As a user of our intelligent automation platform AnyFleet, you share selected personal data with us. When it comes to data privacy, we apply the same high standards as we do to the quality of our products. Above all, we aim to provide you with full transparency on what happens to the data you share with us. We therefore set-up this data privacy statement providing you with the answers to: 

IDEALworks GmbH, Riesstraße 22, 80992 Munich, domicile and court of registry: Munich HRB 260546 (hereinafter “idealworks” or simply “we”) is the data controller in the meaning of the General Data Protection Regulation (hereinafter “GDPR”). We are responsible for the data processing as well as the measures to ensure data protection as described in the following.

As a company we follow a strict data-minimization approach, meaning that we only collect personal data that is necessary to ensure certain functionalities of our automation platform AnyFleet. Additionally, we will never request you to provide personal data without transparently communicating the purpose of its collection.

To allow secure and customized operations on AnyFleet we require you to create a user account. During registration, we will therefore ask you to provide your full name as well as your email address and telephone number (to enable 2-Factor-Authentication). To protect your privacy best as possible, we encourage you to only use business contact data at any time.
​
Once registered, we track all log-in attempts to your user account. We record the date and time of the request, the terminal device’s OS, web browser as well as local IP and associated location it was sent from, and the success status of the request.

Lastly, while you are using Anyfleet, we track all API (Application Programming Interface) requests to our backend associated with your user account based on a fully pseudonymized ID. These logs include the request’s date and time, type, success status, destination, and latency metrics.

On AnyFleet, each business customer is assigned their own environment - a so-called tenant. Hereby, you can for example manage several locations or sites under one account. Additionally, you can add users associated with different user roles (‘admin’, ‘read’, ‘write’, etc.) to your tenant to meet the requirements of the differing user personas (operators, logistic planners, etc.).

To ensure our customers’ secure operations on AnyFleet, we track log-in attempts to detect and report suspicious inquiries as soon as possible.

We allow for customization of user accounts through personalized view and email notification settings to enhance user experience.

These functionalities require user and access management and therefore personalized user accounts based on the minimal set of personal data described above.

On AnyFleet, we process personal data for three main purposes: user authentication, user management, and pseudonymized tracking of user activity.

Once you have registered, we will create an entry for your user account in a dedicated bucket on our cloud servers. Here, your contact and log-in data are stored to verify access requests to your account. Here, we also keep records of the last 100 access requests to notify you if we detect unusual behavior – for example a log-in attempt from an unusual device or location. If you lose your log-in credentials, we will use the contact details you provided to restore your account. Additionally, each user account is assigned a universally unique ID.
​
Each business customer executes their own user management on AnyFleet. Once handed over their tenant with their initial admin account, they can add further users as desired. As different positions require different access rights, users can be added with distinct roles. Additionally, we allow each user to personalize their account by, for example, adjusting email notification or view preferences. Linking each user to the right tenant, access rights and individual account settings also requires the processing of their provided credentials.

Lastly, we collect user activity logs to assess and enhance performance and user experience on AnyFleet. These logs are however based on the pseudonymized user IDs. Only when the user activity needs to be shared with other users, as for example in the user management or map activity log, is the information provided including the full names of the users. For the final display of the information, the IDs are therefore matched with the user’s full name as stored in its user account in the backend. This information is however exclusively accessible for users of the same tenant with the according access rights.

We execute every processing step of personal data in an appropriate and secure way to protect your privacy. For this purpose, we exclusively rely on established methods and technologies as listed in the following:

All uploading of data to as well as the storage on our cloud servers is fully encrypted using the TLS standard. Through cooperation with a leading cloud computing provider, we ensure that all infrastructure used for storage of personal data is state-of-the-art.

Access to the cloud bucket containing the user account information is only granted to few senior developers and managers who need it to fulfil their business duties. Annually, all access rights are formally reviewed and adjusted where necessary. All employees whose role requires them to process data have received adequate training.

Wherever personalized information does not require the personal data in a human-readable format, we rely on the pseudonymized IDs instead. The user IDs we use for tracking are so-called Universally Unique Identifiers (UUIDs). These are created fully randomized, such that we can assure that no natural person can be identified only through their associated ID.

Any user can decide to request the deletion of their account at any time, which leads to the immediate removal of their entry on the user account bucket. This way, all information including the user’s full name, provided contact details as well as the associated user ID is removed. 90 days after termination of a specific contract with a business customer, all tenants and user accounts including the access request histories associated with the contract are deleted in the same manner.

As all logs tracking user activity are exclusively based on the pseudonymised IDs, they can no longer be related to a natural person once their user-account has been deleted. Consequently, they are from this point on, no longer considered personal data according to GDPR.

For storing and administering our data, we rely on the infrastructure of our cloud computing provider. To provide personalized first level support on AnyFleet, we cooperate with a provider of automated customer service solutions.

We ensure that all our acquired processing services are based on EU servers and that all our subprocessors fully commit to GDPR-compliance and apply state-of-the-art security measures.

The legal basis for the collection and processing of the personal data related to the creation and verification of user accounts as described above is the fulfillment of the contractual obligations to securely provide AnyFleet’s functionalities to our business partners pursuant to Art. 6 (1) lit. b GDPR.
​
To provide the customer with the full set of personalized functionalities and assure authorized access only, the creation of user accounts is required. For this purpose, we process the user’s contact details and log-in attempts as described above. 

An additional legal basis for processing is idealworks’ legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have a keen interest in continually improving the user experience and overall functionalities of AnyFleet. Therefore, we collect pseudonymized logs of user activity to automate this process. 

As the party affected by the processing of your data, you may claim certain rights under the GDPR and other relevant data protection regulations. If you wish to execute any of your rights listed below or have any other questions regarding our privacy policy, please contact us with your concern by sending an email to [email protected].  

Under the GDPR, you are entitled to claim the following specific rights vis-à-vis idealworks as the data subject: 

You have the right to request information on the data we hold about you from us at any time. This information includes, but is not limited to, the categories of data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data. You can obtain a copy of your personal data associated with your user account from us free of charge. If you require multiple copies, we reserve the right to charge you for these copies.

You have the right to request that we rectify inaccurate data relating to you. Additionally, you have the right to have incomplete data completed upon your request. We will take reasonable measures to keep the data we hold and process about you accurate, complete, and up to date, based on the most current information available to us. 

You have the right to request that we erase your data, as long as the legal requirements for this are satisfied. This may be the case under Art. 17 GDPR if :

You have the right to request that we restrict processing of your data if 

You have the right to request that we transfer your data – if technically possible – to another responsible party. However, you may only enforce this right if data processing is based on your consent or is necessary for the performance of a contract. Rather than receiving a copy of your data, you may also ask us to submit the data directly to another responsible party specified by you.