Privacy policy
1. Controller and Data protection officer
Data processing in connection with the track4science research project is carried out by the controller:
Ferdinand-Steinbeis-Gesellschaft für transferorientierte Forschung gGmbH der Steinbeis-Stiftung (FSG), Filderhauptstraße 142, 70599 Stuttgart, Germany, e-mail info@ferdinand-steinbeis-institut.de
You can contact our data protection officer, attorney Dr. Moritz Votteler, at (datenschutz@track4science.de) or at our postal address with the addition "the data protection officer".
If you have any questions or comments about this privacy policy or about data protection in general, you can contact us directly or the data protection officer.
If we use contracted service providers for individual functions of our offer, we will always carefully select and monitor these service providers.
2. Information on the collection of personal data
In the following we inform you about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
Data processing when accessing the website
When you simply access our website, i.e. without registering and without providing us with any other information, we process the personal data that your browser transmits to our server (IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request, access status/HTTP status code, amount of data transferred, browser, operating system, language). This data is technically necessary for us to display our website to you in a stable and secure manner. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
Use of independent analytics
We use independent analytics, a tool for evaluating user behaviour from Independent Insights L.L.C., which does not use cookies and is GDPR-compliant. The data is collected by us and is not passed on to third parties for analysis. You can find more information here: https://independentwp.com/features/gdpr-analytics/. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
Contacting us by e-mail
When you contact us by e-mail , the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions. We delete the data collected in this context after one year. If the request is assigned to a user account, for the duration of the existence of the user account, otherwise after storage is no longer required. Alternatively, we restrict their processing if there are statutory retention obligations.
When using our newsletter service
If you subscribe to our newsletter, it is necessary to provide your e-mail address. When you register, we also collect the IP address assigned by your internet service provider to the device you are using at the time of registration, as well as the date and time of your registration. This data is collected in order to be able to trace the circumstances in the event of possible misuse of your e-mail address at a later date, which contributes to our legal protection. In order to provide you with interesting and relevant content, we track how you use the content of the bahn.de newsletter by opening and displaying specially customized links.
In this context, your e-mail address may be used by us for advertising purposes, based on Art. 6 para. 1 lit. a) of the GDPR. You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link at the end of each newsletter. If you object to the use of your data for advertising purposes, your information will only be used anonymously for statistical analysis.
When creating a user profile
Participants are asked to create a user profile within the app.
This user profile contains an email address in order to open an independent communication channel with participants.
This makes it possible to notify winners of competitions that serve to increase the willingness to participate via email. In addition, the email addresses are used to draw attention to surveys and field trials taking place outside the app.
The user profile also contains background information on the vehicles usually used. This information is necessary in order to be able to individually display data on personal mobility behavior, such as the CO2 footprint and mobility costs.
Data collection through our track4science app
We adhere to the data protection principles of "privacy by design" and "privacy by default": the use of our app is pseudonymized.
When installing the app, the participant receives a pseudonymous user ID, which is used to identify them in the backend, i.e. during processing on the servers. Data is exchanged between the smartphone and the servers using a UUID, a standardized 128-bit number sequence that generates a unique identification number.
If participants have installed the track4science app on their end devices and give their consent, the following data is collected
- the information on the smartphone used
- the version of the operating system
- the app version
- the mobility data as raw data using an app on their smartphones This app continuously records movement data such as location and timestamp, from which route data can then be derived (including start and end point, most likely means of transport and other attributes such as length, duration or points of interest).
MotionTag processes the raw data into movement profiles. The pseudonymized data is transmitted to this service provider via an encrypted connection. After processing, the prepared data is transferred to our servers.
The resulting individual movement profiles of the participants are interpreted by researchers and used for scientific purposes
Participants in the research study receive feedback on their own movement patterns, CO2 footprint, costs and calorie consumption via the app. The conversion of the distances traveled into these metrics is automated in the backend.
User engagement data is collected in order to make data-driven decisions about which features of the app lead to an improved user experience. This data includes, for example, the length of stay, page views per visit, the number of actions performed within the app or the frequency of use of certain app functions (service provider: probably SmartLook).
Surveys
Study participants can be invited to take part in surveys via the online application LimeSurvey. This is software provided by LimeSurvey GmbH, Papenreye 63, 22453 Hamburg, Germany.
Pseudonymization and anonymization of data
Pseudonymization is defined in the European Union's General Data Protection Regulation (GDPR) as a data protection mechanism that aims to process personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information. This means that the personal data is given a pseudonym, i.e. an identifier that prevents the direct identification of the person, as long as the additional information (which would enable an assignment) is stored separately and protected by technical and organizational measures.
In the track4science project, data processing using pseudonymization takes place as follows:
First, the person responsible creates corresponding pseudonyms (user ID, UUID) for all registered participants. While the study is being conducted, communication takes place exclusively via a dedicated e-mail address of the person responsible. The assignment of e-mail addresses to pseudonyms is stored in encrypted form on a server of the controller. This is done in strict compliance with the dual control principle by the project management. Access to these pseudonyms is restricted to researchers from the responsible parties.
The merging of survey and movement data is based on the pseudonym, and the evaluation of this aggregated data is also only carried out using pseudonyms. All persons involved in this process are trained in data protection law before starting work on the project and are obliged to maintain data confidentiality.
Anonymization within the meaning of the GDPR refers to a process in which personal data is processed in such a way that the data subject can no longer be identified without additional information being used.
After completion of the project, we remove the e-mail address as an identification feature. From this point on, a person is no longer identifiable. The data is therefore anonymized.
To ensure complete anonymity, not only is the survey data anonymized, but the movement data is also processed in such a way that no conclusions can be drawn about specific locations. This is achieved by removing the first and last points of each movement track and randomly distributing the new first and last points within a 100 m x 100 m grid.
3. Data processing by external service providers
We select external service providers who process data on our behalf with great care and bind them by means of strict contractual agreements. These providers act in accordance with our instructions, a requirement that is guaranteed by detailed contractual conditions, technical and organizational protective measures and additional checks.
We do not transfer data to third countries, i.e. countries outside the European Union (EU) or the European Economic Area (EEA) or to international organizations, unless appropriate safeguards are in place. This includes EU standard data protection clauses and a declaration of adequacy from the European Commission.
Programming of the app and the backend for storing the data: mmmake GmbH, Großgartacher Str. 61, 74080 Heilbronn, Germany
The analysis of user interactions and collection of crash reports of our app is carried out by Smartlook.com, s.r.o. Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic.
The hosting, the provision of information technology infrastructure and the associated services is carried out by Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm on our behalf.
We use an external service provider, Motiontag GmbH, Rudolf-Breitscheid-Str. 162, 14482 Potsdam, Germany, to carry out the mobility calculations.
The online survey is carried out by LimeSurvey GmbH Umfragedienste & Beratung, Papenreye 63, 22453 Hamburg.
4. Research cooperations
We conduct research together with Professor Christoph Ungemach, Professor of Marketing at the Technical University of Munich, Arcisstr. 21/II, 80333 Munich.
We are a non-profit research institution that has set itself the goal of allowing other research institutions to participate in the anonymized data collected and to create an open data infrastructure for this purpose. On the basis of this transparency, research institutions can analyze and scientifically evaluate promising measures for behavioral change. This knowledge can be used for positive developments or improvements in mobility.
5. Your rights
You have the right to receive information about your personal data stored by us.
Furthermore, you can request that we correct, delete or restrict the processing of your personal data, provided that this is legally permitted and can be implemented within the framework of existing contractual relationships.
Furthermore, you have the right to request the transfer of data that you have transmitted to us based on your consent or in the course of a contract.
If you have given us consent to process your data, you can withdraw this consent at any time with the option to do so in the same way as it was given. Withdrawal does not affect the lawfulness of the processing of your data up to that point.
You also have the right to object to the processing of your data on grounds relating to your particular situation, provided that the data processing is based on our legitimate interests or is necessary for the performance of a public task.
You can object to the use of your data for advertising purposes at any time for the future.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The data protection supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.
English 
Deutsch