Drive & Privacy Policy

Last update: 01/04/2024

What is this document? Pursuant to art. 13 and 14 European Reg. 2016/679 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, NATIX intends to inform you (“User” or “you”) about the processing of personal data happening on the app NATIX Drive& (hereinafter the “App”).

  1. Who processes information about me? We are NATIX GmbH (hereinafter “NATIX” or “Controller” or “we”, pursuant to art. 4(7) GDPR) with registered offices in Große Bleichen 32, 20354 Hamburg, Germany.

    The terms and definitions used in this Privacy Policy have the same meaning as in the Terms of use, unless otherwise stipulated in this Privacy Policy.

    We provide users the possibility to use the Detection Mode of the App as well as to use offers and benefits by third parties via this App and to provide them with Data. To do that, we need information about you. At NATIX, we are deeply committed to respecting and protecting the privacy of all our users. Our Privacy Policy is designed to provide transparency into our privacy practices and principles in a format that users can navigate, read, and understand. We are dedicated to treating your personal information with care and respect. Our Privacy Policy is designed to give you a comprehensive understanding of the steps that we take to protect the personal information that you share with us, and we would always recommend that you read it in full.

    You should also read our Terms of use which set out the contract between you and NATIX when you use our App.

    If you have any questions or comments on this policy, you can email us at: driverappsupport@natix.io 💡 DISCLAIMER

    This Privacy Policy covers our use of any information that can or could be used to identify you (“Personal Data”). It does not cover information which cannot be used to identify you (“Anonymous Data”).

  2. What Personal Data do we collect? The personal data we collect via the App is includes:

    1. Identity and contact data, such as your name (first name and last name), Internal Account ID and mailing/postal address.

    2. Credentials, such as your phone number, or email address and authentication token provided by Google Signin, Apple ID or Discord Signin, depending on which external accounts you choose to use and depending on your privacy settings with those.

    3. Demographic Data, such as your country of residency and age.

    4. Device and Usage Data, such as:

      1. Device location (GPS, Wi-Fi access points, mobile/cell tower triangulation): where detection mode is turned on/off, the location and type of detections that you make while using the App,

      2. Information about the Mobile Device: Device Identifiers, Device OS, Model, Settings,

      3. Mobile Device: OS software,

      4. Mobile Device: Configuration,

      5. IP Address,

      6. Browser Type,

      7. Browsed App Section, time spent on app section / feature, in-app links clicked, app settings and preferences, In-App Purchases,

      8. In-App Actions and Achievements,

        1. Mobile Device: Information about 3rd party applications and software installed on your device,

        2. Device and Advertising Identifiers.

We do not collect ‘special categories of personal data through the App, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or health information). We also do not collect information about criminal convictions and offences.

  1. How do we collect your Personal Data?

    1. Personal Data you provide to NATIX

      1. You are required to create an account to use the App. Such an Account can be created:

        1. By entering your email or phone number and creating a password. Where this is the case, the Personal Data we collect are the email address or the phone number used.

        2. With a supported external single sign-on service. Where this is the case, the Personal Data we collect also depends on which external accounts you choose to use and what your privacy settings with those services allow us to see when you use their services to access the App.

          1. If you choose to link your Google account to the App, we will collect your Google email address and an authentication token provided by Google;

          2. If you choose to link your Apple account to the App, we will collect your email address connected to your Apple ID account or a private relayed email address if you use the “Hide My Email” option provided by Apple.

          3. If you choose to link your Discord account to the App, we will collect your Discord email address and an authentication token provided by Discord.

      2. You also give us Personal Data when you communicate with us. Depending on what your interactions are, that Personal Data may include your name, mailing address, phone number, country of residency, age, and email address. We use that information to fulfill our obligations to you and to provide related customer support.

    2. Personal Data we collect automatically

      1. We collect and use your device location information as you use our App, including (i) where you turn on/off the detection mode on the App and (ii) the location and type of detections that you make while using the App. We identify the location of the detection you make using a variety of technologies, including GPS, the WiFi points you are accessing the App through and mobile/cell tower triangulation.

      2. We also collect and use certain information about your mobile device (including device identifiers, device OS, OS software, model, configuration, and settings) to operate the App. We will also generate an internal account ID (a pseudonymized ID) to associate you with the detection made.

  2. How and why do we process your Personal Data?

    1. In order to create your account, we process your Credentials, as it is necessary to enter into or perform a contract with you.

    2. To ensure the operation of our App, we process your Device and Usage Data as well as your Identity and Contact Data (Internal ID), as it is necessary to perform a contract with you.

    3. To provide technical and customer support to you, we process your Identity and Contact Data, Credentials, Demographic Data and Device and Usage Data, as it is necessary to perform a contract with you.

    4. For the purpose of maintaining our relationship with you by providing important updates, such as update of our Terms and Conditions and Privacy Policy, information about the product and development roadmap, we process your Personal Data such as your name, email address or phone number and information about your Mobile Device, as it is necessary to perform a contract with you and for compliance with legal obligations.

    5. In addition, we have and rely on a legitimate interest in using your Personal Data for certain processing (the processing of the following is based on a legitimate interest of the Controller, according to art. 6.1.f GDPR). In particular:

      1. We are processing your Personal Data, such as in-App actions and achievements, as well as certain information about your mobile device (including device identifiers, device OS, model, configuration, settings and information about third-party applications or software installed on your device), to our legitimate interest (according to art. 6.1.f GDPR) to carry out anti-fraud and anti-cheating measures against behaviors prohibited under our Terms of use.

      2. For the purpose of User Analytics, we are processing your personal data such as your IP address, browser type, operating system, the section of the App which you browsed or the features you used, and the time spent on those sections or features, the links on our App that you click on, device and advertising identifiers, age, as well as actions you take while using the App, your user settings and preferences and your in-app purchases to our legitimate interest (according to art. 6.1.f GDPR) learn about our users, and understand who is using our App and how.

      3. We rely on our legitimate interest to improve the features that we offer you through the App, or to provide you with new or additional features for our App by processing your Demographic, Device and Usage Data and Credentials.

      4. We are processing your Personal Data, such as Identity and Contact Data, Demographic Data, Credentials, Device and Usage Data to inform you about new features, improvements, and updates in our App. This processing is based on our legitimate interest of ensuring our users are kept informed and can benefit from the latest advancements in our App.

    6. We may also process your Personal Data to make legal or regulatory disclosures and to establish, exercise, or defend legal claims.

    7. We will only use your Personal Data for carrying out certain processing if we have your consent (in other words, processing of the following is based on the data subject’s consent, according to art. 6.1.a GDPR). Those are:

      1. Send you marketing materials by email or via in-app notifications. You can unsubscribe from these at any time in your device settings or in-app settings.

      2. Send you our newsletter. For this purpose, we are processing your Identity and Contact Data, Demographic Data, Credentials, Device and Usage Data.You can sign up to receive our newsletter. To send our newsletter, we use the newsletter sending service Mailerlite, 38 Mount Street Upper, Dublin 2, D02 PR89 Ireland. Our newsletter is published regularly and contains information and news about us.

        To register to the Newsletter, we process your email address from your registration. You can voluntarily provide us with additional information, such as your name. The registration to the Newsletter takes place while you are registering an account: After you have selected registration method (Google, Apple, Discord, Email) you will be asked if you want to subscribe to our Newsletter. You need to select the Newsletter checkbox to sign up to the newsletter. After you subscribe to our Newsletter, you will receive a confirmation e-mail from us.

        This entire process is documented and stored. This includes the storage of the registration and confirmation time as well as your IP address and your privacy choices. The collection of this data is necessary so that we can trace the processes in the event of misuse of the e-mail address and therefore serves our legal protection. By subscribing to our newsletter, you agree to receive it. The basis for the processing of your data after registration for the newsletter is Art. 6 para. 1 p. 1 lit. a GDPR if you have given your consent.

        We use this information in Mailerlite to send and evaluate the newsletter. The evaluation takes place on our behalf, but Mailerlite may also use the data for quality assurance and to improve the quality of its own services. The "web beacon" contained in the newsletter is retrieved from the MailerLite’s server when the newsletter is opened. During this retrieval, information about the browser, your system, your IP address and the time of the retrieval is collected. In addition, information is collected on whether the newsletter is opened, when it is opened, and which links are clicked. For technical reasons, this information can be assigned to you as the recipient. However, it is not our intention to observe you as an individual user. The evaluations serve us much more to recognize the reading habits of our users in principle and to adapt our content to all users or to send different content according to the interests of our users.

        You can withdraw your consent to the storage and use of your personal data to receive the newsletter and the statistical survey described above at any time with effect for the future. To withdraw your consent, you can use the link provided for this purpose in the newsletter or unsubscribe in our App. Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your e-mail address will be stored as long as the subscription to the newsletter is active for this purpose.

        You can ask for an explanation of the legal basis of each processing at any time.

  3. Processing modalities The processing of Personal Data will take place through automated and/or manual tools in order to ensure proper security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.

  4. Data sharing Your Personal Data may be shared with the following external subjects:

    1. internet service providers and platforms used by the Controller as organisation tools, channels of communication and/or promotion;

    2. consultants and data sub-processors (a full list of the sub-processors can be found in the Attachment I) who perform services for us or on our behalf and require access to such information to do that job;

    3. public subjects to whom such data must be communicated mandatorily by law or orders of the Authority

    4. third parties that offer services and Benefits via this App, if you choose to use them and provide them with Data. These subjects act as autonomous data controllers or data processors. In the latter case, the Controller has signed a contract pursuant to Art. 28 GDPR (Data Protection Agreement or “DPA”).

      The list of data processors is available by sending a request to the Data Controller at driverappsupport@natix.io. Personal data will also be processed by the Controller's internal staff specifically authorised pursuant to Article 29 of the GDPR.

  5. Data Processing Locations Personal data are processed at the headquarters of the Controller, as well as in the servers that host the backend of the App. Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers shall be carried out by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.

  6. Data Retention We retain your data for:

    1. the period necessary for the response regarding the sending of communications and responses to requests related to NATIX's business and in any case never for a period exceeding 12 months;

    2. the period needed for the attribution of Detections in regard to the location of your detection and in any case no more than 12 months in case of fraud prevention activities;

    3. as long as it is needed for handling the contractual relationship and the related service as well as to provide customer support with regards to Account data;

    4. until consent is withdrawn regarding the sending of newsletters and/or other materials for marketing communication purposes and in any case never for a period longer than 24 months;

    5. according to applicable regulations to enable the Controller to fulfill formalities required by law, including those of a fiscal nature for a period of up to 10 years.

  7. Data subject’s rights The User may exercise all the rights provided for by Articles 15-21 of GDPR, at any time and without unjustified limitations, by contacting the Controller at driverappsupport@natix.io. Requests shall be filed free of charge and processed by the Controller within 30 days.

    Specifically, the User can:

    1. Obtain from the controller confirmation as to whether or not personal data are being processed (Art.15);

    2. Obtain from the controller the rectification of inaccurate personal data (Art. 16);

    3. Obtain from the controller the erasure of personal data (Art. 17);

    4. Obtain from the controller restriction of processing (Art. 18);

    5. Have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);

    6. Have the right to object (Art. 21);

    7. With regard to the purposes of processing based on consent, withdraw it at any time.

  8. Complaints In any case, Users are always entitled to lodge a complaint with the competent supervisory authority, under Art. 77 of the Regulation, if they believe that the Controller’s processing of their Personal Data is in violation of the applicable law.

  9. Amendments The Controller reserves the right to amend and update the Privacy Policy as a result of any further new or revised provisions of any national and/or EU laws and regulations on personal data protection.

Attachment I

Full list of data sub-processors with the description of products and services we use for data processing:

  1. MongoDB, Inc - MongoDB, Inc. is an American software company that develops and provides commercial support for the database MongoDB, a NoSQL database that stores data in JSON-like documents with flexible schemas. We use MongoDB Atlas - a fully managed cloud database that handles all the complexity of deploying, managing, and healing deployments on the cloud service provider. For more information on MongoDB’s Privacy Policy, visit: https://www.mongodb.com/legal/privacy-policy

  2. Instabug, Inc. - Instabug is a software company used by mobile app developers to help track bugs and crashes, collect user feedback, monitor, prioritize, and debug performance and stability issues throughout the app development lifecycle. For more information on Instabug’s Privacy Policy, visit: https://www.instabug.com/privacy

  3. XACT Acquisition - XACT provides us with Customer Contact Solutions for Phone, Chat, Email and Internet Support. For more information on XACT’s Privacy Policy, visit: https://www.myxact.com/company/privacy/

  4. Google. LLC - Google LLC is a technology company focusing on artificial intelligence, online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, and consumer electronics. We use Google Analytics - a web analytics service that provides statistics and basic analytical tools for search engine optimization (SEO) and marketing purposes. The service is part of the Google Marketing Platform. Google Analytics is used to track website performance and collect visitor insights. We also use Google Tag Manager, which features support for tag organization and version control, 3rd party and community-developed tag templates, and enterprise collaboration and security features. We also use Google Looker Studio - a data visualization and business intelligence tool used to convert data into customizable informative reports and dashboards. We also use BigQuery - a serverless data warehouse that enables scalable analysis over large amounts of data. We also use Google Ads - Google’s pay-per-click (PPC) platform, which allows businesses to gain visibility across Google’s properties. If your explicit consent is provided, NATIX will use Google Ads remarketing service to advertise on third-party websites with personalized ads. We also use Google Sign in which helps you easily and securely sign in to our app with your Google Account. For more information on Google’s Privacy Policy, visit: https://policies.google.com/privacy?hl=en-US

  5. Meta Platforms, Inc - Meta (formerly known as Facebook) builds technologies that help people connect, find communities and grow businesses. If your explicit consent is provided, NATIX will use Meta's remarketing service to advertise on third-party websites with personalized ads. For more information on Meta Platform’s Privacy Policy, please visit: https://www.facebook.com/privacy/policy

  6. X Corp - X. com (formerly known as Twitter) is a free social networking site where users broadcast short posts known as tweets. If your explicit consent is provided, NATIX will use Custom Audiences feature to create specific user groups that can be used for retargeting, exclusion, and/or expansion. For more information on X’s Privacy Policy, visit: https://twitter.com/en/privacy

  7. Reddit,Inc - Reddit is a social news website and forum where content is socially curated and promoted by site members through voting. If your explicit consent is provided, NATIX will use Reddit's remarketing service to advertise on third-party websites with personalized ads. For more information on Reddit’s Privacy Policy, visit: https://www.reddit.com/policies/privacy-policy

  8. Quora, Inc - Quora is a platform to ask questions and connect with people who contribute unique insights and quality answers. If your explicit consent is provided, NATIX will use Quora's remarketing service to advertise on third-party websites with personalized ads. For more information on Quora’s Privacy Policy, visit: https://www.quora.com/about/privacy

  9. Firebase, Inc - Mobile and web app development platform that helps developers build apps and games, provided by google. For more information on Firebase’s Privacy Policy, visit: https://firebase.google.com/support/privacy

  10. Mailerlite Limited - MailerLite is an email marketing tool we use for email communicaiton with our users. For more information on MailerLite’s Privacy Policy, visit: https://www.mailerlite.com/legal/privacy-policy

  11. Apple, Inc – We use Apple ID which helps you easily and securely sign in to our app with your Apple Account. For more information on Apple’s Privacy Policy, visit: https://www.apple.com/legal/privacy/en-ww/

  12. Discord, Inc - Discord is a voice, video, and text chat app that's used for the purpose of communication. We use OAuth2 that helps you easily and securely sign in to our app with your Discord Account. For more information on Apple’s Privacy Policy, visit: https://discord.com/privacy

  13. Atlassian Corporation Plc - Atlassian is a development and collaboration software company that offers tools to help teams organize, collaborate, and complete work together. We use Jira Software – a project management tool to plan, track, release our app and provide support to our users. For more information on Atlassian’s Privacy Policy, visit: https://www.atlassian.com/legal/privacy-policy

  14. Microsoft Corporation, Inc - Microsoft Office is a suite of applications we use for productivity and completing common tasks. For more information on Microsoft’s Privacy Policy, visit: https://privacy.microsoft.com/en-us/privacystatement

  15. Slack Technologies - Slack is a messaging app we use for internal communication. For more information on Slack’s Privacy Policy, visit: https://slack.com/trust/privacy/privacy-policy

  16. LINK Mobility Austria GmbH - LINK Mobility is a mobile application provider, providing communications services (SMS, MMS, Voice, Mobile Video, ...) via webSMS platform. For more information on Slack’s Privacy Policy, visit: https://websms.de/de-de/privacy/

  17. NATIX Network Limited – NATIX Network Limited is developing an IoT platform for real-time data trading. For more information on NATIX Network Limited’s Privacy Policy, visit: https://docs.natix.network/policies/privacy-policy-campaign

Last updated