page white space 300x40

Privacy Policy

We would like to inform you below about the collection and processing of personal data in the context of the usage of msg.IoTA services, recording devices and platform.

Data protection and information security are particularly important to us. For this reason, precautions have been taken to protect your privacy. Your personal data will only be processed if processing is necessary to comply with a legal obligation, if this is necessary for the fulfillment of a contract, to guarantee predominantly legitimate interests or if you have expressly consented to it.

The user remains responsible to guarantee the admissibility of the processing of the personal data of the data subjects when providing the recording device to other persons or using it in company vehicles.

Responsible and Data Protection Officer

Responsible for the processing of your personal data (“Operator") according to the GDPR is:

msg global solutions AG
Thurgauerstrasse 39
8050 Zürich/ Oerlikon
Switzerland

The Data Protection Officer can be reached by post at the above address with the addition - Data Protection Officer - at:

Email: dataprotection@msg-global.com

Legal Basis for the Processing

For reasons of data protection law, the processing of your data is only permitted if you consent to the data processing operations. In this sense, your registration to the msg.IoTA Recording App is solely possible if you give us this consent (Art. 6 (1 a) GDPR). By accepting this policy, consent to the processing of the described data is given.

In case pseudonymized data is kept stored, this will be processed for the purposes of legitimate interests (Art. 6 (1 f) GDPR).

If personal information is processed on the basis of your consent, you have the right to revoke your consent to us at any time with future effect.

If we process data based on legitimate interests according to Art. 6 (1 f) GDPR, you, as the person concerned, have the right to object to the processing of your personal data, taking into account the requirements of Art. 21 GDPR.

Which personal data do we process and for which purposes?

We process the following personal data from you:

  • E-mail address
  • First and last name
  • Your password
  • Cell phone number
  • Vehicle identification number (VIN)
  • Geoposition data (GPS) of the recording device at the time of use

User language is automatically detected based on the language of your browser and afterwards on your settings and stored for changing the display language of the frontend and the email language.

We process your personal data (including usage data) for the following purposes:

  • Technical provision of msg.IoTA and related functions.
  • Calculation of subscores and aggregation of an overall score according to the collected data.
  • Calculation of collision probability and possible impact according to the collected acceleration, position, and vehicle data.
  • Execution of tests of msg.IoTA.
  • Processing and, if necessary, responding to test feedback.
  • Processing of service and support requests.

Processing for the aforementioned purposes is permitted pursuant to Art. 6 (1) b) GDPR, as the processing operations are necessary to enable you to use msg.IoTA. This represents the fulfillment of the operator's obligations arising from the free-of-charge usage agreement via msg.IoTA. In addition, the processing of usage data required for the use of msg.IoTA is permissible pursuant to Section 15 (1) of the German Telemedia Act (TMG).

If you consent to the processing of personal data in an individual case, regardless of the specific purpose, by means of a clearly confirming action, Art. 6 (1) a) GDPR is the legal basis for this. You may revoke any consent given at any time with effect for the future.

Further purposes of the processing of personal data are:

  • Analysis and processing (including anonymization, if applicable) of the collected data.
  • Product improvement of msg.IoTA with regard to functions and performance features.
  • Prevention of malfunctions and misuse.

General information about processing when downloading the app

When downloading the app, certain required information is transmitted to the selected app store (e.g. Google Play or Apple App Store). In particular, the username, the e-mail address, the customer number of your account, the time of the download, payment information, and the individual device identification number may be processed. However, the processing of this data is carried out exclusively by the respective app store and is beyond the control of the operator.

For more information, please visithttps://policies.google.com/privacy?hl=en&gl=en (Google Play Store) or https://www.apple.com/legal/privacy/ (Apple App Store).

Required app permissions on the smartphone

Using msg.IoTA requires the following access permissions on the smartphone:

  • System time
  • Accelerometer
  • Gyroscope
  • GPS
  • Bluetooth (depending on the recording device)

Recording device

For recording devices that transfer data via the user’s smartphone (e.g. devices of type “Beacon”), the user-device assignment is done by the user in the provided recording app. All data recorded by a recording device with the provided msg.IoTA Recording App will be assigned to the user logged in to the app to enable a secure rights and roles concept. The recording app is installed by the user on a smartphone.

After login and until logout the recording app stores the following information locally and securely.

  • User authorization information, including anonymous user ID.

This is used to authenticate the user with the backend to facilitate data upload and download and to allow the user to contact and request information.

To facilitate automatic discovery and connection, the recording app stores the following information for each recording device registered by the user in the app

  • Unique Recording Device Name and Media Access Control (“MAC”) address
  • Custom Recording Device Name given by user

The msg.IoTA Recording App does record temporarily the following data locally:

  • Date and time of the trip
  • GPS track of the trip
  • Accelerometer track of the trip
  • Unique Recording Device MAC address
  • User ID

From this data the following trip meta data is calculated and stored locally:

  • Date and time of all trips
  • Start GPS location and end GPS location of all recorded trips
  • Duration and Distance of all recorded trips
  • Unique Recording Device MAC address
  • User ID

If you remove the user-device assignment in the msg.IoTA Recording App on your smartphone, no new data will be processed in your account recorded by this app with this device. Nonetheless, you still have access to your historic trip data until the deletion of your account, even if the device is assigned to a new user. The historic trip data will not be displayed to a new user.

Recipients / Transfer of data

Data that you provide to us will generally not be disclosed to third parties. In particular, your data will not be disclosed to third parties for their advertising purposes.

If you are part of a fleet, a fleet manager and administrator will be defined for your fleet. You will be informed about who is the fleet manager and admin of your fleet.

The fleet manager of your company can see all the trip data of the fleet, other users in the fleet cannot see trip data from its peers. The fleet manager also has access to the user-device assignment and can manage the assignments (assign new device and revoke device assignment). The fleet admin can manage the roles of his fleet but has no access to the trip data of the fleet.

Further recipients of the data can be related companies of the msg global solutions Group for development purposes and data processors according to art. 28 GDPR. Recipients of personal data refer only to the following entities and the respective recipient to which they belong. Under no circumstances will your personal data be passed on to unauthorized third parties or further partners.

Amazon AWS, Eschborner Landstraße 100, 60489 Fráncfort del Meno / DE

TProcessing type: hosting of the platform, IaaS (Infrastructure as a Service) / PaaS (Platform as a Service) for msg.IoTA SaaS.

Separate privacy notice: https://aws.amazon.com/de/compliance/germany-data-protection/

HERE Global B.V. Kennedyplein 222-226 5611 ZT Eindhoven / NL

Type of processing: Enrichment of location data with maps..

Separate information on data protection: https://legal.here.com/de-de/privacy/policy

Spearhead AG, Industriestrasse 12, 8305 Dietlikon / CH

Processing type: Provision of vehicle identification and damage analysis services.

tepeg GmbH, August-Horch-Straße 5, 56736 Kottenheim / DE

Type of processing: provision of meta-information and driving data recordings from vehicle controller (Event Data Recording & Retrieval, EDR) based on vehicle identification.

Data processing outside the European Union

Your personal data is processed and stored in cloud servers inside the European Union.

How long will your data be stored?

We delete your personal data as soon as they are no longer required for the above-mentioned purposes and there are no legal retention obligations or an exceptional legitimate interest in continued storage.

In case a complete fleet is deleted, all the trip data will be immediately erased.

All data stored by the msg.IoTA Recording App for Beacon recording devices on the user’s smartphone will be deleted when the user deletes the app or the app data.

Furthermore, accounts that are inactive for more than one year will get a reminder to check if the user is still active, if the verification is not completed within 4 weeks the account will be automatically erased and the trip data anonymized.

A requirement to further store your personal data may exist, in particular, if the data is still needed in order to be able to fulfill contractual obligations, to examine warranty claims and, if applicable, guarantee claims and to grant or defend them. In the case of legal storage obligations, the date will be deleted only after expiration of the respective retention obligation.

Data Security

msg global solutions technical and organizational security measures to ensure that your personal data is protected from loss, inaccurate changes or unauthorized access by third parties. Only authorized persons based on our role concept will have access to your personal data. Access is also granted only to the extent necessary for the purposes set out above.

1. Rights of Access

You have the right to obtain from the responsible the confirmation as to whether or not personal data concerning you are being processed. If such processing occurs, you can request from the responsible access to information related to this processing.

2. Right to rectification

You have the right to obtain from the responsible the rectification and/or completion of inaccurate/incomplete personal data concerning you. The responsible must proceed with the rectification without undue delay.

3. Right of restriction of processing

You may request the restriction of the processing of your personal data under certain conditions pursuant to art. 18 GDPR.

4. Right to erasure (Right to be forgotten)

a) Duty to delete

You may require the responsible to delete your personal information without delay, and the responsible is required to delete within the legal boundaries.

b) Information to third parties

Where the responsible has made personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the responsible, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such responsible of any links to, or copy or replication of, those personal data, as far as processing is not required.

c) Exceptions

The right to erasure does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information.
  2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the responsible is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the responsible.
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR.
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of processing to the responsible, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

6. Right to data portability

You have the right to receive personally identifiable information you provide to the responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

  1. the processing is based on a consent acc. Art. 6 (1) a GDPR or Art. 9 (2). a GDPR or on a contract acc. Art. 6 (1) b GDPR and
  2. the processing is done by automated means.

Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible.

7. Right to object

You have the right, on grounds relating to your particular situation, at any time, to object the processing of your personal data, which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.

If the responsible processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing.

8. Right to withdraw your consent

You have the right to withdraw your consent to processing of personal data at any time. The withdraw of consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

9. Right to appeal to a competent data protection supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates against the GDPR.

Changes of this privacy policy

We revise this Privacy Policy for changes to the IoTA platform or other occasions that may require it. You will always find the current version on this website.

Version: 2022-12-01

© 2022 msg global solutions AG

© 2024 msg global solutions ag