computer. In the context of the manual log-on procedure, Toll Collect GmbH uses temporary cookies.

Temporary cookies exist only for a limited time and contain information such as an identification number (known as a session ID). This information allows the server to attribute consecutive requests from a browser to the same user. They are automatically deleted once the user closes the browser.

Permanent cookies are saved by the software Piwik, which we use for the anonymous statistical usage evaluation of our manual log-on procedure. You can find more information on Piwik in the section with the same name on this page. You can also decline the use of Piwik there.

Most browsers are set to automatically allow cookies. You can change your browser settings at any time or use our website without cookies. However, doing so may limit the functionality of our site. The legal basis for the use of cookies is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR)

The manual log-on procedure uses Matomo, an open-source software program, for statistical analysis of visitor access. Matomo also uses cookies. Your IP address will be anonymised immediately after processing and before storage. You can decide whether to allow a unique web analytics cookie to be stored in order to collect and analyse statistical data regarding your activity on the Toll Collect GmbH website. You can also opt out of the collection and use of this data for the purposes of the present data protection policy at any time. In this case, an opt-out cookie with a lifetime of seven days will be stored on your computer. If you delete the cookie or the cookie expires, the opt-out cookie will no longer be valid and must be reactivated by you. The legal basis for the use of Matomo is Art. 6 para. 1 subpara. 1 lit. f of the EU General Data Protection Regulation (GDPR).

Toll Collect GmbH stores your personal data only for as long as is permissible under data protection law. The specific time of deletion is determined according to the following criteria:

If a

• fixed statutory deletion period applies, Toll Collect GmbH deletes your personal data no later than the end of the statutory period.
• If a statutory retention obligation applies, Toll Collect GmbH deletes your personal data once the data retention obligation ends and the data is no longer required for the business processes of Toll Collect GmbH.
• If neither a statutory deletion

period nor a statutory retention period applies, Toll Collect GmbH deletes your personal data as soon as it is no longer required for the business processes of Toll Collect GmbH.

Timely deletion is safeguarded by a deletion concept in accordance with DIN 66398.

Toll Collect GmbH discloses – to the extent necessary – the personal data that relates to you, and which is processed within the scope of the manual log-on procedure, to the following recipients and categories of recipients:

• The Federal Logistics and Mobility Office (BALM)
• Those involved in payment processing
• Order processors

Toll Collect GmbH does not transmit your personal data to any other countries or to international organisations.

Toll Collect GmbH does not subject you to automated decision-making for individual cases that have legal consequences for you or which affect you in a similar manner.

Toll Collect GmbH has implemented extensive security measures to protect stored personally identifiable information against unauthorised access, misuse, destruction and loss. Communications between our web server and your browser are encrypted. Our security measures are continuously adapted to reflect the latest changes in technology.

Toll Collect GmbH is not responsible for the content of external sites that can be accessed through external links in the manual log-on procedure (see also our Legal notices). Some links refer to content not stored on our own servers.

If you access an external website from our manual log-on procedure, your browser may notify the external site of the site from which you were directed. The external provider is responsible for this information. We, like any other provider, have no control over this process.

You have the following rights vis-a-vis Toll Collect GmbH with regard to the personal data that relates to you:

• Right to information,
• Right to correction,
• Right to deletion ("right to be forgotten"),
• Right to restrict processing,
• Right to revoke consent for processing,
• Right to data communicability,

Once consent is granted, you have the right to revoke that consent at any time. The legality of processing remains unaffected before the time at which consent is revoked.

You have the right to file a complaint with a data protection supervisory authority regarding the processing of your personal data by Toll Collect GmbH.

If you have any further questions about data protection, please contact our Data Protection Officer.

Data Protection Officer
Toll Collect GmbH
Linkstraße 4
10785 Berlin
Germany