Basics
For autobird, the European "General Data Protection Regulation (GDPR)" is the measure of all things, which establishes regulations for the protection or appropriate and proper use of personal data in the autobird system.
Overall, autobird adheres to the following seven data protection principles based on the GDPR:
- Lawfulness, fairness, and transparency
autobird processes personal data only for the use of the autobird system and only after users of the autobird system have consented to storage. - Purpose Limitation
autobird uses personal data only for the purpose for which they were provided. This purpose is limited to information about the autobird system and the operation of the autobird system. There is no transfer of data for advertising purposes or data collection. - Data Minimization
autobird collects as little personal data as possible. - Accuracy
autobird keeps stored personal data up to date and corrects or deletes incorrect data. - Storage Limitations
autobird does not keep personal data longer than necessary and subsequently deletes or anonymizes it. - Integrity and Confidentiality
autobird keeps personal data secure and protects it from unauthorized processing. - Accountability
autobird is able to demonstrate continuous compliance with the GDPR.
The terms "App", "Connector", "autobird", "Partner", "Auto-User", "General User", "Sponsor", etc. used below are described in the Terms of Use, see:
Eight scenarios
Data is processed on different occasions or in different scenarios:
- Website (not logged in)
- Website (logged in, especially as Partner)
- General User
- Partner
- Auto-User
- Vehicle
- Connector
- Driving without being Auto-User
Details of the scenarios including the processed data are presented separately in the following sections.
1. Website (not logged in)
Actually, autobird would prefer not to store any data at all from visitors to the website. But unfortunately, all modern websites like autobird's store at least some data in the form of "cookies", for example to recognize sessions, to adopt language settings or to store data over a longer period of time with the user. In addition, website fonts, especially from Google, are used, which also requires data exchange and user consent.
Furthermore, data storage of analysis tools such as Google Analytics will possibly be applied in order to statistically track visitor behavior and to be able to optimize the website based on this knowledge (how long which page was visited, which pages were called one after the other, which pages are rarely visited, etc.). Likewise, solutions such as pixel tags may be used to make visitor sessions traceable.
The website used by autobird, which is part of the internationally known ERP software solution "Odoo", also uses cookies. The website used by autobird also uses Google fonts, especially the font "Comfortaa". Although a user is not logged into our autobird website, the user's IP address still may be used by Google to track his or her behaviour.
The autobird website is ad-free and therefore does not use embedded third-party advertisements over which autobird would have no direct influence.
Our cookie policy with details on the content of cookies is provided externally and can be accessed here:
2. Website (logged in, as partner)
For normal visitors to the website, registration is not required.
For Partners, however, who place orders via the website, registration is required. Likewise, registration is required to use advanced processes and user-specific functionalities of the website and the associated web offering, such as support processes, discussion forums, event bookings and shopping functionalities.
For this purpose, registration with the internationally known ERP software solution "Odoo" used by autobird is required. Within the scope of this registration, contact information about the user and the partner is stored, which is necessary for the general maintenance of the business relationship with the partner as well as for the processing of orders, returns, financial transactions, etc.. Users of more extensive processes and user-specific functionalities (e.g. support, forums, bookings, shopping) also provide the information required for the respective functionalities.
If certain functionalities, e.g. the processing of eCommerce financial transactions, require downstream service providers of the data processor, there are Data Processing Agreements (DPA) directly with autobird. Alternatively, Odoo as data processor ensures that downstream Data Processing Agreements with further data processors exist that comply with legal requirements. In the interest of transparency, autobird will use all options available in the context of the relevant transaction to show the existence of downstream service providers.
In terms of the GDPR, autobird is a "data controller" on whose behalf Odoo processes personal data as a "data processor". autobird ensures that the Data Processing Agreement (DPA) with Odoo complies with the guidelines of the GDPR. This contract, which corresponds to the standard clauses of Odoo, specifies the mutual rights and obligations, transparently names downstream processors (sub-processors) and can be read on the Internet, e.g. here.
3. General User (logged in, as partner)
As described in the Terms of Use, registration as a "General User" is required to become an Auto-User, to create Partners, or to work for Partners. In other words, the General User is the prerequisite to use any functionalities within the App. Technically, General Users serve to keep different user accounts of the App apart.
In the course of registering as a General User, a user account is created. This user account consists of an authentication component and a set of data that is stored for the General User.
autobird uses the authentication and data storage functions of the internationally known database solution "Firebase", which is provided by Google. Hereafter, this solution will be referred to as "Firebase/Google".
The data stored in Firebase/Google is processed and stored in the region "europe-west" with the specific locations "europe-west1" (Belgium), "europe-west4" (Netherlands) and "europe-north1" (Finland). All data processing sites are located within the European Union (EU).
Although all essential data is processed and stored within the EU, there is one (often obscured) exception: in the case of a central, globally possible authentication, the corresponding characteristics (email address and database-internal, globally unique identifier, GUID) must also be processed globally, i.e. outside the EU, for technical reasons. Simple rationale: With globally distributed databases, as is the case with Firebase/Google, it must be possible to check the uniqueness of the user at all globally distributed locations.
Specifically, the following data is stored for the user account:
| Data | Purpose |
| Email address | The email address is stored for several reasons:
A transfer to third parties for advertising or analysis purposes will NOT take place. |
| Phone number | The mobile phone number is stored in order to enable optional telephone registration via SMS sent and, if necessary, to be able to carry out forensic investigations regarding the assigned person in the event of legal requirements for the clarification of criminal offences. |
| Time stamps | The Firebase/Google solution automatically stores the times of the first registration as well as the time of the last login. |
| Database-internal identifiers | Unique, technical identifiers within the Firebase/Google system to enable global authentication (via a GUID ) on the one hand and to ensure logical differentiation of General Users within the autobird system on the other hand. |
| Profile image (taken via the app or uploaded as an image file) | Optical marking of the general user to display a profile picture for a General User in the App. |
| Name (Name or nickname of the General User) | Textual tag of the General User to display a name for a General User in the app. |
| Acceptance Terms of Use and Data Protection / Privacy policy | Fact and time of acceptance of the terms of use to determine whether the General User has agreed to the Terms of Use and the Data Protection / Privacy policy, and can therefore use the autobird system. |
| Acceptance of phone use vis-à-vis other General Users | Fact whether the stored phone number may be made available to other General Users. |
| Acceptance of phone use via the "WhatsApp" service to other General Users. | Fact whether the stored phone number may be used to send WhatsApp messages to other Auto-Users of the same vehicle. |
| Acceptance of email use to other general users | Fact whether the stored email address may be made available to other General Users. |
| Acceptance of telephone use towards the Partner (as Sponsor) | Fact whether the stored telephone number may be made available to the Partner. |
| Acceptance of phone usage via the "WhatsApp" service to the Partner (as Sponsor). | Fact whether the stored phone number may be used to send WhatsApp messages to the Partner. |
| Acceptance of email use towards the Partner (as Sponsor) in the case of the Auto-User. | Fact whether the stored email address may be made available to the Partner. |
| Activation of demo tile | Fact which demo tiles are displayed on the overview page of the App. |
| App Notification Tokens | Technical tokens used to send push notifications to the App. These are provided by the device and must be stored centrally for use. Obsolete tokens are deleted on a regular basis. |
Further data will be stored about the General User as soon as he or she creates or works for one or more Partners or is an Auto-User of one or more vehicles, see following sections.
Data of the General User will be stored exclusively to provide the services provided by autobird or to communicate with the General User within the scope of these services. The data will not be passed on to third parties for advertising or analysis purposes.
In terms of the GDPR, autobird is a "data controller" on whose behalf Firebase/Google processes personal data as a "data processor". autobird ensures that the Data Processing Agreement (DPA) with Firebase/Google complies with the guidelines of the GDPR. This contract, which corresponds to the standard clauses of Firebase/Google, specifies the mutual rights and obligations, transparently names downstream processors (sub-processors) and can be read on the Internet, e.g. here.
4. Partner
If a General User creates a Partner or works for a Partner, additional data of the Partner will be processed and stored. The Partner is usually a legal entity with a registered trade.
With regard to a Partner, two authorization levels are possible for a General User: Full authorization enables the modification of all data of the Partner as well as granting other General Users the permission to work for the Partner. Furthermore, with full authorization, new vehicles and Connectors can be created and managed. With limited authorization, only new vehicles and connectors can be created and managed.
As with the General User, the internationally known database solution "Firebase", from Google is also used (hereinafter referred to as "Firebase/Google").
The data stored in Firebase/Google is processed and stored in the region "europe-west" with the specific locations "europe-west1" (Belgium), "europe-west4" (Netherlands) and "europe-north1" (Finland). All data processing sites are located within the European Union (EU).
Specifically, the following data is stored for a Partner:
| Data | Purpose |
| Full name of the Partner | Full name (as entered in the commercial register in the case of a legal entity, for example) in order to name the Partner correctly in the App and in emails. |
| Short name of the Partner | Shortened name (usually without legal form) as used in communication to name the Partner in the App and in emails and messages. |
| Partner address | Complete address consisting of street, house number, city and country of the partner to designate the Partner's location in the App and in emails. |
| Partner phone | International dialing code and phone number of the Partner to show the Partner's availability by phone in the App and in emails. |
| Partner mobile number | For being able to tell if the Partner offers WhatsApp as a contact method. |
| Partner email | The storage serves the purpose of ensuring that the Partner can be reached by email. |
| Partner Tax ID | The storage serves the purpose of identifying the Partner as a business partner on the basis of his tax number, e.g. the VAT identification number. |
| Partner web address | Internet address (URL) of the Partner's website |
| Image or logo of the partner in larger and smaller version | Visual identification of the Partner by stored image files in two formats: Flat format as well as larger, almost square format. |
| Inclusion of the name | Fact whether the visual identification of the Partner already contains the name of the Partner in a clearly legible form. In this case, a repetition of the name in text form can be avoided in the App. |
| Registration time | Time since which the Partner has been created in the database (for plausibility check). |
| Number and identification of General Users working for the Partner | This is used for display in the App for the Partner as well as for logical assignment. |
| Number and identification of vehicles / Connectors managed under the Partner | This is used for display in the App for the Partner as well as for logical assignment. |
| Assignment of Partner to General Users | The assignment of the Partner to one or more General Users working for the Partner, at different authorization levels, is stored both for the Partner and also for each General User involved. |
Data of the partner will only be stored to provide the services provided by autobird or to communicate with the partner within the scope of these services. A transfer of data to third parties for advertising or analysis purposes does not take place.
In terms of the GDPR, autobird is a "data controller" on whose behalf Firebase/Google processes personal data as a "data processor". autobird ensures that the Data Processing Agreement (DPA) with Firebase/Google complies with the guidelines of the GDPR. This contract, which corresponds to the standard clauses of Firebase/Google, specifies the mutual rights and obligations, transparently names downstream processors (sub-processors) and can be read on the Internet, e.g. here.
5. Auto-User
If a General User uses the autobird system in relation to a vehicle that has been equipped with a Connector in order to use data of the vehicle in the App, additional data will be processed and stored as an Auto-User.
With respect to an Auto-User, two levels of authorization are possible: full authorization allows changing the available master data of the vehicle, viewing all displayed vehicle status and position data, as available from the Connector, as well as the possibility of changing the Partner as sponsor for the vehicle. With limited authorization of a "visitor", only vehicle status data can be displayed.
As with the General User, the internationally known database solution "Firebase" from Google is used (hereinafter referred to as "Firebase/Google").
The data stored in Firebase/Google is processed and stored in the region "europe-west" with the specific locations "europe-west1" (Belgium), "europe-west4" (Netherlands) and "europe-north1" (Finland). All data processing locations are within the European Union (EU).
The Auto-User is usually a natural person who, as an end customer and end user, is particularly deserving a very high level of data protection and privacy. For this reason, only an absolute minimum of information is processed and stored, see the following table.
Specifically, the following data is stored for the Auto-User:
| Data | Purpose |
| Role of the Auto-User in relation to a specific vehicle | Whenever there is a relationship in the autobird system between a vehicle and an Auto-User, the unique vehicle identification number (VIN) and the authorization level in relation to this vehicle are stored (full authorization or restricted visitor authorization). |
| Display of position data of a vehicle | The Auto-User's preference to display position data for this vehicle in the App is saved. |
| Last message from the Partner to Auto-Users of the vehicle | Messages sent by a Partner in relation to a vehicle are also stored with each Auto-User associated with that vehicle. Only the last message is saved directly with the Auto-User. Further messages are saved to the vehicle. |
Data of the Auto-User is stored exclusively to provide the services provided by autobird. A transfer of data to third parties for advertising or analysis purposes does not take place.
In terms of the GDPR, autobird is a "data controller" on whose behalf Firebase/Google processes personal data as a "data processor". autobird ensures that the Data Processing Agreement (DPA) with Firebase/Google complies with the guidelines of the GDPR. This contract, which corresponds to the standard clauses of Firebase/Google, specifies the mutual rights and obligations, transparently names downstream processors (sub-processors) and can be read on the Internet, e.g. here.
6. Vehicle
If a Partner or an Auto-User creates a vehicle in autobird to which one or more Auto-Users can be connected, additional data of the vehicle will be processed and stored.
As with the General User, the internationally known database solution "Firebase", is also used by Google (hereinafter referred to as "Firebase/Google").
The data stored in Firebase/Google is processed and stored in the region "europe-west" with the specific locations "europe-west1" (Belgium), "europe-west4" (Netherlands) and "europe-north1" (Finland). All data processing sites are located within the European Union (EU).
Specifically, the following data is stored for the vehicle:
| Data | Purpose |
| Unique vehicle identification of the vehicle | The stored vehicle identification number (VIN) of the vehicle or the stored identification number of the Connector, in combination with a time stamp of the creation in the app, forms a globally unique identifier. The unique vehicle identification is required to guarantee the assignment logic in the autobird system. |
| Partner as assigned Sponsor for the vehicle | If a Partner assigned to the vehicle as a Sponsor, the relationship is stored to ensure the assignment logic in the autobird system. |
| Official license plate of the vehicle | The license plate number is stored to display it in the app. |
| Colors and font of the license plate | The visual appearance of the license plate in terms of colors and font is stored in order to attractively represent the license plate in the App. |
| Image of the vehicle (taken via the app or uploaded as an image file) | Saving one or more image files is used to be able to visually represent vehicle in the app. |
| Textual description of the vehicle | Saving a text is used to be able to display a description of the vehicle in the App. |
| Manufacturer and model | The manufacturer and model of the vehicle are stored in order to be able to display this information in the App. |
| Internal reference of the Partner | In case of a Sponsor, a Partner's individual reference ID of a vehicle is stored in order to enable the Partner to identify the vehicle in internal systems. This information is not displayed to the Auto-User in the App. |
| First registration or commissioning date | First registration date as a typical feature of a vehicle, or commissioning date of a Connector, is stored to ensure identity and enable distinguishability. |
| Vehicle specific data | Additional data on the vehicle such as drive type, tank or battery capacity, tire sizes or inspection times can be stored, as can free text information, in order to be retrievable in the app or to enable calculations (e.g. for tank capacity). |
| Identification and type of connector used for the vehicle | For each vehicle, the identification of the associated Connector is stored, if available, to ensure a logical assignment to both the device and the Connector's data processing. |
| Validity period of the Connector used for the vehicle | The validity period of the Connector is stored to control the usability of the autobird system for a Connector or a vehicle equipped with Connector and to enable the display in the App. |
| Number and profile picture reference of assigned Auto-Users | In order to enable an assignment of Auto-Users to the vehicle, this relationship is also stored to the vehicle, incl. the references to the profile pictures of the Auto-Users required for correct display in the App. |
| Messages from the partner to the Auto-Users of the vehicle | In case of a Sponsor, messages sent by a Partner in relation to a vehicle are saved to the vehicle in order to be able to display them to the associated Auto-Users in the App. The number of existing messages is also stored in order to overwrite older messages with newer ones and thus delete them permanently. |
| Reply to the message from the Partner | In case of a Sponsor, messages sent by the Partner can be answered by one of the assigned Auto-Users of the vehicle. The possible responses are also specified by the Partner. Type of response, time and Auto-User are stored to support the functionality of the App. |
| Trouble Codes of the vehicle | Error messages or Trouble Codes received from the vehicle are saved to the vehicle in order to make this information available to all Auto-Users and, in case of a Sponsor, to give them the opportunity to report the information to the Partner via the functionality of the App. |
Data about the vehicle is stored exclusively to provide the services provided by autobird. A transfer of data to third parties for advertising or analysis purposes does not take place.
In terms of the GDPR, autobird is a "data controller" on whose behalf Firebase/Google processes personal data as a "data processor". autobird ensures that the Data Processing Agreement (DPA) with Firebase/Google complies with the directives of the GDPR. This contract, which corresponds to the standard clauses of Firebase/Google, specifies the mutual rights and obligations, transparently names downstream processors (sub-processors) and can be read on the Internet, e.g. here.
7. Connector
After a Partner or an Auto-User fits a vehicle with a connector, data is processed and stored.
To ensure a conceptual separation of personal user data and Connector data coming from the vehicle, different providers with different data centers are used.
For data from the Connector, the internationally known IoT data service "Flespi" is used. The data stored by Flespi is stored in the Europe region (Netherlands and Lithuania). All data processing locations are within the European Union (EU).
Specifically, the following data is stored for the Connector:
| Data | Purpose |
| Identification and type of Connector used for the vehicle | Identification and type of a Connector are stored to ensure a logical assignment within the autobird system. This also includes the assignment to data originating from other data sources (esp. Firebase/Google). |
| Technical parameters of the Connector such as internal battery voltage of the device as well as external applied voltage | The Connector transmits technical parameters on its own operating status. These are transmitted, stored for a limited period of time and then permanently deleted. Functionalities of the autobird system are derived from this data and can be used via the App. |
| Position data and sensor data of the Connector | The Connector transmits position data determined via an included satellite navigation module as well as other data from motion sensors and other device sensors of the connector. Position and sensor data are transmitted, stored for a limited period of time and then permanently deleted. This data is used to derive functionalities of the autobird system that can be used via the app. Important: Position data can only be used by car users in the app. Partners, on the other hand, generally do not have access to position data. |
| Vehicle data received by the Connector in read-only mode from the vehicle | The Connector transmits vehicle data. This data is read in read-only mode, transmitted, stored for a limited period of time, and then permanently deleted. Functionalities of the autobird system are derived from this data, which can be used via the App. Important: Vehicle data is read out via the OBD2 interface in read-only mode, i.e. without intervention in the vehicle's data. The functionality of the vehicle is therefore conceptually not affected by autobird. |
| Derived and calculated vehicle data | From the data transmitted by the Connector, further data on the vehicle status, driving behavior and trip history are determined and stored. From this data, functionalities of the autobird system are derived, which can be used via the App (e.g. trips of the last week). |
Data of the Connector is stored exclusively to support the services provided by autobird. The data is not passed on to third parties for advertising or analysis purposes.
Connector data is stored for a limited period of time, typically 2 weeks for journey data and 1 year or less for telemetry data, and then deleted, unless required by law to investigate criminal activity. It is not technically possible to restore data once it has been deleted.
In terms of the GDPR, autobird is a "data controller" on whose behalf Flespi processes data as a "data processor". autobird ensures that the Data Processing Agreement (DPA) with Flespi complies with the guidelines of the GDPR. This contract, which complies with the standard clauses of Flespi, specifies the mutual rights and obligations, transparently names downstream processors (sub-processors) and can be read on the Internet, e.g. here.
8. Driving without being Auto-User
A vehicle equipped with a Connector transmits data. To make this fact clear, especially to drivers who are NOT Auto-Users, the Partner acting as a Sponsor obtains the customer's written consent to data transmission as follows:
This vehicle is equipped with an autobird connector that transfers data online to the autobird app.
autobird detects if your car is on the road and transfers important data to your smartphone, including position, condition of the vehicle, and even problems should they occur.
autobird is provided to you as a modern service by your autobird partner (see above). If you use autobird, it is subject to autobird's Terms of Use, which you accept after installing the autobird app.
For data transmission, an autobird connector is plugged into the so-called OBD2 port of this vehicle. The location of this connector (usually visible in the driver's footwell) has been explained to you by your autobird partner. The data is transmitted from the vehicle directly to autobird. Your autobird partner has no access to position data.
With the autobird app you and other drivers of this vehicle can receive the data of this vehicle. Please inform all drivers of this vehicle about this data connection and invite them to use the autobird app if applicable. You can find the autobird app in the usual app stores or on https://www.autobird.io/app.
Please do not use the autobird connector on another vehicle.
If data transmission is temporarily not desired, you can unplug the autobird connector and plug it in again later. The data transfer ends only a short time after unplugging.
autobird is made available to you for a limited period of time that you can see in the autobird app. To extend the duration, please contact your autobird partner.
If you don't want to use autobird anymore, please return the autobird connector to your autobird partner.
The transfer and storage of data is done strictly according to the legal regulations in Germany or Europe (DSGVO, GDPR). For example, data will never be shared with third parties and will be deleted after the usage period. You can see the complete regulations on data protection and the terms of use for the autobird app during registration or on the net: https://www.autobird.io/legal
I have understood the above data protection agreement and agree to the data transfer from the vehicle to autobird.
9. Live Sharing to Anonymous Users
Auto-Users have the option to „Live Share” their location to anonymous users, e.g., to recipients in social networks. If Auto-Users make use of Live Sharing, they agree that some data, as specified below, will be shared with recipients who are typically not registered as General Users. Consequently, this data must therefore be considered as globally published on the Web.
| Data | Purpose |
| Identification of the Connector used for the vehicle | In the course of Live Sharing, the identification of the Connector will become visible to anonymous users, and must therefore be considered as globally published. |
| Validity Period | Live Sharing is limited in time. This time, which might be extended by the Auto-User, will be temporarily stored, become visible to anonymous users, and must be considered as globally published.. |
| Security Token | In the course of Live Sharing, security tokens are created, temporarily stored, become visible to anonymous users, and must be considered as globally published. |
| Location and Time | In the course and during the validity period of Live Sharing, the latest known location of the vehicle or the Connector becomes visible to anonymous users, and must be considered as globally published. |
| Trace | In the course and during the validity period of Live Sharing, a trace of previous locations becomes visible to anonymous users during an ongoing session. This trace must also be considered as globally published. |
| License Plate | In the course and during the validity period of Live Sharing, the License Plate store for the vehicle becomes visible to anonymous users, and must be considered as globally published. |
Important remark: Please note that stored data of the General User or Auto-User, like name or contact details, or data of the Vehicle, like make or model, VIN, or other vehicle-related details, will NOT become available to anonymous users during Live Sharing.
Updates and Change History
This document reflects the status as of 01-SEP-2023
At this place, we will inform you about changes to data protection.
Change History
In relation to the previous version, dated 01-JAN-2023, the following aspects have been added: Consideration of a new product variant that does not require a Sponsor and consideration of a new product option that offers live sharing to anonymous recipients
Design Odoo templates easily with clean HTML and Bootstrap CSS. These templates offer a responsive, mobile-first design, making them simple to customize and perfect for any web project, from corporate sites to personal blogs.
Contact and Inquiry
autobird OÜ, Legal, Tornimäe tn 5
10145, Tallinn, Estonia, EU
You can reach us by email at the following address:
privacy@autobird.io