Zeppelin Power Systems GmbH Data Privacy Notice on Telematics Data

1. Controller

Zeppelin Power Systems GmbH („ZPS“), Ruhrstr. 158, 22761 Hamburg

2. General information

Electronic control units are installed in your engine or plant by the manufacturer. Control units process data ("machine data") which they receive, for example, from engines sensors, generate themselves or exchange with each other. Some control units are required for the safe functioning of your engine or plant, some help you with usage (assistance systems), and others enable comfort functions.

In addition, some engines or plants are equipped with a technology ("Telematic System" made by ZPS or Caterpillar Inc.) that uses internet connection to transmit part of the usage data generated by the control units to ZPS and/or Caterpillar Inc. based in Peoria, Illinois, USA.

The amount or scope of data determined as well as the data provided for transmission by the engine or plant depends on the hardware installed on the engine or plant or its storage capacity. When this is reached, the oldest data records are replaced by the latest data.

ZPS offers its customers services relating to the engine and plant. This also includes the use of software for Telematic Systems (made by ZPS or Caterpillar Inc.), which provides the customer with data, in an edited or clearly arranged form, that has been transmitted to the respective manufacturer. The scope of the data accessible there may vary depending on the manufacturer. For more information on digital products, visit zeppelin.com/de-en/powersystems

In addition, the data generated by the engine or plant can be read by qualified personnel via the Electronic Control Module using appropriate hardware and software. This is usually done as part of maintenance, service or repairs, where so-called event and error codes (exceedance of limit values in connection with GPS position, date and time) are read from the engine or plant. These data make it possible to assess where to find the source of a fault, how it can be rectified, and whether parts and other components can be installed in an engine or plant or not.

In the following you will find general information on data processing in engines or plant and as part of supplementary services provided by ZPS.

3. Processing of personal data and purposes of the processing

3.1 Personal data

Personal data means all information relating to an identified or identifiable natural person, Article 4(1) GDPR. This includes information such as your name, address, phone number, and date of birth. Data which cannot be traced to you, such as statistical or anonymous data, are not personal data.

Each engine and plant is marked with a unique serial number or rather identification number. In addition, there are other options for connecting the data collected by the engine or plant with the keeper/owner or user. This means that the data generated or processed by control units (telematics data of the engine or plant) can be personal or can be personal under certain conditions. Depending on the type of engine data or plant data available, the serial number of the respective engine or the identification number of the respective plant or, for Caterpillar machines, the serial number, can be used to draw conclusions, for example about the driving behavior of the machine operator, their location, route or usage behavior.

3.2 What data do we collect from you

In the following, we will outline which data will be collected from you.

3.2.1 Agreement details
As part of order placement, we process the data collected for the purpose of contract performance or, where applicable, use a specialist service provider to do so. Further information is required for proper performance of the contract (e.g. delivery address, contract term, location, phone number if applicable).

Further information about data protection can be found in the relevant data protection notices for ZPS service contracts. These can be accessed at any time at zeppelin-powersystems.com/de/en/data-privacy. We would be happy to provide them on request.

3.2.2 Online data
If you wish to view your data online, you must first register and then log in for future visits with your login data. You can find the relevant data protection information directly on the customer portal and via www.aec-view-zeppelin.com.

3.2.3 Engine and plant data
Depending on the features of the engine or plant, it will transmit the following data to the manufacturer or ZPS via internet connection (see also Section 2):

Location (movement data)
Operating values
Fuel consumption (idling/running)
Error/alarm messages
Incident and diagnostic codes/error codes

By using the Telematic Systems, you can add further popular third-party data as well as especially operation and fleet data:

Data about your company and fleet
Mode of operation 2
Operational focus
Size of areas
Number of employees
Number and brand of machines

The legal basis for processing these data, provided that you have concluded a relevant service agreement with us, is Article 6(1) (b) GDPR. The same applies to use of these data in connection with service or repair orders.

You shall be contractually obliged to this extent to provide us with these data. Without these data, we are unable to perform the contract.

In all other cases, the engine and plant data are only processed in order to safeguard our legitimate interests (Article 6(1) (f) GDPR), which consist of carrying out statistical evaluations of the engine and plant data in order to provide an optimal maintenance service as well as for the quality assurance and development of new products and services and to continue informing our customers of current developments in our products and services on the basis of individual needs and thus to be able to establish a long-lasting business relationship.

4. Validity and amendment of this data protection statement

The current version of this data protection statement can be accessed at any time on our website.

This data protection statement is currently valid but may be amended by us at any time and updated on this website. We therefore recommend that you visit our website from time to time to keep abreast of any updates to our data protection statement.

5.Deactivation Telematic System

You may withdraw your consent to use the Telematic System at any time without having to give justification. ZPS will then deactivate the corresponding Telematic System. Possible contractual claims shall remain unaffected.

6. Rights of data subjects

All data subjects have the following rights to:

access (Article 15 GDPR);
rectification of inaccurate data (Article 16 GDPR)
erasure or “the right to be forgotten” (Article 17 GDPR)
restriction of processing of personal data (Article 18 GDPR)
data portability (Article 20 GDPR).

You may withdraw your consent to having your personal data processed for marketing purposes, including customer data analysis or transfer to third parties for marketing purposes, at any time without having to give justification.

The data subject also has a general right to object (see Article 21(1) GDPR). In this case, you must justify your objection to the processing of your data. If the legal basis for processing the data is consent, then this can be revoked at any time and the revocation shall be effective for future processing.

Please contact dataprivacy@zeppelin.com or the address listed below to exercise any of these data subject rights. To exercise your right of objection regarding the processing of your personal data for the purpose of email or telephone advertising, please contact zps.hamburg@zeppelin.com.

If the manufacturer of the engine or plant processes personal data about you, you are also entitled to the rights against the manufacturer. Further information on your legal rights vis-à-vis the manufacturer can be found in the applicable data protection information on the website of the respective manufacturer (including contact details of the manufacturer and its data protection officer).

7. Automated individual decision-making or profiling measures

We do not use automated processing methods for decision-making – including profiling.

8. Retention period for personal data/erasure of personal data

In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation.

The personal data we collect to create a customer account are retained for the duration of the customer account. You may demand the erasure of your customer account and the personal data saved therein at any time. To do so, simply use the contact details listed in Section 1 or send an email to zps.hamburg@zeppelin.com. with an erasure request. After erasing your customer account, your data are blocked for further use and then automatically erased, unless you have consented to their continued retention.

We retain the personal data collected by us for performance of the contract for a period of 3 years from complete performance of the mutual contractual obligations. These data are then automatically erased at the end of the relevant year.

Data on the performance of services are used for invoicing and in some cases are subject to a statutory retention period of up to 10 years; these data are only deleted once the statutory retention obligation has expired. The subsequent storage and utilization of data for future diagnostic requests is based on the legitimate 3 interest to obtain the most accurate recommendations in the context of the diagnosis and thereby improve the quality of the repair (Article 6(1) (f) GDPR).

9. Change of purpose

Your personal data will only be used for purposes other than those described insofar as this is permitted by law, or if you have consented to a change of data processing purpose. In the case that data are processed for purposes other than those for which the data were originally collected, we shall inform you of this different purpose prior to processing and shall provide you with all information relevant thereto.

10. Disclosure of data to third parties / recipients of data

The personal data that we collect and retain shall never be used by us for sale, trade or loan, and we shall not disclose your personal data to third parties unless we are have a statutory obligation to do so. Data may be disclosed e.g. to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our website or products, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or improper conduct). Data may also be disclosed for the enforcement of agreements. We are also obliged to grant access to certain public bodies on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is Article 6(1) (f) GDPR.

Your data shall also be disclosed if you have consented to it. The legal basis of this is Article 6(1) (a) GDPR.

We rely on contractually bound third-party companies and external service providers (“processors”) to supply our range of products and services. In such cases, personal data are disclosed to these processors to enable further processing thereof. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the purposes we specify, and are also contractually obliged by us to handle your data exclusively in compliance with this data protection statement and German data protection laws.

Specifically, we use the following processors:

For the collection and transmission of machine data: Caterpillar Inc. based in Peoria, Illinois, USA For the collection and transmission of machine data: Data Service Team of the Zeppelin GmbH

Data is provided to processors on the basis of Art. 28(1) GDPR. Caterpillar Inc. processes your data in countries outside the European Economic Area ("EEA“). In order to ensure that your personal rights are also protected within the scope of these data transfers, we use the standard data protection clauses adopted by the EU Commission pursuant to Article 46(2) (c) GDPR in drafting contracts with recipients in third countries. You can obtain these documents from us using the contact options listed below.

11. Contact details for the Group Data Protection Officer

You can use the following contact details to contact our Group Data Protection Officer regarding access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data.

Zeppelin GmbH
Group Data Protection Officer
Graf-Zeppelin-Platz 1
85748 Garching near Munich
Tel: +49 89 32 000-0
Email: dataprivacy@zeppelin.com

Please note that access can only granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, operation, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.

October 2020