Cookie-Policy

We employ various technical aids such as cookies and other tracking and analysis technologies when you use the BVG Muva app.

Cookies are small text files or information that are stored on your device so that certain information can be transmitted to the entity that sets the cookie (in this case, us or the services we use). They are used to make the BVG Muva service more user-friendly and effective as a whole. In addition to cookies, other technologies based on similar technical mechanisms may also be used. This, again, allows us to process data for the purposes described below.

Essential: The technical design of the BVG Muva app requires us to use certain technologies that are essential for the (full and correct) display and use of the app. You cannot opt out of these technologies if you want to use the BVG Muva app. The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Access to data on your device does not require consent, as it is technically necessary pursuant to Section 25(2)(2) of the Telecommunications and Telemedia Data Protection Act (TTDSG).

Functional: Functional technologies are used to measure certain events during use of the BVG Muva app in order to improve its functions for our users, without these functions being technically necessary. The legal basis for this is your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.

Marketing: Some technologies allow us to collect and analyse user behaviour so that we can use this information to improve our marketing and show you more relevant services. The legal basis for this is your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.

In particular, we use the following services for these purposes, which are provided by our processor ViaVan GmbH:

1. Essential technologies

1.1 Firebase Crashlytics

1.1.1 Purpose and scope of data processing

Firebase Crashlytics processes data on the operation of the app, including the type of operating system used, information on malfunctions in use (type of malfunction, time of malfunction, duration of malfunction, use of the app at the time of the malfunction), and device information. When malfunctions or problems occur during use of the app, we can use this data to obtain an overview of malfunctions and weight them according to their relevance for use in order to ensure efficient troubleshooting and ensure the stability of the app.

1.1.2 Contracted service provider

Google LLC
1600 Amphitheatre Parkway
Mountain View
USA

1.1.3 Relationship between the BVG and the service provider

Google LLC is contracted for the use of Firebase Crashlytics in connection with a processing contract pursuant to Article 28 of the GDPR.

1.1.4 Legal basis for data processing

The legal basis for data processing is Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG. We have a legitimate interest in identifying and eliminating stability issues that affect the quality of the app. This also increases the user-friendliness of the app for our customers.

1.1.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses.

1.2 Google Maps

1.2.1 Purpose and scope of data processing

Google Maps processes your IP address, certain device data, and location data, thereby allowing you to display the mobility service at your location and the route you request.

1.2.2 Contracted service provider

Google LLC
1600 Amphitheatre Parkway
Mountain View
USA

1.2.3 Relationship between the BVG and the service provider

Google LLC is contracted for the use of Google Maps as a separate controller.

1.2.4 Legal basis for data processing

The legal basis for data processing is Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG. The use of Google Maps allows us to make use of the app appealing and easy.

1.2.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses.

1.3 Leanplum

1.3.1 Purpose and scope of data processing

LeanPlum is a mobile marketing platform that we use to test various technical functions in our BVG Muva app. In particular, Leanplum helps us to set up and deliver notifications to improve your user experience. LeanPlum allows other services to set up complex in-app messages, for example, without the need for complex technical integration. Leanplum processes users’ names, email addresses, certain device data, and location data.

1.3.2 Contracted service provider

LeanPlum, Inc.
1550 Bryant Street, Ste. 525
San Francisco
USA

1.3.3 Relationship between the BVG and the service provider

Leanplum is contracted in connection with a processing contract pursuant to Article 28 of the GDPR.

1.3.4 Legal basis for data processing

The legal basis for data processing is Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG. We have a legitimate interest in the efficient and reliable design of app notifications, which is also in the interest of our users.

1.3.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses.

1.4 mParticle

1.4.1 Purpose and scope of data processing

mParticle provides a central customer data platform in which user data is managed and, where applicable, passed on to the other tracking and analysis services set out in this privacy policy without the need for separate technical integration. Depending on the purpose for which mParticle passes on data, its services are considered as essential, functional, or marketing-related.

1.4.2 Contracted service provider

mParticle, Inc.
257 Park Ave S Floor 9
New York
USA

1.4.3 Relationship between the BVG and the service provider

Branch Metrics, Inc. is contracted in connection with a processing contract pursuant to Article 28 of the GDPR.

1.4.4 Legal basis for data processing

Data processing is based either on Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG, insofar as the data is managed or passed on for essential purposes, or on Article 6(1)(a) of the GDPR and Article 25(1) of the TTDSG, insofar as the data is passed on for functional or marketing purposes.

1.4.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses.

2 Functional technologies

2.1 Google Analytics for Firebase

2.1.1 Purpose and scope of data processing

Device information, information on the used app, data on app usage, location data, user ID, and information on individual requests within the app (events) are processed for Analytics. The data is used to analyse user behaviour and, based on the result, make decisions relating to product and marketing optimisation.

2.1.2 Contracted service provider

Google LLC
1600 Amphitheatre Parkway
Mountain View
USA

2.1.3 Relationship between the BVG and the service provider

Google LLC is contracted for the use of Google Analytics in connection with a processing contract pursuant to Article 28 of the GDPR.

2.1.4 Legal basis for data processing

The legal basis for data processing is Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.

2.1.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses and your consent pursuant to Article 49(1)(a) of the GDPR.

2.2 Branch

2.2.1 Purpose and scope of data processing

Branch provides deep linking solutions to securely and reliably connect the BVG Muva app with other apps and services, such as integration with external trip planning apps (e.g. BVG Fahrinfo) or mobility as a service apps (e.g. Jelbi). For this purpose, Branch collects your email address and certain device data.

2.2.2 Contracted service provider

Branch Metrics, Inc.
1400 Seaport Blvd, Building B, 2nd Floor
Redwood City
USA

2.2.3 Relationship between the BVG and the service provider

Branch Metrics, Inc. is contracted in connection with a processing contract pursuant to Article 28 of the GDPR.

2.2.4 Legal basis for data processing

The legal basis for data processing is Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.

2.2.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses and your consent pursuant to Article 49(1)(a) of the GDPR.

2.3 mParticle

2.3.1 Purpose and scope of data processing

mParticle provides a central customer data platform in which user data is managed and, where applicable, passed on to the other tracking and analysis services set out in this privacy policy without the need for separate technical integration. Depending on the purpose for which mParticle passes on data, its services are considered as essential, functional, or marketing-related.

2.3.2 Contracted service provider

mParticle, Inc.
257 Park Ave S Floor 9
New York
USA

2.3.3 Relationship between the BVG and the service provider

Branch Metrics, Inc. is contracted in connection with a processing contract pursuant to Article 28 of the GDPR.

2.3.4 Legal basis for data processing

Data processing is based either on Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG, insofar as the data is managed or passed on for essential purposes, or on Article 6(1)(a) of the GDPR and Article 25(1) of the TTDSG, insofar as the data is passed on for functional or marketing purposes.

2.3.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses and your consent pursuant to Article 49(1)(a) of the GDPR.

3 Marketing

3.1 AppsFlyer

3.1.1 Purpose and scope of data processing

AppsFlyer processes certain device data, in particular in relation to the installation. This allows us to obtain insights into the success of our app campaigns and learn through which channel, via which platform, and on the basis of which campaign the app was installed.

3.1.2 Contracted service provider

AppsFlyer Ltd.
111 New Montgomery St #400
San Francisco
USA

3.1.3 Relationship between the BVG and the service provider

AppsFlyer Ltd. is contracted in connection with a processing contract pursuant to Article 28 of the GDPR.

3.1.4 Legal basis for data processing

The legal basis for data processing is Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.

3.1.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses and your consent pursuant to Article 49(1)(a) of the GDPR.

3.2 mParticle

3.2.1 Purpose and scope of data processing

mParticle provides a central customer data platform in which user data is managed and, where applicable, passed on to the other tracking and analysis services set out in this privacy policy without the need for separate technical integration. Depending on the purpose for which mParticle passes on data, its services are considered as essential, functional, or marketing-related.

3.2.2 Contracted service provider

mParticle, Inc.
257 Park Ave S Floor 9
New York
USA

3.2.3 Relationship between the BVG and the service provider

Branch Metrics, Inc. is contracted in connection with a processing contract pursuant to Article 28 of the GDPR.

3.2.4 Legal basis for data processing

Data processing is based either on Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG, insofar as the data is managed or passed on for essential purposes, or on Article 6(1)(a) of the GDPR and Article 25(1) of the TTDSG, insofar as the data is passed on for functional or marketing purposes.

3.2.5 Transfer mechanism

Any transfer of data to countries outside the EU/EEA is based on EU standard contractual clauses and your consent pursuant to Article 49(1)(a) of the GDPR.