Data Protection Declaration for TIER Employee Apps

 1. Introduction

Our Data Protection Declaration informs you about the collection and processing of your data by TIER. It applies to our Ranger App, Shelter App, and Nest App (collectively, the "Employee Apps").

The data controller and service provider ("TIER", "we") is:

Tier Mobility SE,
c/o WeWork Eichhornstr. 3,
10785 Berlin, Germany

Contact: dpo@tier.app

If you are not employed by TIER Mobility SE, then the data controller is your TIER employer together with Tier Mobility SE pursuant to Article 26 GDPR.

This Data Protection Declaration does not contain any information on how we process your master personnel data in the context of your employment relation with us. For example, bank details, your home address, etc. can be found on our Internal Notion pages. You can also contact your supervisor or the Legal Team at legal@tier.app if you have any questions about this.

2. Data collection and processing by the Ranger App

The Ranger App is used to distribute vehicles in the field and organise and divide the work of our rangers. The app helps ensure that different rangers are not working in the same operational area and records when and what work is being done by which rangers at which locations.

2.1 Registration, login and user account

To use the Ranger App, you need a user account. For this purpose, you need to enter your phone number. Your user account will then be activated by the respective City Manager. Your phone number will be linked to your Ranger ID.
After registration and activation, you can use the Ranger App by entering your registered phone number and verifying it with the code that will be sent to you.

In exceptional cases, you can also log in with a successfully activated user account with your email address and a password.

Furthermore, you can enter a freely selectable login name. Your login name is linked to your Ranger ID and is needed to indicate and explain in our internal systems which task was executed by which ranger.

2.2 Data collection and processing when using the Ranger App

When you use the Ranger App or the end device, your current IP address and information about the end device (e.g. operating system used, version, language, device type/brand/model, device ID) as well as the date and time of access and the retrieved content or data are automatically transmitted to our servers ("access data").  This is technically necessary information and we collect it automatically when you use the Ranger App.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Ranger App and our services.

2.2.1 Ranger App permissions

In order to use the Ranger App, we need access to certain functions of the end device (so-called “permissions”). Any data that we may access as part of the authorisations will only be used for the purposes stated in this Data Protection Declaration.

Camera Access to your camera function is required to scan the QR code placed on the vehicle and some parts.

Location We need information about your location to show it to other rangers on the map, as well as to improve our services and make workflows more effective.

Bluetooth We need access to the Bluetooth function in order to establish a connection between the vehicles and the end device.

The legal basis is Article 6(1 p. 1)b GDPR, as the data processing serves to provide the app functionalities and our services.

2.2.2 Ranger App analysis and further development

To continuously optimise our service, we want to understand how you use the Ranger app. For this purpose, we collect and process the following technical data in particular:  device information (e.g. device, operating system and app version information, language, time zone), the time you open the Ranger App, your behaviour in the app, duration of use or time spent in certain functionalities, and your device location.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Ranger App.

2.2.3 Tasks

Tasks are operations that are performed by you; for example, a battery swap. You indicate in the Ranger App that you have completed a task and we store that information. In addition to the task, we also store the time stamp when the task was performed, the GPS signal of the end device as well as the respective IoT's on the vehicle, your RangerID as well as your login name.

We process this information to show a limited subset of TIER employees (including your respective supervisor) which ranger completed which task, when and where. Your login name will also be displayed. To protect your privacy, your login name will not be displayed in our system after three months.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Ranger App and our services.

2.2.4 Google Maps

The Ranger App uses Google Maps API applications, a service provided by Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to show the locations of our rangers and the position of each vehicle on a map. This application is essential for the functionality and full provision of our content and services. You can view the Google Terms of Use here: https://www.google.com/intl/de/policies/terms/. The additional terms of use for Google Maps/Google Earth can be found here https://www.google.com/help/terms_maps.html. The Google privacy policy can be found at:  https://www.google.com/intl/de/policies/privacy/.

The legal basis is Article 6(1)b GDPR, as the data processing serves to provide the app functionalities and our services.

2.2.5 Location

The Ranger App sends the location of the device every 60 seconds. We only store your last location, not your entire route, to show which areas rangers are in on the map in the Ranger App. Your name or other information is not displayed. Furthermore, we store your respective location when you complete a task.

If you are not logged in or the Ranger App is only running in the background for more than 30 minutes, the location will not be sent.

The legal basis is Article 6(1)b GDPR, as the data processing serves to provide the app functionalities and our services.

3. Shelter App

The Shelter App is used to organise the workflow and repairs of the vehicles in our warehouses. The Shelter App records when and what work is carried out by which employee on what vehicles and which spare parts were used in the process.

3.1 Registration, login and user account

To use the Shelter App, you need a user account. Your manager will create the user account for you, using your email address and name. Your user account will then be activated and your data will be stored.

After activation, you can use the Shelter App by logging in with your stored email address.

3.2 Data collection and processing when using the Shelter App

When you use the Shelter App or the end device, your current IP address and information about the end device (e.g. operating system used, version, language, device type/brand/model, device ID) as well as the date and time of access and the retrieved content or data are automatically transmitted to our servers ("access data").  This is technically necessary information and we collect it automatically when you use the Shelter App.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Shelter App.

3.2.1 Shelter App permissions

In order to use the Shelter App, we need access to certain functions of the end device (so-called “permissions”). Any data that we may access as part of the authorisations will only be used for the purposes stated in this Data Protection Declaration.

Camera Access to your camera function is required to scan the QR code placed on the vehicle and some parts.

Location We need information about your location to match the location of the vehicle with your location.

The legal basis is Article 6(1 p. 1)b GDPR, as the data processing serves to provide the app functionalities and our services.

3.2.2 Shelter App analysis and further development

To continuously optimise our service, we want to understand how you use the Shelter App. For this purpose, we collect and process the following technical data in particular:  device information (e.g. device, operating system and app version information, language, time zone), the time you open the Shelter app, your behaviour in the app, duration of use or time spent in certain functionalities, and your device location.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Shelter App and our services.

3.2.3 Use of the Shelter App

When a vehicle comes into the warehouse, it is sheltered and the Shelter App indicates what work needs to be done on the vehicle. Once you check the vehicle, you scan the vehicle and the parts used and enter this into the Shelter App. We store what work you have done and when and what spare parts were used together with your login name.

We process this information to show a limited subset of TIER employees (including your respective supervisor) who performed which task, when and where. Your name will also be displayed. To protect your privacy, your name will not be displayed in our system after three months.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Shelter App and our services.

4. Nest App

The Nest App is used to organise workflow and ensure that each vehicle has a license plate number and that such license plate number is linked to our internal Vehicle ID. The Nest App is not available in all countries where we operate.

4.1 Registration, login and user account

To use the Nest app, you need a user account.

To obtain one, you need to receive an invitation from your manager and then register in the Nest app with your TIER email address. Your user account will be activated and your email address saved.

After registration and activation, you can use the Nest App by logging in with your TIER Google account where your email address is stored.

4.2 Data collection and processing when using the Nest App

When you use the Nest App or the end device, your current IP address and information about the end device (e.g. operating system used, version, language, device type/brand/model, device ID) as well as the date and time of access and the retrieved content or data are automatically transmitted to our servers ("access data"). This is technically necessary information and we collect it automatically when you use the Nest App.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Nest App.

4.2.1 Nest App permissions

In order to use the Nest App, we need access to certain functions of the end device (so-called “permissions”). Any data that we may access as part of the authorisations will only be used for the purposes stated in this Data Protection Declaration.

Camera Access to your camera function is required to scan the QR code placed on the vehicle and some parts.

Location We need information about your location to show you vehicles near you.

Bluetooth We need access to the Bluetooth function in order to establish a connection between the vehicles and the end device.

4.2.2 Nest App analysis and further development

To continuously optimise our service, we want to understand how you use the Nest App. For this purpose, we collect and process the following technical data in particular:  device information (e.g. device, operating system and app version information, language, time zone), the time you open the Nest app, your behaviour in the app, duration of use or time spent in certain functionalities, and your device location.

The legal basis is Article 6(1)b GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)f GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the Nest App.

4.2.3 Using the Nest App

The Nest App is used to organise workflow and ensure that each vehicle has a license plate number and that such license plate number is linked to our internal Vehicle ID.

For this purpose, we store which license plate is linked to which internal vehicle ID and when the link was made. 

4.2.4 Google Maps

The Nest App uses Google Maps API applications, a service provided by Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to show your location and the position of individual vehicles on a map. This application is essential for the functionality and full provision of our content and services. You can view the Google Terms of Use here: https://www.google.com/intl/de/policies/terms/. The additional terms of use for Google Maps/Google Earth can be found here https://www.google.com/help/terms_maps.html. The Google privacy policy can be found at:  https://www.google.com/intl/de/policies/privacy/.

The legal basis is Article 6(1)b GDPR, as the data processing serves to provide the app functionalities and our services.

5. Data processing within the TIER Corporate Group and transfer of personal data

 5.1 Transfers within TIER

Our parent company, TIER Mobility AG, c/o WeWork Eichhornstr. 3, 10785 Berlin, Germany, contact: dpo@tier.app assumes the central operation of IT systems, the technical operation of employee apps, and some of the general administrative tasks of the human resources department within the Tier Corporate Group. 

In this context, your personal data will be transmitted to TIER Mobility AG collected and processed directly by TIER Mobility AG. The legal basis for this is our legitimate interest in effective corporate organisation pursuant to Article 6(1)f GDPR in conjunction with. Consideration 48. TIER Mobility AG and your employer will process your data exclusively in accordance with this Data Protection Declaration for the purposes stated herein. For this purpose, an agreement on joint responsibility in accordance with Article 26 GDPR was concluded between the two, in which, among other things, the aforementioned points are stipulated. You can assert your data protection rights with and against your employer and TIER Mobility AG.

5.2 Transfers to third parties

A transfer of the data collected by us in principle only takes place if:

  • you have given your express consent to this in accordance with Article 6(1)a GDPR;
  • the disclosure is necessary for the assertion, exercise or defense of legal claims in accordance with Article 6(1)(f) GDPR and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed;
  • we are legally obliged to disclose the data in accordance with Article 6(1)(c) GDPR; or
  • this is legally permissible and necessary according to Article 6(1)b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which take place upon your request.

We use external service providers for data processing who act on our behalf and are not allowed to process personal data for their own purposes. In addition to the service providers expressly mentioned in this Data Protection Declaration, this may include in particular IT and data center service providers, technical service providers, agencies, market research companies, group companies and consulting companies.

We may use service providers domiciled or processing personal data in so-called “third countries” outside the European Union or the European Economic Area. If this is the case and there is no adequacy decision pursuant to Article 45 GDPR for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union (if applicable, including additional agreements in accordance with the recommendations of the data protection supervisory authorities) or binding internal data protection regulations.

6. Rights of the data subjects

You are entitled to the following rights as a data subject formulated in Articles 15 - 21 and 77 GDPR at any time if the legal requirements are met:

  • right to revoke your consent;
  • right to object to the processing of your personal data (Article 21 GDPR);
  • right to information about your personal data processed by us (Article 15 GDPR);
  • right to rectification of your personal data stored by us incorrectly (Article 16 GDPR);
  • right to erasure of your personal data (Article 17 GDPR);
  • right to restrict the processing of your personal data (Article 18 GDPR);
  • right to portability of your personal data (Article 20 GDPR);
  • right to lodge a complaint with a supervisory authority (Article 77 GDPR).

You have the right to revoke previously issued consent to us at any time with effect for the future. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until withdrawal.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of an objection to data processing for direct marketing purposes, you have a general right of objection, which we will implement even without if you do not specify any reasons.

To exercise your rights, you can contact us at any time using the contact details above.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in specific cases, even longer for the assertion, exercise or defense of legal claims. The legal basis is Article 6(1)(f) GDPR, based on our interest in defending against any civil or labour law claims in accordance with Article 82 GDPR, avoiding fines in accordance with Article 83 GDPR, and fulfilling our accountability obligations under Article 5(2) GDPR.

You can reach our data protection officer at dpo@tier.app or at the above postal address ("Attn: Data Protection Officer").  We expressly point out that when using the email address, the contents are not exclusively noted by our data protection officer. Therefore, if you wish to exchange confidential information, please first contact us directly via this email address.

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for Berlin as well as for TIER can be reached as follows: Berlin Commissioner for Data Protection and Freedom of Information Friedrichstrasse 219 10969 Berlin Phone: +49 30 13889– 0 Fax: +49 30 2155050 E-Mail: mailbox@datenschutz-berlin.de.

7. Changes to this Data Protection Declaration

We will occasionally amend this Data Protection Declaration to ensure that it always reflects current legal requirements and actual circumstances (e.g. when new services or features are introduced). We thus recommend that you check this Data Protection Declaration regularly for possible changes.

Last updated on 10. Dec. 2021