LAST UPDATED ON: 26 June 2024
Content
2.1 Data collected when registering for an account
2.2 Data collected in the general context of websites
2.3 Data collected in the context of customer portals
2.4.1 Collection and storage of app usage data
2.5 Data collected: Rider Feature
2.6 Collection of weather data from other sources (information in accordance with Art. 14 GDPR) 5
2.7 Data collected: Navigation Feature
2.8 Transfer of personal data to other users – simultaneous use of routes in real time
2.9 Collection of traffic data from other sources (information in accordance with Art. 14 GDPR)
2.10 Data collected: Mobility Feature
2.12 Data collected: Events / Consumer activation
2.13 Data collected: Purchase of physical products in a webshop
2.14 Data collected: Advertising communication
2.15 Personalized advertisements on social media platforms
2.16 Data collected: Inquiries and contact
3. Categories of recipients and transfer of data to third countries
4. Automated individual decision-making
7.1 Revocation of your consent to data processing
7.2 Right to object to data processing in specific cases and to direct advertising
7.3 Right to file a complaint with the competent supervisory authority
7.4 Information, erasure, and rectification
7.6 Right to restriction of processing
9. Special data protection regulations for specific countries
In this Privacy Policy (“Policy”) you will find information regarding how the Pierer Industrie Group, in its role as data controller (“Controller”, “we”, “us”, “our”), collects and processes your personal data (“personal data”, “data”) when you use and/or visit a digital service (“digital service”) such as our apps (“app”) or one of our websites (“website”), when you purchase products, attend or participate in one of our events, or take part in a competition.
The Controller is the company named in the legal notice of the digital service accessed or, if the use of the digital service requires registration, the company in the Pierer Industrie Group that operates the digital service in question. We respect and protect the privacy of all users of our digital services (and are in strict compliance with the data protection regulations of the country in which you are located). Your personal data will only be processed to the extent required. Under no circumstances will the personal data stored be sold.
When registering for an account with Pierer Industrie AG, Edisonstrasse 1, 4600 Wels, Austria, you must provide an e-mail address and a password in order to be able to use certain digital services. The mandatory data requested during registration must be provided in full. We process your personal data so that we can, at your request, take steps prior to entering into the contract in question and/or perform that contract (Art. 6(1)(b) GDPR).
If you use your account to access a digital service, we also store in your account the personal data that the Controller in question collects in accordance with this Policy. These personal data are processed on the basis of the legitimate interests pursued by us and/or by a third party (Art. 6(1)(f) GDPR). We have an interest in transferring personal data within the Pierer Industrie Group for purposes of internal administration. This interest takes precedence over your interest in data privacy.
When you visit any of our websites, the following electronic communication metadata is processed and subsequently stored in an anonymized form:
These data may be evaluated anonymously for statistical purposes.
These personal data are processed on the basis of the legitimate interests pursued by us and/or by a third party (Art. 6(1)(f) GDPR). We have an interest in processing these data in order to be able to provide the websites. This interest takes precedence over your interest in data privacy.
We process mandatory data (your first and last name, your e-mail address) so that we can perform the contract (Art. 6(1)(b) GDPR), namely the customer portal user contract. If you do not share these personal data, we cannot perform our contractual obligations. By providing optional data (e.g. gender, phone number, country, postal code, address, language, height, weight, weight of road equipment, weight of offroad equipment), you are requesting additional elements of the service. We use such optional data shared by you to fulfill our contractual obligation of providing you with the requested services.
When you use the customer portal, the following electronic communication metadata is stored in an anonymized form:
These data may be evaluated anonymously for statistical purposes.
When you use the app, the following electronic communication metadata are stored in an anonymized form: IP address, date and time of access, ID of the function used, any errors in the app, date and time of the app error. These data may be evaluated anonymously for statistical purposes.
The data you share will be processed by us for the purpose of performing the contract, e.g. to carry out competitions or other app functions (see Art. 6(1)(b) GDPR), processing your inquiries, notifying you of changes or improvements to products or services that may affect you, or fulfilling other legal obligations (see Art. 6(1)(c) GDPR), and to protect our legitimate interest or the legitimate interest of third parties (Art. 6(1)(f) GDPR). The publisher of the app has an interest in their app’s technically faultless functionality and its optimization. When assessing the balance of interests as we are required to do, we weighed your interest in privacy against our interests in providing the app. This interest takes precedence over your interest in data privacy, otherwise we would not be able to provide this app to you.
The following data are collected in case of unexpected behavior:
· Version and functionality of the app
· Stack traces in the event of crashes
The following data are collected for the operation of the app:
These data are not linked with other data sources.
We process mandatory data (nickname) for the purpose of performing the contract (Art. 6(1)(b) GDPR). If you do not share these personal data, we cannot fulfill our contractual obligations.
You do not need to share the optional data in order to use the basic functionalities of the Rider Feature. If you do provide optional data, you are requesting additional elements of the service. We therefore use such optional data shared by you to fulfill our contractual obligation of providing you with the Rider Feature.
Profile details
Activity data
Location data
Data you share with us
Session data
If you do not wish to share any activity data, then do not connect the app with your vehicle’s CCU (Central Communication Unit). Please note that the app’s data analysis function cannot work if you do not share any activity data.
The basis for the processing of these data is the performance of the contract under which we provide you with the Rider Feature.
Further, we process the above data for the purpose of protecting our legitimate interest or that of a third party (Art. 6(1)(f) GDPR), namely:
Data analysis
Your data are used to perform the following analyses, among others:
Lap evaluation
The lap is analyzed in terms of length, speed, and driving behavior. The analyzed data is then displayed in the form of various charts. You receive information about your lap time, average speed, maximum and minimum speed, number of laps, lap distance, total distance covered, number of bends, average bend and sharpest bend, total time, route section, acceleration forces, engine speeds, throttle positions, gears, water temperature, etc.
Jumping behavior
In addition to the laps themselves, the jumps are also analyzed. For example, the total air time, the jump distance and height, the speed, the number of jumps, and the longest jump can be displayed.
Recommendations
Based on the above analyses in the Rider Feature, the app creates recommendations as to how you can improve your lap times and riding style. The app’s Rider Feature analyzes your riding and pinpoints where you rode particularly efficiently and where you did not. In addition, the app’s Rider Feature provides tips on how you can improve your speed, riding style, etc.
Targets
The app’s Rider Feature can set targets for you, such as a certain seat time within a certain timeframe, and show you where you currently stand in terms of achieving those targets.
Legal basis for the transfer and analysis of data:If you share activity data, your heart rate, location, and your track setup, the basis for the processing of these data is the performance of the contract under which we provide you with the rider functionality.
By activating location tracking, you are requesting additional elements of the service. The basis for the processing of these data is the performance of the contract under which we provide you with the Rider Feature.
We collect the following weather data for the location on the day of your ride and connect these with your route sections. We may not obtain the data directly from you, but from the following sources:
|
Data or data categories |
Source |
Publicly accessible |
Purpose |
|
Weather data |
NZN Labs, Inc. |
Yes |
Adding weather data for the date and location of your ride to your track data |
The apps offer a Navigation Feature that shows you the best route from one point to another. We would like to point out that there are three tiers of the Navigation Feature:
These different tiers of the Navigation Feature have different functionalities: The basic tiers (free or with one-time payment) are tied to the VIN, which is why they can only be used for one vehicle. The premium subscription is not tied to your VIN, but rather to a cell phone, and can be used for multiple vehicles.
When you activate the Navigation Feature, the following data will be processed as described below, depending on the tier you have chosen. Please note that you will receive a two-week trial of the premium tier when you activate or purchase the free tier or the basic tier with one-time payment. This means that different data will be processed during these first two weeks than from week three onwards (see below).
Basic tiers (free and one-time payment)
Vehicle data
Location data
Information on the mobile device
Premium tier (subscription)
Profile details
Location data
Geolocation (mandatory)
We process your data for the purpose of performing the contract (Art. 6(1)(b) GDPR), namely the app user contract. If you do not share these personal data, we cannot fulfill our contractual obligations.
This section only applies to users who have the premium tier of the app’s Navigation Feature. Real-time route sharing allows you to share your current location and your currently planned route with others by sending the link created in the app to selected individuals. The following data are then shared:
These data are updated every 30 seconds, and all the people you have invited by sending the link can see them. This means that anyone – even people who do not use the app – can open the link. Please note that the people you have invited may also share the link with others. For this reason, please be cautious about who you send the link to. The link expires as soon as the ride is completed, when the rider cancels the navigation, or the app is closed.
We process your data for the purpose of performing the contract (Art. 6(1)(b) GDPR), namely the app user contract. If you do not share these personal data, we cannot fulfill our contractual obligations.
If you have purchased the premium tier, you will receive the latest traffic data. In order to be able to provide this function, we collect the traffic data relating to your current location. We may not obtain the data directly from you, but from the following sources:
|
Data or data categories |
Source |
Publicly accessible |
Purpose |
|
Traffic data |
HERE service |
No |
To inform you about the current traffic situation |
The apps offer a roadside assistance service that provides help in the event of a breakdown. Our dense, professional roadside assistance network saves you a lot of worry if this happens. The KTM Assistance Center, operated by ARC Europe (for more information, see Section 3.2), is there for you 24/7 and can be contacted from anywhere in Europe. For detailed information on how this feature works, please consult the terms of use.
The following data will be collected, stored, analyzed, or otherwise processed as described below:
Profile details
Vehicle data
Information about incidents
Location data
Further data in case of a traffic incident
In the event of a traffic incident, further information that is required in order to process your request may need to be passed on to a third party such as a local breakdown service. Such information may include your residential address, nationality, gender, location of the incident, credit card or bank details, hotel booking data, birth date and place of birth, data from personal documents (e.g. ID card, passport) that are required to book a hotel, to have your vehicle towed, for transport or other services you may need. These data, which you share with third parties or processors, are neither received nor processed by us. However, it cannot be ruled out that these third parties or processors process data on our behalf after receiving the above data from you. Under certain circumstances, these data may be passed on to Pierer Industrie AG – for instance, if the costs for the service in question are particularly high or other complications arise.
Some database categories are mandatory if you wish to use the app’s Mobility Feature and its functions as intended (see above), while others are not. We process your data for the purpose of performing the contract (Art. 6(1)(b) GDPR), namely the user contract for use of the Mobility Service of the app in question, and to the extent that is necessary for this service requested by you. If you do not share these personal data, we cannot fulfill our contractual obligations. We process the optional data in accordance with your consent (Art. 6(1)(a) GDPR). Please take note of the information provided above with regard to activating and deactivating the collection of optional data.
Further, we process the above data for the purpose of protecting our legitimate interest or that of a third party (Art. 6(1)(f) GDPR), namely:
When assessing the balance of interests as we are required to do, we weighed up your interest in privacy against our interest in providing the digital service. This interest takes precedence over your interest in data privacy, otherwise we would not be able to provide the digital service.
Certain digital services – our websites, in particular – use cookies. A cookie is a small file that may be stored on your hard disk. When your device connects with a webserver, this file is generated and sent to your device. The cookie makes is possible to identify you when you visit our digital service again, without requiring you to reenter data you previously provided. Most browsers are set to accept cookies by default. However, you can change the settings to block those cookies or to view them together with the requirements for consent. You can also erase cookies from your system at any time. For more information, go to: www.datenschutz.org/cookies/ .
Our digital services only use first-party cookies. These are cookies that are created only by us or by a service provider (processor) engaged by us, and not by any third parties for their own purposes (third-party cookies).
We only use cookies and process data to the extent that is technically necessary for the provision of the services and the functions offered, for example to be able to save the settings you have made and the consent you have given (“strictly necessary cookies”).
The basis for the processing of data through strictly necessary cookies is a legitimate interest within the meaning of Art. 6(1)(f) GDPR to provide our services in a technically faultless manner.
If you have given us your consent to do so, we also use the cookies specified to collect and process more data for the following purposes and to pass them on to third parties for the purposes mentioned. In that case, no further cookies are created by us or by third-party providers.
The processing of data for purposes of measuring website performance allows us and selected third-party providers to count page visits and traffic sources, so that we can gauge the performance of our website and improve it. They support us in answering questions about which pages are the most popular, which are the least used, and how visitors navigate the website. All the information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you visited our website.
The processing of data for marketing purposes includes transferring data to our advertising partners. These companies can use these data to create a profile of your interests and show you relevant advertisements on other websites. They do not directly store personal data, but rather create a unique ID of your browser and internet device. If you do not allow this processing, you will see fewer personally relevant advertisements.
The processing of data for the purpose of connecting with social media includes transferring data to social media services, which allows you to share our content with your friends and networks. These cookies are able to track your browser across other websites and create a profile of your interests. This may affect the content and messages you see on other websites. If you do not allow this processing, you may not be able to use or see these sharing tools.
We only pass on data to third parties in pseudonymized form, meaning that the recipients of the data cannot identify you. IP addresses are only passed on in truncated form.
The basis for the processing of personal data through the use of cookies for purposes other than those necessary for the provision of our services is consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future. If data is processed for analysis and optimization purposes using cookies, we will inform you separately in this Privacy Policy and obtain your consent in accordance with Art. 6(1)(a) GDPR.
You can click on the button below to change your cookie settings at any time:
Our digital services currently use the cookies listed below for the following purposes:
JENTIS GmbH is the data processor acting on our behalf.
When you participate in an event (e.g. by buying tickets) or consumer activation campaign (e.g. sweepstakes, prize draw, promotion and/or competition), you may enter into a contract with us. We process the personal data you share with us for that purpose.
As a rule, the collection of the following personal data is mandatory:
We process your personal data so that we can, at your request, take steps prior to entering into the contract in question and/or perform that contract (Art. 6(1)(b) GDPR).
When you make a purchase in a webshop, you may enter into a contract with us. We process the personal data you share with us for that purpose.
As a rule, the collection of the following personal data is mandatory:
We process your personal data so that we can, at your request, take steps prior to entering into the contract in question and/or perform that contract (Art. 6(1)(b) GDPR).
Subject to the condition that you have given your consent (within the meaning of Art. 6(1)(a) GDPR), we process your data to send you information about our products and/or services at regular intervals.
The following personal data are processed for the purpose of managing newsletter subscribers and sending out the newsletter:
You may also share the following optional data:
When you read a newsletter, the following data are collected and processed for the purpose of analyzing the newsletters sent out:
If you do not wish to share this information, please do not sign up for the newsletter. You can unsubscribe from the newsletter at any time.
We use your e-mail address and your user interaction data on our website to identify social media profiles that might belong to you and show you advertisements for our products there. We only use your data for this purpose with your consent. You can find more information about consent and how to revoke it in Section 2.11 (Cookies).
In order to be able to show you personalized advertisements, it may be necessary for us to pass your data on to external partners – in particular, social media platforms – some of whom are located in third countries (see Section 3). We will transfer your personal data while observing your interest in maintaining the privacy of your data and in compliance with European data protection regulations. We remain responsible for your data at all times. Your data will not be sold or passed on to third parties to be used for their own purposes.
If you send us inquiries (e.g. via the contact form, e-mail), we will store the information shared by you for the purpose of processing your inquiry and handling any subsequent questions you may have.
The basis for this processing is Art. 6(1)(b) GDPR, to the extent that your inquiry is related to the performance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, the basis for the processing is our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), provided such consent was given. These data will not be passed on without your consent.
The app enriches these data with additional information in the support ticket to facilitate more efficient handling of the inquiry:
When assessing the balance of interests as we are required to do, we weighed up your interest in privacy against our interest in responding to your inquiries. This interest takes precedence over your interest in data privacy, otherwise we would not be able to respond to your inquiry.
We process data relating to your vehicle for the purpose of providing general services (e.g. maintenance, software or firmware updates, recalls, product and service improvements).
The following data will be collected, stored, analyzed, or otherwise processed as described below:
Profile details
Vehicle data
We process mandatory data for the purpose of performing the contract (Art. 6(1)(b) GDPR), namely the respective purchase contract, and to the extent necessary for the service you expressly requested. If you do not share these personal data, we cannot fulfill our contractual obligations. We process the optional data on the basis of your consent (Art. 6(1)(a) GDPR). Please take note of the information provided above with regard to activating and deactivating the collection of optional data.
Further, we process the above data for the purpose of protecting our legitimate interest or that of a third party (Art. 6(1)(f) GDPR), namely:
When assessing the balance of interests as we are required to do, we weighed up your interest in privacy against our interest in providing the digital service. This interest takes precedence over your interest in data privacy, otherwise we would not be able to provide the digital service.
In addition, we process the above data for the purpose of fulfilling our legal obligations (Art. 6(1)(c) GDPR), namely:
We may transfer personal data to other companies within the context of providing our services. We may transfer personal data to other companies both within and/or outside of our group, such as external service providers, within the context of providing our services. In such a case, we contractually obligate these service providers to exercise the same care in processing personal data as we ourselves do.
In some cases, we may transfer personal data to recipients in third countries (see the corresponding statement in our Privacy Policy). Third countries are countries outside the European Union (“EU”) and outside the European Economic Area (“EEA”). The United States is also a third country.
As a rule, personal data will only be transferred to recipients certified under the European Commission’s adequacy decision of 10 July 2023 (Data Privacy Framework). This guarantees compliance with a comparable level of data protection. The transfer of personal data to the US can only take place on this basis if the processor is certified under the Data Privacy Framework.
To check whether a recipient is certified, go to:
https://www.dataprivacyframework.gov
The Data Privacy Framework provides that data subjects may lodge a complaint in the event of unlawful processing of their data by US intelligence services. National data protection authorities can be contacted and must provide recourse. In Austria, please contact the Austrian Data Protection Authority (Österreichische Datenschutzbehörde).
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Tel.: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
The legal basis for the transfer of data to other third countries or recipients in the US that are not certified is generally your consent (Art. 49(1)(a) GDPR), or the performance of a contract (Art. 49 (1)(b) GDPR), or an adequacy decision of the EU Commission (Art. 45(1) GDPR), or the use of EU standard contractual clauses (Art. 46(2)(c) GDPR; “SCCs”). Find the SCCs here:
We may also use a different legal basis to transfer data to a third country, provided that the requirements of the applicable data protection law are fulfilled.
We would like to point out that we do not process data within the meaning of Art. 22 GDPR. This means that we do not make decisions based solely on automated processing, such as profiling, which produce legal effects concerning you or similarly significantly affect you; any decision with equivalent effect is made by a natural person.
We erase your personal data when they no longer need to be stored with regard to the respective data processing purpose and we are not obliged to comply with a statutory provision regarding the retention of certain personal data. Should we not be able to erase your personal data, we will restrict further processing of such personal data. Furthermore, the retention period also depends on the respective statutory limitation periods.
We take appropriate technical and organizational security measures to protect the personal data we process against accidental or intentional manipulation, loss, destruction, or unauthorized access.
We use technical and organizational measures to ensure the privacy of your personal data and to protect them against manipulation, loss, and destruction. The storage and disclosure of personal data are subject to strict security procedures. We train our relevant staff with regard to data protection law. Our employees only access personal data to the extent necessary.
Under the applicable law, you may have the following rights in relation to your personal data under certain circumstances: If your place of residence is in California or Australia, please read Section 9.
Certain data processing activities may only be carried out with your express consent. You can revoke consent you have already given at any time. To revoke your consent, you can just send us an informal notification by e-mail or post (see contact details below). The legality of the data processing that took place up until the time of revocation remains unaffected by the revocation.
You have the right, on grounds relating to your particular situation, to object at any time to processing of your data that is necessary to protect our legitimate interests or those of a third party. In case of such an objection, we will no longer process your personal data unless the processing serves the establishment, exercise, or defense of legal claims, or we can demonstrate compelling legitimate grounds for the processing which override your interests. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes (Art. 21 GDPR).
You have the right to file a complaint with the competent data protection authority.
In accordance with Art. 15 GDPR, you have the right to request, free of charge and at any time, information about which personal data we process. This right of access also includes the right to obtain a copy of the data undergoing processing, provided that this does not adversely affect the rights and freedoms of other persons (Art. 15 GDPR).
Furthermore, you have the right to request the rectification of inaccurate data or the completion of incomplete data (Art. 16 GDPR).
In addition, you can request the erasure of your data at any time (Art. 17 GDPR). Please note that we cannot satisfy a request for erasure if the processing (storage) is necessary for the fulfilment of a legal obligation (e.g. statutory retention obligations), or if we are entitled to do so due to overriding interests (e.g. assertion or defense of certain legal claims).
Additionally, you have the right to receive the processed data in a structured, common, and machine-readable format. The right to data portability only exists if the processing is based on consent or on a contract (Art. 20 GDPR).
You have the right to request that the processing of your personal data be restricted. To do this, you can contact us at any time at the address specified in Section 5. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, such data may, with the exception of storage, only be processed with your consent or for the purpose of establishing, exercising, or defending legal claims, or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
If you have any questions that have not been answered in this Privacy Policy, or if you would like more information on a particular point, you can contact us anytime. Please find the contact details in the Legal Notice of the respective digital service, or, if handled differently by the provider of the website, in the digital service.
This app and its additional features are used in different countries. For this reason, we would like to point out the special data protection regulations in the respective countries.
This section contains additional information for residents of the Federal State of California, USA.
Personal data we collect
In the past 12 months, we have collected the following categories of personal data that identify you or your household:
Use and disclosure of personal data
We use the personal data collected for the business purposes described above in Section 3 (“Collection and processing of data in this app”).
In the past 12 months, we have disclosed the following categories of personal data to our affiliates and business partners for a business purpose:
Under the California Consumer Privacy Act (“CCPA”), certain disclosures of personal data to third parties are deemed “sales” even if no payment is received in return. We do not sell your personal data within the meaning of the CCPA, and we do not have actual knowledge that we are selling the personal data of individuals under the age of 16.
Your privacy rights under California law
To exercise your California privacy rights, you can send your request by e-mail to ccpa@ktmnorthamerica.com or call our toll-free telephone number [1-888-671-4619].
We will need to verify your request to exercise your California privacy rights. We are usually able to verify such requests by matching the information you provide with the data we have collected about you. However, you may possibly be required to provide additional personal data for the purpose of verification. Under certain circumstances, we may be unable to fulfil your rights if it is not possible to verify your request to a reasonable or reasonably high degree of certainty.
You are entitled to engage an authorized agent to submit requests on your behalf if we can verify the authorized agent’s authority to act on your behalf (such as a valid power of attorney under California law, or if you have separately verified your identity or the power of attorney in question with us).
We undertake to protect your privacy in accordance with the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Privacy Act”). For the sake of clarity, in this Privacy Policy the term “processing” includes the collection, use, and/or disclosure of personal data (depending on context).
As previously mentioned, we share your personal data with various third parties based in different jurisdictions such as in the European Union and United States of America. In such a case, we take appropriate measures to ensure that these third parties handle your personal data in compliance with the APPs.
Under the Australian Privacy Act (APPs 12 and 13), you have the right to ask for access to the personal data we have collected about you and to request the correction of your personal data. You can contact us if you wish to access your personal data or request that your incorrect data be corrected (see Section 5). We will try to respond to your request within 30 days. You will be required to verify your identity before we give you access to your data or correct them, a process that we try to make as simple as possible. In the event that you are refused access to, or correction of, your personal data, we are required to inform you in writing and to state the reasons.
If you have any queries or complaints about this Privacy Policy or believe that a breach of the APPs has taken place, please contact us in writing (see Section 7 above). If you are not happy with the outcome of your complaint or how we handled it, you can contact the Office of the Australian Information Commissioner (OAIC).