Skip to main content

Best viewed in portrait mode

Cruise Munich Privacy Policy

Effective Date: May 2, 2022

1. Privacy Policy

Data controller, responsible for processing your personal data:

Name/Company name: Cruise Munich GmbH Address: Caroline-Herschel-Straße 2, 85521 Ottobrunn, Germany E-Mail: munich@getcruise.com

2. Contact details of the data protection officer

You can reach our data protection officer under the address above or at:

dpo@getcruise.com

3. Security and protection of your personal data

We consider it our primary responsibility to maintain the privacy of the personal data you provide to us and to protect it from unauthorized access. Therefore, we apply reasonable diligence and security standards to ensure protection of your personal data.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

4. Information about the collection of personal data when contacting us.

When contacting us by e-mail or via contact form, the data you provide (your e-mail address, name and, if applicable, further data provided by you, like your telephone number) will be stored by us. This is for the purpose of processing and answering your request and to be able to contact you for this purpose. The legal basis is Art. 6 para. 1 lit. b GDPR. We delete the data generated in this context as soon as the storage is no longer necessary or the processing will be restricted, unless there are legal obligations to retain the data.

5. Information about the collection of personal data when visiting our website

In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. This website consists of composed static programme files without a backend server. If you wish to view our website, we therefore only collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security:

  • IP address

  • Date and time of the request

  • Time zone difference from Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • Amount of data transferred in each case

  • Website the request stems from

  • Browser

  • Operating system and its interface

  • Language and version of the browser software

The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the provision and security of our website.

6. Integration of Third Party Content

We have also integrated content from third-party providers on our website. This content is loaded from the servers of the respective providers, so that certain technically necessary data is retrieved from your end device by the third-party provider. In particular, it is not ruled out that these providers can take note of the IP address assigned to you. Insofar as personal data is processed, this is done on the basis of the privacy policies of the respective third-party providers. The integration by us is based on our legitimate interests in being able to provide our users with the relevant content and functionalities and to operate our website economically, as well as the fact that your legitimate interests are not predominant, Art. 6 para. 1 lit. f GDPR.

On this website, we use Google Fonts, a service provided by Google. This enables us to display the website in certain fonts. You can find Google's privacy policy here: https://policies.google.com/privacy?hl=de. You can find more information on data processing at Google Fonts here: https://developers.google.com/fonts/faq.

7. Transfer of data and categories of recipients

Apart from the cases described above, your personal data will only be transferred without your explicit prior consent in the following cases:

(1) If it is necessary for the investigation or prosecution of an illegal use of our services, personal data will be forwarded to the prosecution authorities. A transfer can also take place if it serves to enforce terms of use or other agreements. We will also share personal data if we have a good-faith belief that disclosure of the information is reasonably necessary to meet any applicable law or enforceable governmental request.

This data is transferred on the basis of our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting, and enforcing claims, an interest that your rights and interests in the protection of your personal data do not outweigh (Art. 6 para. 1 lit. f GDPR), or on the basis of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.

(2) We pass on personal data to auditors, accounting service providers, lawyers, banks, tax advisors and similar bodies, insofar as this is necessary for the provision of our services (Art. 6 para. 1 lit. b GDPR) or the proper conduct of business (Art. 6 para. 1 lit. f GDPR) or if we are obliged to do so (Art. 6 para. 1 lit. c GDPR).

(3) We rely on contractually affiliated third-party companies and internal and external service providers ("contractors") to provide the services. In such cases, personal data will be passed on to these data processors to enable them to process the data further. These data processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The data processors may use the data exclusively for the purposes specified by us and are furthermore contractually obliged by us to treat your data exclusively in accordance with this data protection declaration and the German data protection laws.

The transfer of data to data processors is based on Art. 28 para. 1 GDPR.

(4) In the course of the further development of our business, it is possible that the structure of Cruise Munich GmbH may change by changing the legal form, founding, buying or selling subsidiaries, or parts of companies or components. In such transactions, customer information is transferred together with the part of the company to be transferred. Whenever personal information is transferred to third parties in the scope described above, we ensure that this is done in accordance with this privacy policy and the relevant data protection laws.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary (Art. 6 para. 1 lit. f GDPR).

(5) If our service providers or partners are established in a country outside the European Economic Area (EEA), data transfers will only be carried out in accordance with the requirements of Art. 44 et seq. GDPR; in particular on the basis of standard data protection clauses adopted by the Commission.

8. Your rights as a data subject

As a data subject, you may exercise the rights described below. To assert your rights, you can contact us via the contact channels mentioned above.

(1) Revocation of consent

To the extent that the processing of personal data is based on consent, you have the right to revoke the consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the point of revocation.

(2) Right of access to information

You have the right to receive information from us at any time upon request about the personal data processed by us concerning you, to the extent and under the conditions of Art. 15 GDPR and § 34 BDSG.

(3) Right to rectification

You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.

(4) Right to erasure ("Right to be forgotten“)

You have the right, under the conditions described in Art. 17 GDPR and Sect. 35 BDSG, to request us to delete the personal data concerning you.

(5) Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR.

(6) Right to data transferability

You have the right to receive from us the personal data concerning you that you have provided us with in a structured, common, machine-readable format in accordance with Art. 20 GDPR.

(7) Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6, para. 1, lit. e or f of the GDPR; this also applies to profiling based on these provisions. We will stop processing your personal data, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

(8) Right to appeal to a supervisory authority

You also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged violation, if the data subject considers that the processing of personal data relating to you infringes this Regulation.

9. Changes to this Privacy Policy

We may update this Statement from time to time. We will do so by posting additions or modifications to this page.