Name and address of the data controller
The data controller as defined by the General Data Protection Regulation, national data protection laws of member states and other data protection regulations is:
Universität des Saarlandes
Prof. Dr. Holger Hermanns
Department of Computer Science
Gebäude E1 3, Raum 501
Phone: +49 681 – 302 5631
Universität des Saarlandes is represented by its University President; Address: Campus, 66123 Saarbrücken, GERMANY; E-Mail: postzentrale(at)uni-saarland.de; Phone: +49 681 – 302 0
Contact details for the data protection officer
Phone: +49 681 – 302 2813
Purpose and scope of processing personal data
Data donations: Data received from the diagnosis interface of your car and location data obtained from the (GPS) location services of your mobile device are used for the purpose of academic research. The research group Dependable Systems and Software (for short: „Depend“) processes the data for the purpose of identifying car models violating emissions regulations as well as detecting the usage of systematically tampered emission cleaning systems, as those firstly discovered during the Diesel Emissions Scandal in 2015. Beyond that, the data can be used to analyse arbitrary processes inside the car (e.g., fuel consumption, carbon dioxide emissions, …). Our research is based on the uninterpreted received data. This data is stored without a direct relation to your name, from which your identity could be inferred. Though, certain data (e.g., vehicle identification number or location data) could possibly allow to reconstruct your identity. In any case, the analysis is about the behaviour of the car, not the driver. We will not use data donations to draw conclusion about the identity of users. In the following, we will refer to this data as data donations.
Communication Data: During transmission of data to our servers, additional data is collected and processed due to technical reasons and to prevent abusive use of our data storage server. In the following, we will refer to this data as communication data.
Analysis Results: Data donations can be analysed for research purposes as explained above. The result of such analyses is an aggregation of multiple data sets, hence it is fully anonymous and does not contain any individual-related data. As analysis results do not contain personal data, the GDPR does not apply to this data. Analysis results may be published as scientific contributions world-wide and indefinitely. In the following, we will refer to this aggregated data as analysis results.
Legal basis for processing personal data
Data donations: The legal basis for collecting and processing data donations is Art. 6(1)(a) GDPR, i.e., the explicit consent of the user to donate data as described in this privacy statement.
Communication Data: The legal basis for collecting and processing communication data is Art. 6(1)(f) GDPR, i.e., our legitimate interests in order to realise the data donation storage service, in particular, the functionality and security of our technical infrastructures. Communication data is not processed for any other purpose.
Description and scope of data processing
- During vehicle monitoring: a subset of the following diagnostic data is collected:
- Engine Coolant Temperature
- Engine Speed
- Vehicle Speed
- Intake Air Temperature
- Mass Air Flow Rate
- Oxygen Sensor Values
- Commanded EGR
- EGR Error
- Fuel Tank Level
- Catalyst Temperature
- Fuel-Air Equivalence Ratio
- Ambient Air Temperature
- Fuel Type
- Engine Oil Temperature
- NOx Sensor Values
- Particular Matter Sensor Values
- Fuel Rate (Engine and Vehicle)
- Engine Exhaust Flow Rate
- Vehicle Identification Number (VIN)
- Other static information (maximum values, etc.)
- Information about the diagnostics data supported by the car
- During Real Driving Emissions (RDE) tests: the data collected for vehicle monitoring, and additionally, exact location data (e.g., GPS), including speed and altitude, provided by the mobile device on which the app is used.
All data collected during a single trip is merged into a single trip record file.
The following data is logged for every attempt to donate a file:
- IP address
- Port number
- Date and time of access
- Requested URL
- Request method
- Result of the request (HTTP status code)
- Size of the transmitted data
Reason for collecting location data
Collecting and processing location data (e.g. GPS data) is necessary to evaluate RDE tests: RDE tests are only valid if altitudes of start and end position diverge at most by a defined threshold. Moreover, the RDE regulation distinguishes between urban, rural and motorway segments. Location data is used to determine if each segment has been covered appropriately.
Storage location and erasure of data
The personal data of the data subject are erased or blocked as soon as the reason for storing them ceases to exist. Storage beyond this time period may occur if provided for by European or national legislators in Union regulations or national legislation and rules to which the data controller is subject. Such data shall also be blocked or erased if a storage period prescribed by one of the aforementioned legal standards expires.
Data donations: We store your data donations for at most 15 years, in accordance with Art. 5(1)(e) GDPR. According to Guideline 17 of the Guidelines for Safeguarding Good Research Practice of the German Research Foundation DFG (as of September 2019), it is necessary to keep the data donations for 10 years after publication of our research results derived from the donations. Prior to that it may take up to 5 years until our research results are published. Due to technical reasons, the data may persist up to 9 weeks in our backup system after erasure from the main system. Data donations are stored on servers of Universität des Saarlandes.
Communication Data: Communication data is stored on servers of Universität des Saarlandes and is deleted from the system in an automatised way after 14 days.
Category of recipients
Data donations: Recipients of the data donations are trustworthy cooperating research facilities in the European Union. Currently, we have an active cooperation as part of the DFG Transregional Collaborative Research Centre 248 (CPEC), which involves:
- Universität des Saarlandes, Saarbrücken, Germany
- Technische Universität Dresden, Germany
- Max Planck Institute for Informatics, Saarbrücken, Germany
- Max Planck Institute for Software Systems, Saarbrücken, Germany
- Deutsches Forschungszentrum für Künstliche Intelligenz (DFKI), Saarbrücken, Germany
- CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
- Universität Tübingen, Germany
The particular list of cooperating research institutions may be subject to change over time. By giving consent to donate data, you agree that your data donations may be processed by other trustworthy research institutions in the European Union. Your data is not transferred to institutions outside the EU.
Data donations can be processed by employees or students of cooperating institutions after signing a non-disclosure agreement. It is processed for the purpose of research or seminar projects (including, for example, bachelor and master thesis, dissertations and habilitations). Resulting publications contain only fully anonymised analysis results.
Communication Data: The only recipient is Universität des Saarlandes.
Data donations may be processed on our behalf by trustworthy processors in the European Union, in accordance with Art. 28 GDPR.
Communication Data: Communication data is processed only by employees of Universität des Saarlandes.
Transfers of personal data to third countries or international organisations
We do not transfer personal data to third countries or international organisations.
Rights of the data subject
The rights of the data subject are defined in Chapter 3 of the EU General Data Protection Regulation (GDPR).
Right of access and right to data portability
You have the right to obtain a record of the personal data we collected about you. We provide this data to you in a machine-readable format. You can exercise these rights if and only if data can be associated to your identity.
Right to erasure and right to restriction of processing
Data donation: You have the right to obtain from us the erasure of and the restriction of processing your personal data. As from receiving your request, we will delete your data after at most 7 working days from the main system. Your data will then no longer be processed. For technical reasons, it may take up to 9 weeks until all your data is removed from the backup system. You can exercise these rights if and only if data can be associated to your identity.
Analysis Results: If your data has already been analysed and is part of an aggregated and anonymous analysis result, it is technically not possible to remove your data from the analysis result.
Right to rectification
You have the right to obtain from the controller without undue delay the rectification of your personal data if it is inaccurate or incomplete.
Your right to rectification may be restricted in so far as it is likely to render impossible or seriously impair the achievement of the scientific purpose, and such derogations are necessary for the fulfilment of the purpose of research.
To exercise these rights, please contact the data controller or the data protection officer.
Withdrawal of consent to data donations
You can withdraw your declaration of consent to donate data at any time by changing the privacy setting in the app. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Consequences if consent to data donations is not given or withdrawn
If you prefer to not donate your data, you can still use the app without limitations. After withdrawal, already uploaded data remains on our servers.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
The regulatory authority responsible for Universität des Saarlandes is:
Unabhängiges Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Phone: +49 681 94781-0
Updates to this privacy notice
We might need to update this privacy statement in the future. We will explicitly ask for approval of a new version of this policy before it is applied to your data donations and new data donations are transferred to us.
By enabling data donations, I consent,
Privacy Statement Version Code: 6