NAVIT Privacy Policy

These are the data protection notices of our “NAVIT” service, which is operated by RYDES GmbH. Please contact us if you have any kind of question about the topic of data protection.

You can contact us at any time on all topics concerning data protection and exercising your rights:

[email protected]

RYDES GmbH

Brunenstraße 19-21

10435 Berlin

Use of the services offered on our website:

We offer various services on our website. For this purpose, we must collect and process certain customer data.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this website is processed by the operator of the website, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.

Analysis tools and tools provided by third parties

There is a possibility that your browsing patterns will be statistically analyzed when you visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

For detailed information about these analysis programs please consult our Data Protection Declaration below.

Data processing when viewing pages / web hosting / logs:

In order to provide our service to you, we process addressing information (such as the IP address and the selected resource). For optimal presentation on your device, we also process some device information (such as the browser, resolution and operating system version). For registered users, we process the stored customer data in order to provide our service. Our service is operated on the servers of our hosting provider. We create server logs to detect and fix possible bugs. These logs are kept for 30 days and then deleted. The legal basis for this processing is Article 6 (1) (f) of the GDPR.

Data collection on our website

  • Cookies
  • Our website uses cookies. These are small text files that your web browser stores on your terminal device. Cookies help us to make our offer more user-friendly, effective and secure.
  • Some cookies are "session cookies." Such cookies are deleted by themselves after the end of your browser session. In contrast, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognize you when you return to our website.
  • If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b of the GDPR either for the execution of the contract, in accordance with Art. 6 para. 1 lit. a of the GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f of the GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visited.
  • With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when you close the program. Disabling cookies may result in limited functionality of our website.
  • Contact form
  • Data transmitted via our contact form - the information provided in the contact form as well as any contact information provided therein - will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
  • The processing of this data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been requested.
  • The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists. Mandatory legal provisions - in particular retention periods - remain unaffected.

Website usage analysis via Google

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. When users visit this website we collect statistical web data, such as the number of page views, as well as pseudonymous unique IDs, using the Google Analytics and Google Tag Manager tools. We collect this data in order to analyze the actions of anonymized users and thus optimize our service. We process the data on the basis of our legitimate interest in optimizing the website. If you do not want your data to be processed, please contact us by e-mail at [email protected]. By doing so, we transmit to Google that you have objected to the data processing. When the data is processed, it is transmitted to the operator of the tool in Ireland. The pseudonymous user data is deleted after 14 months.

App usage analysis via Firebase

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.When users use the app we collect statistical web data, such as the number of page views, as well as pseudonymous unique IDs, using Google Analytics and Firebase. We collect this data in order to analyze the actions of anonymized users and thus optimize our service. We process the data on the basis of our legitimate interest in optimizing the website. If you do not want your data to be processed, please contact us by e-mail at [email protected]. By doing so, we transmit to Firebase that you have objected to the data processing. When the data is processed, it is transmitted to the operator of the tool in Ireland.

Font display via Google Fonts

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.To make the font available on your device, Google Fonts needs your IP address. We use this service based on our legitimate interest in providing a better website experience. As part of this, the IP address is transmitted to the tool operator, so that the service can be provided correctly on your device. Google temporarily stores this information and uses it solely for the correct representation of the fonts on your device.

CDN and Security via Cloudflare

We use the "Cloudflare" service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as "Cloudflare"). Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognise Internet users, which shall, however, only be used for the herein described purpose.The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6 Sect. 1 lit. f GDPR).For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy

Website Chat via Hubspot

We use HubSpot, a service of HubSpot Inc., on our websites for analysis purposes. HubSpot uses so-called "web beacons" and also sets "cookies" that are stored on your computer and enable an analysis of your use of the website by us. HubSpot evaluates the collected information (e.g. IP address, geographical location, type of browser, duration of the visit and pages viewed) on our behalf in order to generate reports about the visit and the pages visited. If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings accordingly. For more information on how HubSpot works, please refer to the privacy policy of HubSpot Inc. available at: http://legal.hubspot.com/de/privacy-policy

E-mail communication via SendGrid

We process your email address in order to offer you the user account function as well as to provide confirmations of your purchases. This takes place on the basis of the usage agreement and purchase contract. In addition, we process your email address to provide you with news about the service based on our legitimate interest. You can stop the sending of marketing e-mails at any time in your user account. The emails are sent by our service provider SendGrid. If you contact us by email regarding a purchase or your account, we will process your email address and the content of the email, either on the basis of the contract concluded with you, or based on our legitimate interest in communicating with you. We keep email communication for 12 months, unless statutory retention periods apply. In this case, we keep the e-mail communication for 6 or 10 years in accordance with the law. If you have an account, we will store your email address until your account is deleted.

Calculating carbon emissions and offsetting via offsetAPI:

When using our service, we anonymously process travel data, such as origin, destination, vehicle type. etc. This is done in order to calculate your respective carbon emissions as well as to enable you to offset them. In case you decide to offset your emissions, the respective amount will be transferred to offsetAPI.

Mandatory provision of data:

When you create a user account, we need all the information required in the profile, otherwise it is not possible to create the account. If you want to get reimbursed for public transport, we need your IBAN. Without this, your spent cannot be reimbursed as this information is required for executing the payment.

Rights of the data subject and right of appeal:

It is an important concern for NAVIT to ensure that our processing procedures are fair and transparent. They are entitled to the following rights:

  • Right to information, Art. 15 DSGVO
  • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
  • (1) the purposes of the processing;
  • (2) the categories of personal data concerned;
  • (3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • (4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • (5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • (6) the right to lodge a complaint with a supervisory authority;
  • (7) where the personal data are not collected from the data subject, any available information as to their source;
  • (8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer
  • Right to rectification, Art. 16 DSGVO
  • The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to cancellation ("right to be forgotten"), Art. 17 DSGVO
  • The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  • (1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • (2) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • (3) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • (4) the personal data have been unlawfully processed;
  • (5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • (6) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  • Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
  • (1) for exercising the right of freedom of expression and information;
  • (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • (3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  • (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • (5) for the establishment, exercise or defence of legal claims.
  • Right to limitation of processing, Art. 18 DSGVO
  • The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
  • (1) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • (2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • (4) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  • A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
  • Right to information, Art. 19 DSGVO
  • If you have asserted the right to rectification, erasure or restriction of processing to the data controller, this entity is obliged to inform all the recipients to whom the personal data concerning you has been disclosed of such rectification or erasure of data or restriction of processing, unless this proves to be impossible or is associated with disproportionate costs. You have the right to be informed of such recipients.
  • Right to data transferability, Art. 20 DSGVO
  • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance
  • (1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • (2) the processing is carried out by automated means. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. 2That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Right of objection according to Art. 21 DSGVO
  • The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  • In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications

If you have given us permission to process your personal data, we hereby inform you that you can revoke this permission at any time. To exercise your rights, you can contact us by e-mail at [email protected].

In order to process your application and for identification purposes, we would like to point out that we process your personal data in accordance with Art. 6 Para. 1 lit. c DSGVO and delete it after a period of 3 years.

In addition, you have the right to complain to a supervisory authority. You can find out which supervisory authority is responsible for you on the website of the Federal Commissioner for Data Protection and Freedom of Information under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html_Links/anschriften_links-node.html