Data protection information

passify app

Introduction

Passify has set itself the goal combined in one solution of simplifying your day-to-day work and at the same time increasing the security of our contractual partners (operators of logistics locations). In doing so, we focus on an efficient user experience and the protection of your data, because this is extremely important to us.

Passify has taken extensive data security precautions to protect your data. Compliance with applicable data protection mechanisms is a matter of course for us.

We only process, store, and share the information and data with our partners that is necessary for the provision of our services.

This information applies to the processing of personal data in the passify app.

Contents

1. Controller, contact Data Protection Officer

2. Categories of personal data

3. Legal basis and purposes of data processing at passify

   • 3.1. Downloading, installing and general use of the passify app
   • 3.2. Setting up a passify account
   • 3.3. Verification of identity upon registration
   • 3.4. Validation of identity when using the app
   • 3.5. Gate Access / Check-in
   • 3.6. Slot booking
   • 3.7. (Temporary) blocking of user accounts
   • 3.8. Payment processing
   • 3.9. passify Trucking Company Portal
   • 3.10. Technical data

4. Requested authorizations

5. Categories of recipients

6. Duration of storage

7. Information about your rights

2. Categories of personal data

The following categories of personal data may be processed by us in connection with our services:

• Master data:

  First name, last name, date of birth, self-created password and password changes (not visible to passify), identification number/user ID (hereinafter only 'Trucker ID'), database ID, user blocking notices if certain conditions are met (not visible to passify)

• Communication data:

  E-mail address, telephone number, communication content (in particular from e-mails/contact forms including submitted support requests in the app),

• Identification data (for verification with the external service provider):

  Personal or passport data (surname, first name, date of birth, ID number, type of ID document, issuing authority, period of validity of the ID document), a selfie/video taken with the camera of your smartphone/tablet and photo of your ID document for identification via the identification service provider.

• Other data for further processes:

  Fuel card number (e.g., for slot bookings at certain filling stations)

• Billing information:

  Invoice recipient, invoice address, tax ID if applicable

• App usage data:

  Timestamp for certain actions (e.g. time of check-in at the 'Gate Access' terminal), location data of your end device after approval (when using the passify app for check-in at a logistics location and when checked in at the logistics location, contractual partner, order data (e.g. container data), transport company performing the transport, vehicle license plate number

• Technical data:

  Operating system version

• Voluntary information:

  This includes personal data that you provide to us on a voluntary basis without us explicitly asking for it, such as suggestions for improvement or responses to a survey

3. Legal basis and purposes of data processing at passify

3.1 Downloading, installing and general use of the passify app

Purposes of the processing

In order to download and install our app from an app store (e.g. Google Play Store or Apple App Store), you must first register for a user account with the provider of the app store and conclude a corresponding user agreement with them. We have no influence on this; in particular, we are not a party to such a user agreement. When downloading and installing the app, the necessary information is transmitted to the respective app store, in particular your user name, your email address and the customer number of your account, the time of the download and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data provided to the extent that this is necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet).

As a registered and verified user, you can gain access to logistics locations (e.g. terminals) via digital mechanisms if you have the appropriate authorization (e.g. a transport order), drive on the premises and, if necessary, perform other actions before or after access (e.g. slot booking).

Legal basis for the above processing

Art. 6 para. 1 sentence 1 lit. b) GDPR

The processing of the data is necessary for the fulfillment of the contract (provision and use of the app).

3.2 Setting up a passify account

Purposes of the processing

In order to obtain the status of a registered and verified user and thus have the possibility to use passify's services, including (and possibly) those of operators of logistics locations (e.g. terminals), the creation of a passify account in the App is required ("Registration").

Surname, first name, e-mail address and telephone number are mandatory for registration. The data is stored in the user account. You will also be asked for the haulage company you work for, whereby you can select "no details" here.

Registration with the above-mentioned data already gives you limited access to the passify app's functionalities and allows you to get an impression of the "look and feel".

When you register, we check whether there are already registrations with the registration information provided (e-mail address and telephone number).

Legal basis for the above processing

Art. 6 para. 1 sentence 1 lit. b) GDPR

The processing of the data is necessary for the fulfillment of the contract (provision and use of the app) and enables users to obtain a limited overview of the app. Furthermore, we ensure that multiple registrations of users are avoided.

3.3 Verification of identity upon registration

Purposes of the processing

In order to be able to use the essential functionalities (e.g. driving to the logistics locations) of the passify app, we verify your identity within the passify app using an app identification procedure of the external service provider IDnow. For this purpose, (parts of) your master data, contract data (ID document and photo/selfie) as well as special data categories (biometric data) are processed in the app identification procedure due to the comparison of photos/selfies with the person. We use a multi-stage procedure consisting of a check of the person and a check of the identification documents.

The external service provider IDnow verifies and processes the biometric information. The service is only integrated into the passify app. Passify itself does not store, process, or receive biometric data at any time.

Verification procedure:

In order to be able to use the main functionalities of passify, you will be asked to verify your identity in the app.

Verification is started via a button in the 'Verify ID' app, which takes you to the verification environment of the service provider IDnow; by clicking on the 'Verify ID' button, you give your voluntary consent for your personal data to be processed for the purpose of validating your identity. (Note: You can revoke your consent at any time with effect for the future. In the event of revocation, the app can no longer be used to its full extent).

Before starting the verification process, you have the opportunity to view IDnow's terms of service (https://go.idnow.de/terms/de) and privacy policy (https://go.idnow.de/privacy/de).

In order to proceed with the verification, please confirm that you agree to IDnow's terms of service and have read IDnow's privacy policy by checking the box.

If not already done, the authorization to access the camera is then requested via a pop-up; the authorization is mandatory for verification.

The verification process then starts.

A photo/selfie must be taken within the app as part of the person check. In the so-called 'liveness' check which may be used a short video is created in which, for example, you move your head back and forth slightly to show that you are actually in front of the end device. In both cases, the verification of ID documents includes checking security features (e.g. holograms) in order to rule out the possibility of forged documents being used. Successful verification is only possible with a valid, non-expired ID document.

To ensure that you only use a validated passify account, we check our user database after successful verification as part of the registration process to see whether a user account already exists for the registration information (consisting of parts of the master, communication and contract data). Furthermore, we compare the name and first name given during initial registration with the information on the ID document to check whether the information matches (high match required).

After successful verification, relevant data (surname, first name, date of birth, issuing authority) is stored in the passify user account. If necessary, the surname and first name are automatically adjusted according to the information provided on the ID document.

The data processed for verification (surname, first name, date of birth, ID number, type of ID document, issuing authority, period of validity of the ID document), the copy of your ID and your selfie are generally deleted by the external service provider after verification has been completed, but after 30 days at the latest. Passify itself does not store a copy of your ID, your selfie or biometric data at any time.

Note: A verification is valid for one year. At the latest after expiry of the validity period, but if necessary also randomly and randomly earlier, passify carries out re-verifications with the help of the app identification procedure of the external service provider in order to guarantee and additionally increase the security of the system, up-to-dateness, correctness and protection of the data.

Legal basis of the above processing

Art. 6 para. 1 sentence 1 lit. a), 7 GDPR

Processing takes place on the basis of your voluntary consent. We compare the registration information with the existing user data in order to optimize the customer database, prevent abusive multiple registrations and thus increase security for the operators of the logistics locations and the users.

3.4 Validation of identity when using the app

Purposes of the processing

Access to the passify app after registration includes password protection or the use of authentication methods of your end devices ('Face ID' or other individual features using information stored on the end device). In order to be able to use certain functions in the passify app (e.g. terminal access, hereinafter referred to as 'Gate Access'), successful authentication of this type is mandatory. For this purpose, passify uses the service provided by your device. At no time, however, are features or data of the authentication methods processed by passify itself, stored by passify or transmitted to passify. Passify only receives the information whether the authentication was successful or not.

Authorization is required to enable authentication. The authorization can be managed in the authorization settings of the app. Further information on this can be found under 'Requested authorizations'.

Legal basis of the above processing

Art. 6 para. 1 sentence 1 lit. c), 32 GDPR

The processing of the data is necessary for the fulfilment of legal, technical, and organizational protection obligations in order to protect critical infrastructures from criminal acts and to increase security for the operators of logistics locations (e.g. terminals) and users.

3.5 Gate Access / Check-in

Purposes of the processing

If the authorization is available (e.g. pick-up order for a specific terminal) and provided that the identity is validated, the Gate Access function can be used. It is important for Gate Access that the current license plate number is stored. This is necessary for the fulfillment of the contract, as it allows a comparison to be made as to whether the driver is in the correct lane, the license plate number matches the order data transmitted to passify by the terminal operator and thus an assignment of vehicle and order can be made.

Furthermore, when the gate access function is triggered, the current location of the terminal device is checked in order to display the nearest logistics location and to ensure that the terminal device, and therefore the authorized driver, is in the immediate vicinity of the logistics location for which gate access is requested. This ensures fast and more efficient handling and increases security by preventing the gate/barrier from being opened remotely.

To compare the information in the operating system of the operator of the logistics location (e.g. terminal), the pseudonymized trucker ID and the previously communicated vehicle license plate number are transmitted to the operator of the logistics location (e.g. terminal). The entry and exit times are stored at passify for logging entries and exits. The assignment of trucker ID and license plate number is deleted after 12 hours.

During the stay at the logistics site (checked-in status), the location is determined and saved every 5 minutes in order to increase security on the site and prevent access to prohibited areas.

Note: To be able to access a logistics location at all, the access instructions for the respective logistics location (individual for each logistics location and provided by the operator) must be accepted in the passify app by pressing a button. Acceptance of the access instructions must be repeated at regular intervals (validity of acceptance) or after an adjustment has been made according to the operator's individual specifications and is documented in the system. As soon as the driving instructions are accepted and as long as this is valid, your trucker ID as well as your surname and first name will be listed in the 'Driver list' of the respective terminal.

Legal basis for the above processing

Art. 6 para. 1 sentence 1 lit. b) GDPR

The processing of the data is necessary for the fulfillment of the contract (provision and use of the app) in order to increase security for the operators of logistics locations (e.g. terminals) and to protect possible critical infrastructures from criminal acts.

3.6 Slot Booking

Standard Slot Booking

To book a slot for the handling of orders at logistics locations, the trucker logs into the slot booking tool at the appropriate point in the handling process via Passify or uses the slot booking function in the Passify app, provided that this has been set up and approved at the respective logistics location. As part of the slot booking, Passify transmits the trucker ID as well as the trucker's surname and first name to the operator of the logistics location.

Special Form: Slot Booking for Filling Station

Via Passify, authorized and verified truckers from activated haulage companies can book slots for certain refueling processes (e.g., at hydrogen filling stations) via the Passify app. Depending on the respective contractual partner or filling station operator, it may be necessary to enter a fuel card number as part of the booking process. During the booking process, billing-relevant information (time slot, fuel card number if applicable, trucking company with address) can be transmitted to the filling station operators.

Art. 6 para. 1 sentence 1 lit. f) GDPR

3.7 (Temporary) blocking of user accounts

Purposes of the processing

In the event of a violation of applicable law or the terms and conditions of the operators of logistics locations or disregard of access instructions (e.g. of the terminals), reasons for this can be stored, which are associated with a (temporary) blocking of access or restriction of use of the app.

The entry is made in a free text field by the operator of the logistics location (e.g. terminal) and can only be viewed by the operator. Passify itself has no access to the encrypted information.

Legal basis for the above processing

Art. 6 para. 1 sentence 1 lit. f) GDPR

The legitimate interest in the storage of violations that lead to the (temporary) blocking of user accounts is justified by the right of the operators of the logistics locations to take measures for building and plant security, measures for business management and measures to prevent criminal offenses.

3.8 Payment Processing

Purposes of the Processing

In order to be able to use the passify app or connected services to their full extent and to enable an efficient checkout process for you, certain actions or functions in the passify app or connected services are subject to payment. Payments are processed via the external payment service provider Stripe.

License Acquisition "passify-GoKey"

For certain actions or functions (e.g., gate access, slot booking), the purchase of a passify GoKey (user license for ISPS systems) is required. This can be purchased via the passify app by truckers themselves or in the "passify Trucking Company Portal" by trucking companies for the truckers assigned to the respective trucking company.

After purchasing a passify-GoKey, the passify-GoKey is assigned to the respective trucker and thus all functions for which the passify-GoKey is required are automatically activated.

Note Regarding the Receipt of Data from the Payment Service Provider

Once payment has been processed, passify receives the following information from the payment service provider for further processing and invoicing: invoice recipient, invoice address, tax ID if applicable (if specified in the payment process) and scope of the purchased/booked services, some of which are processed fully automatically and assigned to the corresponding users (truckers or haulage companies).

Further information on Stripe can be found under "Categories of recipients".

Legal Basis for the Above Processing

Art. 6 para. 1 sentence 1 lit. b) GDPR

3.9 Passify Trucking Company Portal

Purposes of the Processing

For trucking companies, there is a "passify Trucking Company Portal" (hereinafter referred to as the web portal) set up especially for them. This is initially set up by passify on the initiative of a trucking company. The trucking company informs passify of the desired e-mail address as well as the first and last name of the administrator. After setting up, a confirmation e-mail is sent to the e-mail address. Before using the web portal for the first time, each user must take note of the data protection information and accept the GTC. The user can then set a self-created password. Additional users can be created and changed in the web portal by the administrator.

All users of a haulage company's web portal can view the other users of the haulage company, including their role (admin or user).

After registering a haulage company in the web portal, it is possible for truckers to assign themselves to the respective haulage company. Trucking companies can use the driver list to view all truckers who have assigned themselves to the respective trucking company in the passify app. The haulage company can then confirm the trucker as a trucker belonging to the haulage company in the driver list or delete the assignment.

Truckers have the option of changing the haulage company or deleting the assignment at any time. From the time an assignment is changed or deleted, truckers are no longer included in the list of the (previous) haulage company.

Trucking companies can use the web portal to book or purchase the passify GoKey (license to drive on ISPS facilities) or other services for the respective truckers assigned to the trucking company for individual or multiple truckers.

Both the use of the web portal of trucking companies and the assignment of a trucker to a trucking company is exclusively on a voluntary basis and is not necessary or required for the use of the passify app.

The following trucker information can be viewed by trucking companies in the web portal: Trucker ID, surname, first name, email address, company status (confirmed / waiting), passify status (unlocked / not unlocked), prohibited list (e.g. access restrictions for certain areas), GoKey (available / not available).

Legal Basis for the Above Processing

Art. 6 para. 1 sentence 1 lit. b) GDPR

The processing of the data is necessary for the fulfillment of the contract (provision and use of the web portal). The basis for the use of the web portal for haulage companies is the user agreement with the haulage companies (GTC).

3.10 Technical data

When you access our app, we process data that your device sends to enable you to use the app. This is a technically necessary process during which data is transmitted. In the event of malfunctions, the data is used to analyze and rectify errors in order to optimize the app. The data (database ID and version of the operating system) is stored for a limited period of time in so-called protocols or log files until the data is completely anonymized. In the case of anonymization, the data is changed in such a way that information relating to identified or identifiable persons can no longer be assigned to a person or only with a disproportionate amount of time, cost and manpower.

Legal basis for the above processing

Art. 6 para. 1 sentence 1 lit. b) GDPR

The processing of the data is necessary for the performance of the contract (provision and use of the app) in order to keep our app available (i.e. stable and secure), to optimize it, to develop it further and thus to offer our customers the best possible services and to increase customer satisfaction.

4. Requested authorizations

For some functions, the app must be able to access certain services and data on your mobile device. Below we explain which authorizations the app may request and for which type of functions these authorizations are required for the different operating systems.

You can regularly manage the permissions via your operating system, i.e. view, activate and deactivate them. To do this, you can open the 'Settings' application in iOS. In the following menu, you will find an overview of all apps installed on your device. Select the passify app there and manage your permissions. In Android, you can also open the 'Settings' application and select the 'Apps' menu item. In the following menu, you will find an overview of all apps installed on your device. Select the passify app there and manage your permissions. The names may differ slightly depending on the iOS or Android version you are using.

Please note that deactivating/denying certain authorizations can lead to functional restrictions in the passify app.

• Location

  When you open the app for the first time, you will be asked via a pop-up whether the app may access the location of your device either once or when you use the app. If you agree to this, the app can determine your exact location using various technologies (GPS, Bluetooth, Wi-Fi). If you have only given your consent once, you will be asked for authorization again when you activate certain functions. In general, the location is only retrieved when certain functions are activated and is never determined continuously. During an active visit to a logistics location (e.g. terminal), your location is automatically determined and saved every 5 minutes.

• Camera access

  When you open the app for the first time, you will be asked via a pop-up whether the app is allowed to use your device's camera. In order to enable the use of essential functions of the app (e.g. gate access), we require authorization to access the camera for some functions. Access is necessary, for example, to take photos to validate your passify account or to authenticate yourself for certain functionalities (e.g. Gate Access). The camera is also required to scan QR codes at the check-in stations at the logistics sites in order to verify the actual position and the existence of an order. If the authorization is not granted when the app is opened for the first time, the query is asked again when certain functions are triggered.

• "Face ID" or other authentication methods

  When you open the app for the first time, you will be asked via a pop-up whether the passify app is allowed to use the Face ID function (when using devices with the iOS operating system) or similar authentication methods on your device. To enable the use of essential functions of the app (e.g. Gate Access), the corresponding service must be set up on the end device and authorization must be granted. If authorization is not granted when the app is opened for the first time, you will be asked again when certain functions are triggered.

• Messages

  When you open the app for the first time, you will be asked via a pop-up whether the passify app can send you messages.

5. Categories of recipients

Logistics site operator

There is a contractual relationship with the respective logistics site operators to which you (can) request access, in which we act as a processor for the logistics site operator. As processors of the logistics site operators, we are subject to confidentiality and are contractually obliged to transfer your personal data to the respective operators for a specific purpose and to comply with data protection regulations.

Service provider / processor

To process your data, we sometimes use specialized service providers who in turn work for us (e.g., IT service providers, hosting providers, data centers, payroll service providers, etc.). Our service providers are carefully selected and regularly monitored by us. They only process personal data on our behalf and strictly in accordance with our instructions on the basis of corresponding order processing contracts. The data passed on may only be processed by the respective processor on the basis of agreements in accordance with Art. 28 para. 3 sentence 1 GDPR. The processors are subject to confidentiality and are contractually obliged to maintain data protection through the order processing contract.

IDnow (identification service provider)

We use a digital and certified procedure to identify our users in order to comply with legal requirements and, in particular, to support our contractual partners, the operators of logistics locations, in meeting the requirements of the ISPS Code. We use the service provider IDnow (IDnow GmbH, Auenstr. 100, 80469 Munich, Germany). There is an order processing relationship between passify and IDnow. As a processor, IDnow is subject to confidentiality and is contractually obliged to maintain data protection through the data processing agreement. IDnow's procedures are certified by independent bodies and offer a particularly high level of security and reliability. For the purpose of identifying our users, passify only stores the personal data transmitted by IDnow that is absolutely necessary for unambiguous identification (surname, first name, date of birth, issuing authority). Passify never stores biometric data or processes it itself. IDnow deletes all personal data after a maximum of 30 days.

Haulage company

Truckers can assign themselves to a registered haulage company on a voluntary basis. The assignment can be deleted at any time by the haulage company or the trucker himself. As long as the assignment exists, the respective trucker is listed in the driver list in the web portal. Only the information that enables the haulage company to assign/verify your truckers beyond doubt and is required for functions in the web portal for haulage companies is stored and processed.

The following information can be viewed by trucking companies in the web portal: Trucker ID, surname, first name, email address, company status (confirmed / waiting), passify status (unlocked / not unlocked), prohibited list (e.g. access restrictions for certain areas), GoKey (available / not available)

Payment service provider

We use an external payment service provider via whose platform the users (truckers and/or haulage companies) and we can carry out payment transactions including the purchase and payment processing of the passify GoKey. The provider of these payment services is Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ('Stripe'). When paying via Stripe, the payment data you enter will be transmitted to Stripe. You have the option of choosing from the payment methods provided by Stripe. The personal data exchanged between Stripe and the controller may be transmitted by Stripe to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness. Stripe may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data should or must be processed on behalf of Stripe. You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies. However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing. Stripe is responsible for processing the data. Further information on data processing and the applicable data protection notices of Stripe can be found at https://stripe.com/de/privacy.

Other

In addition, there may be further legal obligations to transfer data in individual cases, but these may only arise in specific individual cases and not in general. This also includes cooperation with investigating authorities and the transfer of data in this context in compliance with data protection law. Data processing generally takes place in the EU/EEA. Processing of data outside the EU/EEA is permitted under the conditions of Art. 44 et seq. of the GDPR. As we develop our business, we may change the structure of our company by changing its legal form, founding, buying or selling subsidiaries, divisions or components. In such transactions, customer data may be transferred together with the part of the company to be transferred. If we disclose personal data to third parties to the extent described above, we will ensure that this is done in accordance with this privacy policy and applicable data protection law.

6. Duration of storage

We only process your data until the purposes for which the data was collected have been fulfilled. Thereafter, your data will be deleted or anonymized, unless the processing or storage of your data is necessary for the assertion, exercise or defence of legal claims. In the case of statutory retention obligations, erasure or anonymization will only be considered after the respective retention obligation has expired. Until deletion or anonymization, the data will be stored in blocked form.

Access logging (log files, technical data)

• Data (database ID and operating system version) is completely deleted or anonymized after 3 years at the latest

IDnow (external service provider)

• Identification data will be completely deleted no later than 30 days after verification

Other activity data

• Activity data (e.g. gate access) is deleted or anonymized after 3 years at the latest if it is not billing-relevant data
• Location data is anonymized before storage

User account (inactive)

• After one year of inactivity, the user is informed of the inactivity and informed that a lack of interaction leads to the deletion or anonymization of the data
• Without interaction, the user account is automatically deleted or anonymized after 3 years at the latest

Request for deletion of the user account

• If the deletion of the user account is requested, the account will be blocked

• E-mail address and telephone number will be anonymized immediately after the request for deletion of the user account
• All data will be stored for 3 years after the request for deletion, after which all personal data will be deleted or anonymized.

Billing-relevant data

• Storage period in accordance with the applicable provisions of the HGB: 10 years

7. Information about your rights

The following rights are available to you under the applicable data protection laws:

• Right to information about your personal data stored by us;

• Right to rectification, erasure or restriction of processing of your personal data;

• Right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims;

• Right to data portability;

• Right to complain to a supervisory authority;

• You can revoke your consent to the collection, processing and use of your personal data at any time with effect for the future. You can find more information on this in the respective sections above, where data processing based on your consent is described.

• If you wish to exercise your rights, please address your request to:

Passify GmbH, St. Annenufer 2, 20457 Hamburg, or to the e-mail address: datenschutz@passifyapp.de