The Nexxiot Mounting App (“App”) enables individual users (“user”) to make use of different functions of the App in the name and on the behalf of commercial customers of Nexxiot AG, Hardstrasse 201, 8005 Zürich, phone: +41 44 275 51 51, email: dataprotection@nexxiot.com (“Nexxiot”, “we”, “our” or “us”) provided that the commercial customer has previously entered into an agreement regarding the use of Nexxiot Mounting App with Nexxiot (“Customer Agreement”). In connection with the use of the App certain personal information in the sense of the EU Regulation 679/2016 (“GDPR”) are collected.
This Privacy Policy applies to the processing of personal information by Nexxiot in connection with the operation of the App, as applicable. In the following paragraphs we inform the user in detail about the handling of personal information. Personal information is collected and processed solely in compliance with the statutory provisions of the GDPR.
Operator of the App and controller in the sense of the GDPR is Nexxiot.
In the event of questions regarding the processing of personal information by Nexxiot in connection with the App the user may use the contact details in section 3 of this Privacy Policy.
The App is used to equip individual railcars and intermodal containers with Nexxiot compatible devices. For that the App guides user through the installation process and primarily collects data needed to:
The collected data is not used for tracking purposes, meaning the data is not linked with ThirdParty Data for advertising or advertising measurement purposes, or shared with a data broker.
Contact infomation
The use of the App is only possible via a personalized account of the user (“Account”) set up in Nexxiot system. In this process user's name, email address and optionally (at user's discrection) phone number of the user are collected.
The App asks user to provide e-mail address to authenticate and link user actions with Account. User must be authenticated for security purposes (authorization).
It may be necessary for our support or commercial team members to access the Account of a user for support purposes and validate the visible information in the Account.
This data is solely processed for the purpose of providing the Account and enabling the user to use the App and is thus necessary for the execution of the Customer Agreement according to Art. 6 para. 1 lit. b) GDPR or for protecting our justified interests in providing the App to the user in accordance with Art. 6 para. 1 lit. f) GDPR.
Existing Account data of the user gets deleted as soon as the Account of the user is terminated or the user corrects or changes the relevant data.
Location (only for authorized workshops for Customers using the Globehopper EDGE)
The App collects location data to record where the mounting of the EDGE Devices is performed. The data is necessary to provide our services. The purpose of the collection of said location is to support the investigation of potential issues with Devices. The data cannot be assigned to the user. We use this data solely for the fulfillment of the Customer Agreement according to Art. 6 para. 1 lit. b) GDPR.
User content
When modifying device installation, user answers questions and takes photos. The data is submitted to our servers. The data is necessary to provide our services. We use this data solely for the fulfillment of the Customer Agreement according to Art. 6 para. 1 lit. b) GDPR. This contract-related data will be stored by Nexxiot even after the respective activity has ended. This information only be deleted after the termination of the respective Account or the expiration of statutory retention periods (whichever is later). This data may potentially be used in anonymized or aggregated format in order to better understand the use of the App and to improve the App.
Usage data
We collect anonymized data about user interaction with the App to guide the App development. We use Amplitude to analyze specific user events. No personal data is stored in the process. In this context, we store in particular the IP address. The data cannot be assigned to the user. They are transferred (pushed) to Amplitude exclusively via anonymous API calls. This data is used exclusively to fulfill our contractual obligations to the user or his employer according to Art. 6 para. 1 lit. b) GDPR as well as justified to protect our legitimate interest in providing and improving the App according to Art. 6 para. 1 lit. f) GDPR.
Diagnostic
We collect anonymized crash reports, which help us to resolve encountered problems and ensure reliable App operation. We use the monitoring application Datadog, which analyzes errors in the system based on user behavior. In this context, we store in particular access data such as IP address, browser type and version, the operating system used, the name of the user's Internet service provider, the page from which the user accesses the App or the name of the files/content requested by the user, as well as the date and time of the visit. The data cannot be assigned to the user. It is only pushed to Datadog via anonymous API calls. No personal data is sent to Datadog. This data is used exclusively to fulfill our contractual obligations to the user or his employer according to Art. 6 para. 1 lit. b) GDPR as well as to protect our legitimate interest in providing and improving the App according to Art. 6 para. 1 lit. f) GDPR justified. Also, interaction with the App results in sending requests to our servers. Such requests automatically transfer certain technical information, which is logged by servers to ensure secure and reliable operation. In this context we store in particular access data like device's current IP address, browser type and version, name of the operating system, the resource being requested. This data is solely used for enabling the access and use of the App and for the assessment and improvement of our offer without allowing a direct conclusion on the person of the user. This data is not matched to other sets of data provided by the user. The processing of this data is necessary for fulfilling our contractual obligations towards the user and his employer in accordance with Art. 6 para. 1 lit. b) GDPR as well as for the protection of our justified interest in the provision of our services and improvement of the App in accordance with Art. 6 para. 1 lit. f) GDPR. This data is deleted by us as soon as it is not required for these purposes anymore.
The above data will be stored on servers in Germany. Data of American customers may be stored in United States of America.
The user has the right to request access to his personal information stored by Nexxiot pursuant to Art. 15 GDPR, to request correction of incorrect data pursuant to Art. 16 GDPR as well as the right to request deletion pursuant to Art. 17 GDPR or restriction of use pursuant to Art. 18 GDPR. Further, the user has pursuant to Art. 21 para. 1 GDPR the right to object to the processing if his personal situation provides for a specific reason and personal information is affected that we process for the protection of our legitimate interests (Art. 6 para. 1 lit. f) GDPR). A right to object also applies if personal data is being used for direct marketing (Art. 21 para. 2 GDPR). The user has the right to request that the provided personal information are transferred in a machine-readable format. The user can also lodge a complaint with any competent supervisory authority pursuant to Art. 77 GDPR if the user believes that we process his personal information not in compliance with applicable law.
In case of questions related to the collection, processing or use of personal information as well as for claims for access, correction, restriction of use, deletion of data or revocation of consent or any other rights the user may refer to dataprotection@nexxiot.com or under our postal address with the referrer “The Data Protection Officer”.
The personal information of the user when using the App will be transmitted in encrypted format via SSL/TLS.
We secure the App and our other related systems by technical and organizational controls against loss, destruction, access, change or disclosure of data by unauthorized persons according to ISO 27001.