Privacy Policy

Privacy Notice for mtu Go

Last amended: June 28th, 2021

This notice is to inform you as the User of how Rolls-Royce Solutions GmbH, located at Maybachplatz 1, 88045 Friedrichshafen (hereinafter “RRS”, “we” or “us”) collects and processes your personal data in connection with the engine monitoring Service “mtu Go”. This Privacy Policy shall also apply to included functional modules that can be accessed through “mtu Go”.

The application “mtu Go” is web-based Software Product that is connected to a cloud platform in the Background that allows the connection to the RRS internal System (e.g. ERP). The application is under continuous development and improvement; therefore, these terms of use also apply to additional modules, even if not mentioned explicitly in this introduction. Unless stated otherwise, the wording of Application always includes “mtu Go” with all included modules.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Services require a registration; therefore, it is not possible to use the Services anonymously.

  1. Controller

    2. The Controller in the sense of Art. 4 (7) General Data Protection Regulation ((EU) 2016/679) is Rolls-Royce Solutions GmbH, located at Maybachplatz 1, 88045 Friedrichshafen.

    Email Contact: info@ps.rolls-royce.com
  2. Contact

    3. Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:


    Rolls-Royce Solutions GmbH
    Maybachplatz 1
    88045 Friedrichshafen
    Germany

    Name of Data Protection Officer: Ms. Bettina von Fechthelm
    Tel.: +49 7541 9091
    Email Contact: dataprotection@ps.rolls-royce.com

    You may reach our company data protection officer under the details provided by this link.

  3. Collection and processing of personal data
    1. Purposes of Processing and Legal Basis for the Processing

      2. We process your personal data for the following purposes, based on the legal bases listed:

        (Legal basis: Performance of a contract, for the App also consent for the processing of access to the User's address book, location data, pictures and for sending push notifications)

      1. For security and operating reasons, log files are created. These files contain technical information to operate the system and allow proper trouble shooting. This data contains also the anonymous User-ID..

        2. (Legal basis: Legitimate interest in complying with security obligations and preventing/ pursuing unlawful attacks)

      2. For analysis of how the services are used in order to improve its functionalities and enhance user-friendliness (statistics only).

        3. (Legal basis: Legitimate interests in processing anonymized data for statistical purposes)

    2. Registration

      3. In case you wish to use the Services, we will ask you to register. Within the scope of registering, we collect personal data necessary to execute of the contract (e.g., first and last name, company email address, company mobile phone number, company name and address) as well as, if applicable, further data on a voluntary basis. Mandatory fields are labeled with an *.

      When you use the mobile App (e.g. from your Smartphone) we also collect and process the device identification number of your mobile device, an app version number, date and time of the use of the App. You may upload a picture in your profile on a voluntary basis.

    3. Use of the Services

      4. If you use the Services you may provide us with further information (amongst other things, technical information about assets, alarms, location information from the GPS of your mobile device, operating hours on an engine, pictures of the asset, notes) in order to make use of the functionalities of the Services.

    4. Data Transfer to Third Parties, Service Providers

      5. Data Transfer to Third Parties

      Your personal data will generally only be transferred to third parties as far as this is necessary to execute of the contract, if we or the third party have legitimate interests in transferring or if you have consented to this. If data is transferred to third parties based on legitimate interests, this will be explained in this privacy notice. Beyond or in addition to this, data may be transferred to third parties as far as we are obligated to do so under statutory provisions, or an enforceable decision made by an authority or a court.

      Service Providers

      We reserve the right to use service providers in collecting or processing data. Service providers are only given personal data that is necessary for their concrete task. Service providers may, for example, be assigned to provide server capacity. Service providers are generally involved as so-called processors which may only process users' personal data based on our instructions.

    5. Data Transfer to Non-EEA Countries

      6. We may also forward personal data to third parties or processors who are located outside EEA countries. In such cases we ensure prior to the transfer that the transfer is subject to appropriate safeguards (e.g., by self-certification of the recipient for the EU US Privacy Shield or by having agreed upon so-called standard data protection clauses of the European Union with the recipient) or sufficient user consent is given.

      You may receive an overview of third country recipients and a copy of the appropriate or suitable safeguards in place. Please use the details provided in the Contact section.

    6. Duration of Storage; Retention Periods

      7. We store your data as long as it is necessary to provide our online offer and the services connected with it or as long as we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data that we are required to retain for the purpose of contractual or statutory (e.g., taxation or commercial law) retention periods (e.g., invoices). At this point, contractual retention periods may also result from contracts with third parties (e.g., those holding copyrights or IP rights).

      Data that is only retained because it is subject to a retention period is restricted from processing until the period expires and will then be deleted.

  4. Special Information for the Platform
    1. Log Files

      2. Every time you use the internet via your internet browser, your internet browser automatically transmits certain information which is then saved by us in log files.

      We save log files for the purposes of determining disruptions and for security reasons (e.g., to elucidate attack attempts) for a period of 7 to 10 days and delete them thereafter. Log files which need to remain stored for evidence purposes are excluded from deletion until the respective incident has been finally resolved and may be forwarded to investigating authorities on a case-by-case basis.

      Log files contain especially following information:

      • IP address (internet protocol address) of the terminal device which is used to access our online offer;
      • The website you are visiting us from
      • The date and time you visit
      • How often you visit
      • How long you stay
      • Which pages you visit
      • Name of the service provider through which access to the online offer occurs;
      • Amount of data transmitted;
      • The computer operating system and the type of internet browser you use, including information on add-ons installed (e.g., for the Flash Player);
      • http status code (e.g. “request successful” or “file not found”).

      We also use some of the above listed data (but not the full IP address) for web analysis purposes.

    2. Cookies

      3. The Service uses cookies. Cookies are small text files that are saved on your terminal device. In case you access the Service at another time, your browser sends the cookies' content back to us and, thus, allows the re-identification of your terminal device. Cookies allow us to enhance the security and user-friendliness of this Platform and make it easier for you to use the Service.

      In case you decide to block cookies, an opt-out cookie is set in your browser. This cookie exclusively serves the purpose of assigning your objection. Deactivating cookies may disable individual functions of the Platform. Please note that an opt-out cookie may, for technical reasons, only be set for the browser that was used to set it. In case you delete cookies or use a different browser or a different terminal device, you must opt-out again.

      Your browser also allows you to delete all cookies at all times. To do so, please consult your browser's help functions. Deleting cookies may also disable individual functions of this Platform.

      Overview of cookies used by us:

      • Absolutely necessary cookies. Certain cookies are necessary so we can securely render our Online Offers. This category includes, e.g.,
        • Cookies that identify or authenticate our users;
        • Cookies that temporarily save certain user input (e.g., content of an online form);
        • Cookies that store certain user preferences (e.g., language settings);
        • Cookies that store data to ensure the unimpeded playback of video or audio content.
      • Analytical cookies. We use analytical cookies to record the usage behavior (e.g., order of webpages visited and duration of visit) of our users in order to evaluate it statistically.
  5. Special Information for the App
    1. Log Files

      2. Like other apps the App processes so-called log files; in log files in particular the following information is stored:

      We save log files for the purposes of determining disruptions and for security reasons (e.g., to elucidate attack attempts) for a period of 7 to 10 days and delete them thereafter. Log files which need to remain stored for evidence purposes are excluded from deletion until the respective incident has been finally resolved and may be forwarded to investigating authorities on a case-by-case basis.

      • IP address (Internet protocol address) of the mobile device which is being used to access the App;
      • name of the access service provider which is used to access App;
      • information accessed; date and time as well as duration of access;
      • amount of data transferred; and
      • operating system.

      We also use some of the above listed data (but not the full IP address) for app analysis purposes.

    2. Third parties (app store provider)

      3. No data collecting by us and outside our responsibility is the transfer of data such as user name, email address and device identification number of the User’s mobile device to an app store provider (e.g., Google Play by Google, App Store by Apple) when you download the App. The respective provider of the app store processes your data as a controller.

    3. App permissions

      4. The App makes use of permissions on the device for the following purposes. All permissions require the User’s explicit consent:

      • Access to the User’s address book: Access to the address book is required in order to allow User’s to invite team members via his native email app. We will only access your address book if you have given us your explicit consent, will only upload contact details of contacts with an email address and do not store contact data in the App.
      • Access to location data: The App allows storage of location information from the GPS of the User’s mobile device in order to allow the User to provide this information to RRS’s service personnel if wished for. We do not create a motion profile and will only collect location data with your explicit consent.
      • Access to pictures respectively the camera of your mobile device: The App allows Users to take pictures via the native camera app and store pictures in the App in order to allow the User to provide this information to RRS’s service personnel if wished for or upload a picture in his profile. We will only access your camera and/or pictures with your explicit consent.
      • Push notifications: We will only send you push notifications via the App with your explicit consent.

      You can deactivate all of the above permissions in the App's settings or in the settings of the operating system of your mobile device at any time without affecting the basic functionality of the App.

  6. Your rights

    7. You have the right to receive information as well as – under certain prerequisites – the rights to correction, deletion, restriction of processing or objection to personal data processing and – from 25 May 2018 onwards – the right to data portability.

    Right to object to direct marketing

    Additionally, you may at all times object to the processing of your personal data for direct marketing purposes. Please take into account that, due to logistical reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

    Right to object to processing based on legitimate interest

    Furthermore, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the legal basis legitimate interests.

    In case you consented to the processing of your data, you can withdraw this consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected.

    To enforce your rights, please use the details provided in the Contact section. When doing so, please ensure that it is possible to clearly and unambiguously identify you.

  7. Right to complain with a supervisory authority

    8. You have the right to file a complaint with a data protection authority. You can appeal, i.a., to the data protection authority, which is competent for your place of residence or your state or to the data protection authority which is competent for us.

    Competent for Germany is:
    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

    Postfach 10 29 32
    70025 Stuttgart
    Tel.: 0711/615541-0
    Fax: 0711/615541-15
    Email: poststelle@lfdi.bwl.de (mailto:poststelle@lfdi.bwl.de)

    For usage in all other countries please refer to the designated data protection authority

  8. Data security

    9. We undertake all necessary technical measures to ensure security of personal data:

    1. To protect your personal data from risks during transfer and from falling into the hands of third parties. These are each maintained at state-of-the-art levels.
    2. Data traffic between mtu Go Platform and RRS’s corporate network (back-end) system is encrypted.
  9. Changes to our privacy policy

    10. Any changes we may make to our privacy policy in the future will be published here.