IoTgo® Track-Fleet Privacy Policy

Giesecke+Devrient IoT Solutions GmbH (“G+D IoTS”, “we” or “us”) would like to welcome you on its IoTgo® Track-Fleet (“Portal”) and the mobile application IoTgo® Track-Suite mobile (“App”). Your privacy and the protection of your personal data are of utmost importance to us. Therefore, this Privacy Policy explains how we safeguard your privacy when you use our Portal or App.

Reference to Privacy Policy on G+D’s Corporate Website

This Privacy Policy fully incorporates the Privacy Policy of Giesecke+Devrient GmbH located at https://www.gi-de.com/en/data-privacy (“Main Policy”). Where this Privacy Policy deviates from the Main Policy, such deviations shall prevail.

Contact details of the Group Privacy Officer

Giesecke+Devrient GmbH, Group Privacy Officer, Prinzregentenstr. 161, 81677 Munich, privacy@gi-de.com 

Processing of Personal Data

“Personal data” is any information that can identify or make an individual identifiable. In order to provide you with a personal account, we need to process your e-mail address together with your first name, last name, your company, your function and additional business contact information.

We also may utilize approximate location data for identification and to provide you with features as geofencing.

In addition, we may collect and process technically necessary data that is automatically transmitted by your internet browser such as IP address, browser type, language and browser version, date/time of request, access status, operating system and website-specific settings.

Additionally the App collects and processes limited personal data to support its functionality. Specifically, it may access the device’s camera to allow users to read Barcodes or QR codes for internal identification purposes required by the app modules and take pictures to document the product use.

Location Data

The App accesses location data from your device to enable features such as geofencing and location-based identification. This data is used exclusively to provide core functionality and improve user experience. Location data is not shared with third parties except when you choose to use integrated map services (e.g., OpenStreetMap or Google Maps), which process location data according to their respective privacy policies.

Purposes and Legal Basis

We process your personal data for the following purposes:

• To register and manage your account;
• To give you access to your account and its content in the Portal or App ;
• To adjust the Portal or App to your preferences and according to your usage;
• To establish and fulfill a contract with you or the entity on behalf of which you act, for example, if you make a purchase from us or enter into an agreement to provide or receive additional services;
• To answer your requests and provide you with efficient support;
• To improve the Portal or App and to defend it against attacks;
• For statistical evaluations based on anonymized data;
• To preserve G+D IoTS's economic interests and ensure compliance and reporting (such as complying with our policies and legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
• Archiving and record keeping;
• Billing and invoicing;
• Any other purposes imposed by law or authorities.

We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. As registered user, the legal basis for the processing of your personal data related to the provision and use of the Portal or App is the fulfilment of the contract or business relationship with you pursuant to Art. 6 (1) lit. b GDPR.

To the extent that the data processing is not directly related to an existing contract or business relationship, the legal basis is our legitimate interest which arises from the described business objectives but not unduly affect your interests or fundamental rights and freedoms (Art. 6 (1) lit. f GDPR). In such cases, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such legitimate interests are the prevention of fraud or criminal activity and misuse of our products and/or services including the security of our IT systems, architecture and networks and the use of cost-effective services offered by suppliers.

Where you give us your consent to the processing of your personal data, this consent is the legal basis pursuant to Art. 6 (1) lit. a GDPR.

Origin of data

Your personal data is generally collected from you directly, insofar as possible. Depending on the business relationship and the registration process, data may be also collected from the entity for which you act or from administrators of your company managing your account.

Recipients or categories of recipients

Your personal data will not be disclosed to third parties unless you have consented to such disclosure or it is permitted by applicable law. Within the framework of the business relationship between G+D IoTS and you or the company you represent, and in order to provide agreed services, it may be necessary for employees of other companies of the G+D Group ("Group Companies") to have access to your data within the scope of their respective tasks. The Group Companies may be located in a country other than the country of your residency, including countries outside the European Union ("EU") and the European Economic Area ("EEA"). A list of Group Companies is available on www.gi-de.com. In addition, we may use service providers located in countries outside the EU or EEA, who act as data processors on our behalf.

Please note that G+D has taken appropriate measures with all its Group Companies and service providers in order to secure an adequate level of data protection in line with applicable data protection requirements. In particular, the transfer of personal data among Group Companies is subject to Binding Corporate Rules (Art. 47 GDPR). Further information can be found on https://www.gi-de.com/en/data-privacy . Data hosting is within the EU.

OpenStreetMap

In our Portal or App we use the map service OpenStreetMap provided by the OpenStreetMap Foundation,St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. In order for the map to be displayed, your IP address will be forwarded to OpenStreetMap. For more details, see the OpenStreetMap privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy .

Google Maps

If requested by you or the company you represent, we may use the map service GoogleMaps provided by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 USA.

Detailed information on data protection with respect to the use of Google Maps is available on Google's website ("Google Privacy Policy"): https://www.google.com/policies/privacy .

Retention period

Your personal data will be stored for the fulfillment of the aforementioned purposes. It will be deleted (or irreversible anonymized) as soon as the relevant purpose has been fulfilled, provided that there are no legal storage obligations or legal duties to the contrary, such as i) the resolution of prelitigation and/or litigation started before the expiration of the retention period; ii) the need to follow up with investigations/inspections by internal control functions and/or external authorities, started before the expiration of the retention period; iii) the need to follow up with requests from public authorities received/notified to G+D IoTS before the expiration of the retention period.

Unless otherwise requested data is archived in our data centers permanently.

Rights of the data subject

You may exercise the following data subject rights in accordance with the applicable data protection law and if the legal requirements are met:

• Right to access to your personal data stored by us (Article 15 GDPR);
• Right to rectification of inaccurate or incomplete personal data concerning you stored by us (Article 16 GDPR);
• Right to erasure of your personal data stored by us, e.g. if there is no longer a legitimate business purpose for processing in accordance with applicable law and statutory storage obligations do not require further storage (Article 17 GDPR);
• Right to restriction of processing, if the accuracy of the personal data is contested by you or the processing is unlawful (Article 18 GDPR);
• Right to data portability, i.e. the right to receive the personal data concerning you, which you have provided us with in a structured, commonly used and machine-readable format (Article 20 GDPR);
• Right to object for the processing of your personal data insofar as such processing is carried out based on Article 6 par. 1 lit. e. or f. GDPR (Article 21 GDPR);
• Right to withdraw consent (Article 7 GDPR)
• Right to lodge a complaint with the competent supervisory authority (Article 77 GDPR);

a list of the data protection authorities in Germany can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html The supervisory authority responsible for G+D headquarters in Munich is the State Office for Data Protection Supervision in Bavaria (www.lda.bayern.de).

You can contact us at any time to enforce your privacy rights.

Last updated

This Privacy Policy was last updated on October 26, 2025.