Privacy Policy

Version 001.0821
Last Updated: 1 Mar, 2024

At PANION (K2 Mobility GmbH), one of our main priorities is the privacy of the users of our applications and technology. This privacy notice outlines the information that is collected, processed, and used by PANION (PANION Mobile App and PANION Dashboard) and PANION (the website).

Navigate this privacy notice to understand:

  1. Who we are and how to contact us
  2. Scope of this privacy notice
  3. Why we collect and process
  4. Third-party services and intended international transfers
  5. How we protect your data
  6. Rights you can exercise with regards to your data and how to apply them

1. Who we are and how to contact us

Responsible for your personal data is:

K2 Mobility GmbH
Am Speicher 4, 14473 Potsdam, GERMANY
If you have additional questions or require more information about our privacy policy, do not hesitate to contact us directly at [email protected].

2. Scope of this privacy notice

This privacy policy APPLIES to four categories of people.

App-related users

  1. Mobile App Users who have been invited by their company to download the PANION Mobile App on their mobile phone and use it while driving a fleet or benefit vehicle provided to them by their employer.
  2. Dashboard (Web-UI) Users designated by our clients who have an account and who receive admin functionalities for the PANION Dashboard Management Tool.

Website visitors

  1. Mobile App Users who have been invited by their company to download the PANION Mobile App on their mobile phone and use it while driving a fleet or benefit vehicle provided to them by their employer.
  2. Dashboard (Web-UI) Users designated by our clients who have an account and who receive admin functionalities for the PANION Dashboard Management Tool.
  3. Website visitors who browse our website.

This policy DOES NOT APPLY to all data collected by your company in the context of driving activities monitored as part of your job. If you are a vehicle driver, please get in touch with your fleet management or program manager (sponsor of the transition project) to understand how your company collects and processes your data and how to exercise your data protection rights

3. Why we collect and process your data

Data Subject CategoriesActivities making use of your personal data and the purpose they serve for PANION (us)GDPR Legal baseRetention period
Mobile App UserDebugging
Allows us to better understand stability issues of our software (SDK) on different OSs and models.
Legitimate interest1 year
Improving PANION EVT Dashboard Management Tool
Allows us to learn how to improve its use of phone sensor data as a replacement for direct vehicle telemetry.
Legitimate interest1 year
Assessing energy consumption and driving patterns
Allows us to provide information on energy consumption for a particular driving style.
Legitimate interest1 year
Performing quality assurance on the Mobile App
Allows us to ensure that the Mobile App data is correct relative to telemetry data.
Legitimate interest1 year
Dashboard User (Web-UI)Authentication of the fleet manager to the PANION EVT Dashboard Management Tool
Allows us to authorize access to registered fleet managers.
Legitimate interest2 years
Company representativesResponding to website inquiries
Allows us to respond to inquiries via the website.
Legitimate interest3 years
Managing the client / partner relationship
Allows us to conclude contracts and ensure after sales services as well as ensuring billing.
Performance of a contractfor the duration of our contractual relationship
Reaching out to B2B leads and legitimate interest communication
Legitimate interestLimited to the cold call campaign (max 1 week)
Job applicantsCollecting applicant data on PANION.org
Allows us to process job applications and assess whether applicants are a good fit.
Legitimate interest6 months

Checking the references provided by applicants

Allows DEEDV to ensure applicant’s references are correct.

Legitimate interest6 months

3.1. Data processed from drivers

3.1.1 The PANION Mobile App is downloaded from an app store. Such an app store collects additional information as stated in the respective app store’s policy. This collection is not done by PANION, but as part of your user relationship with the respective app store. We have no influence on this data transmission nor is this data made available to us. For more information, please refer to the privacy policy of the respective app store.

3.1.2 When installing the PANION Mobile App

When installing the PANION Mobile App, the following necessary data points and log files are transmitted to us:

  • App version
  • App operating system version
  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Amount of data transferred in each case
  • Operating system and its interface
  • Language and version of the operating system
  • Information that the account was created

3.1.3 Data processed when using the PANION Mobile App and driving your vehicle

When you drive and manually trigger the recording of your journey on the PANION Mobile App, it collects the following data points:

  • GPS data
  • Gyroscope reading
  • Accelerometer reading
  • Information about an active login to application

If your vehicle is equipped with a telemetry device and a respective agreement exists, PANION may automatically collect the following data points*:

  • GPS data
  • Outside temperature (contributing to the energy demand of the vehicle)
  • Inside temperature or heating / AC status (contributing to the energy demand of the vehicle)
  • Tire pressure (contributing to the energy demand of the vehicle)
  • Speed
  • Revolutions per minute (RPM)
  • Fuel consumption rate
  • Mass air flow
  • Absolute load
  • Throttle position
  • Oil temperature
  • Gear status
  • Odometer

*Please contact your fleet manager or program manager (sponsor of the transition project) to find out if your vehicle is equipped with a telemetry device and whether it is sharing data with PANION.

3.1.4. PANION Mobile App permissions, push notification permissions & push notifications

The app requests the following permissions:

  • Permission for location data (GPS) collection
  • When the app is running and collecting data, we display a persistent notification about this fact (relevant only to Android users)
  • Notification about odometer data upload: every 21 days, we remind app users about the pending odometer data upload

Push-notifications are triggered on your phone to remind you to start and stop trip recording and to select the available vehicle for the trip you wish to record. You can deactivate push notifications at any time via your mobile phone settings

3.1.5. Use of the contact form within the PANION Mobile App

If you contact us via the contact form provided in the app, PANION uses the information you share in the form to address your request.

When contact is established, we automatically collect information about:

  • The app version in usage
  • The type of device used
  • The email address if the user wants to be contacted (optional)

3.2 Data processed from website visitors (panion.org)

When you visit our website we log your visit in the form of a log that contains:

Additionally to the visit log,

  • If you make use of our contact from as a company representative interested in our services, we process the following information:
    • Full name, company, email
    • Free text message
    • Consent to receiving marketing communications (optional)
  • If you are a job applicant, we process the following information: Full Name, CV, salary expectations, notice period, email address, telephone number, LinkedIn Profile

3.3 Data processed from B2B leads and potential partners

If you have been contacted by our marketing department as a company representative, the data we have on you is the following information:

  • Name,
  • Company,
  • Ttitle,
  • Phone number (public business number),
  • Location,
  • Industry.

3.4 Data processed from B2B clients and partners

If you become our partners or customers we process the following information:

  • Full name and position,
  • Company you work for and corporate email address,
  • Fleet size and company objectives,

4. Third-party services and intended international transfers

4.1 Categories of providers we share your information with

PANION (the PANION Mobile App and the browser-based PANION Dashboard Management Tool) rely on the following third-party services to provide the best functionality:

  • Partners providing services for app defect monitoring (i.e., software bugs for which part of the data is processed in the United States)
  • Partners providing services for the determination of trip distance and CO2 emissions, for which data processing occurs in the European Union
  • Partners providing services for sending secure emails for which data processing occurs in the European Union
  • Partners that provide us with cloud hosting and cloud tools for which data processing occurs in the European Union
  • Partners that warrant the safety of our log files, for which data processing occurs in the European Union

Only data relevant to the functionality of these services is shared with these partners. PANION only transfers data to the above third-party service providers if this is necessary for the aforementioned purposes and permitted by law or if you have explicitly given your prior consent for the data to be transferred.

4.2 Information shared with your company as a Driver

By accepting the PANION Mobile App’s Terms of Use, you agree to share, via the PANION Mobile App, trip data with your company’s responsible fleet manager or program manager (sponsor of the transition project) via the PANION Dashboard Management Tool. Please note that no information on your actual GPS locations is shared with your company. PANION only uses your GPS location data to calculate trip characteristics.

Categories of providers we share your information with as a company representative, website visitor and job applicant.

  • Suppliers providing office tools for day-to-day communication (i.e., email, visio conferencing, document drafting, CRM (Customer Relationship Management), ERP (Enterprise Resource Planning systems) for which part of the data is processed in the United States)

5. How we protect your data

To protect your data, PANION relies on multiple security measures. Some are implemented and maintained by our experts, others are provided for by the tools that we use, the policies we implement, and the reviews we carry out. The list below is meant to illustrate some of the measures that are currently active:

Access controls

  • Company location: only authorized employees have access to building and office
  • 2-factor authentication (2FA) is enforced for any tool that allows it
  • Use of a password manager to generate random passwords and manage them locally for all high-security applications
  • Role-based and least privilege access is defined for every tool used by staff, if possible
  • Centralized access management and documentation of access to provide traceability of activity

Server security

  • Our cloud infrastructure providers implement state-of-the-art server security
  • Support from a certified Cloud Infrastructure Architect for building the most secure setup and providing security control policies that adhere to the highest security standards

Network security

  • SSL communication is enabled between our services (apps, databases) and other secure protocols
  • The PANION Dashboard Management Tool web interface and APIs are only accessible via HTTPS
  • Strict segregation of production and test data
  • Access to cloud services is managed by our identity management system or, if not possible, is managed with role-based access and multi-factor authorization with session expiration times

Staff practices and commitment to confidentiality

  • The onboarding policy covers computer security and staff commitment to confidentiality
  • 2-factor authentication (2FA) is enforced whenever possible
  • Employee ICT devices have hard disk encryption enabled
  • Software on our computing devices is kept up to date

Security and privacy by design and default

  • A driver’s identity is not visible to the controller’s fleet manager by default
  • PANION Mobile App only collects data if manually enabled. Automated collection is not enabled

6. Rights you can exercise with regards to your data and how to apply them

6.1 What rights are available to you?

6.1.1. For data processed under legitimate interest (GDPR Art.6.1.f)

Relative to the processing activities outlined above (in the table provided in section 3), and provided that: the data is not marked as required for the establishment, defense, performance of legal claim, and that we can identify you, the following rights are available to you:

Processing activitiesLegal base for the processing Available rights(details are provided below the table)
PANION Activities 
(Electric Transformation Tool)

 

  • Debugging
  • Improving PANION Dashboard Management Too
  • Assessing energy consumption and driving patterns
  • Responding to website inquiries
  • Collecting applicant data on PANION.org
  • Checking the references provided by applicants
  • Authentication of the fleet manager to PANION Dashboard Management Tool
legitimate interest

The rights of access, rectification, erasure, restriction, and the right to object.

Additionally, you have the right to lodge a complaint with a supervisory authority.

Marketing activitiesPerformance of a contract
Recruiting activitieslegitimate interest
Sales activitiesPerformance of a contractYou have the rights outlined above and in addition, the right to data portability.

The rights of access

You have the right to obtain, the following information from us:

  • What data is being processed about you
  • The purposes those activities serve
  • The recipients of the data
  • How long the data is needed and kept
  • Whether automated decision making is made that impacts your freedom and liberties
  • What applicable appropriate safeguards are applied when transferring your data

The right to rectification

You have the right to request the rectification of inaccurate data or the completion of incomplete data.

The right to erasure

You have the right to request that we delete your data in the following cases:

  • Data is no longer necessary
  • ou have objected to the processing under our legitimate interests and we have not been able to provide convincing evidence that these interests override your freedoms and liberties
  • The processing takes place unlawfully (i.e., outside of the cases described in section 3)
  • We have collected data from publicly accessible sources

We will not, however, be able to delete the data in the following cases:

  • Were we are unable to identify you
  • In the instance of a running contract in which you are primary admin (i.e. as the sole admin user of the PANION Dashboard Management Tool)
  • We must retain your information to comply with existing law (e.g., tax or invoice records if your data as a fleet manager appears in our sales and payment documents)
  • For the establishment, exercise, or defense of legal claims

The right to restriction

You have the right to request that we mark your data (restrict) against further processing in the following cases:

  • You contest the accuracy of the data
  • You believe the processing we carry out is unlawful
  • You believe your data is no longer needed relative to the original purpose of its collection

The right to portability

You have the following rights:

  • To receive the personal data we hold about you in a structured, commonly used, machine-readable format
  • To request the direct transmission of that data to another organization of your choosing

The right to object

You have the right to object to processing based on processing carried out in our legitimate interest and we will halt further processing (no longer process the data) until we have been able to demonstrate compelling legitimate grounds overriding your rights and freedoms

The right to lodge a complaint with a supervisory authority

Regardless of the restrictions listed above or the legal grounds for the processing of data listed in the table above, you have the right to contact a data protection authority of your choice and formulate a complaint. No restrictions are keeping you from exercising this right but we kindly request that you do so in cases where you have contacted us with the request to exercise one or more of the rights listed above and

  • You have not heard back from us within a month of your request
  • You have heard back from us but do not find our response satisfactory

6.2 How can you exercise your rights?

6.2.1 Contacting us

You may contact us directly

  • By email: [email protected]
  • By mail: K2 Mobility GmbH, Am Speicher 4, 14473 Potsdam, GERMANY

6.2.1 Contacting a data protection authority of your choosing

A list of the available data protection authorities is available here:
https://edpb.europa.eu/about-edpb/about-edpb/members_en

Get plugged-in

The PANION e-mail blast with exclusive updates about the ever-evolving world of e-mobility and more – sent to your inbox regularly.