Data Protection: Your Right – Our Obligation
You can trust in the protection and the security of your personal data. For onesto GmbH it is extremely important to respect your private sphere and your individual private rights, these being respected in all our business processes.
Therefore we inform you herewith about the basic rules for processing your personal data.
You will get more details about the collecting, processing and usage of the personal data each time when we process such data.
For more information you can contact our data protection advisor any time at:
Which information do we collect
Under “personal data” we understand all information, which your company, yourself or other authorized person introduces in the onesto system or the information, which can be deducted by using the system in regard to your person. This includes also all your personal data, which will be placed at our disposal or will be used by the support system of onesto GmbH. Not all data, which your company places at the disposal of the onesto system is personal data. In general the personal data in divided into the following categories:
- Personal data, like name, contact data, travel preferences, payment relevant data and supplier’s account
- Administrative information like the employee number, the cost center or the approver
- Travel related data, like for example travel itineraries
- Data related to expenses, like for instance information about the type of an expense or photos of travel expenses
- Data referring to the mobile phone application, like for instance data referring to the device or to the locations
- Data of third parties, which will be stored for the support and the execution of travel activities, like for instance accounts or bonus programs for airlines, rail companies, hotels or rental cars
The subdivision of the information we process in the onesto system derives from the integration and the configuration of the onesto system in the infrastructure of your company.
When entering your data in the onesto system you place personal related information at our disposal. In exceptional cases, another user, like for instance an administrator can create a user account or can use personal data for your own usage of the onesto system or having the agreement of your company.
Personal data is collected in the onesto system also from other sources, like for instance, the HR department, travel agencies, travel management suppliers your company cooperates with.
During the usage of onesto system, data will automatically be created, like IP address, information about the device, browser as well as your usage and activity with the scope of support for technical problems and the behaviour of the onesto system.
Protection of the private sphere of the minors in the web
Personal data of the minors (under 16) will not be explicitly collected or used in a certain manner by onesto GmbH.
The minors are not allowed to transmit their personal data without the explicit accordance of the parents or the legal responsible persons.
How do we use your data
onesto GmbH uses the personal data in the following areas:
- Supplying, usage, maintenance, connectivity and improvement of the onesto systems, as well as for ensuring the access, usage and connectivity to the onesto system
- Processing and completing within the onesto system, like for instance the purchasing of the business travel or submitting the travel expenses
- Supplying customer service and assistance, as well as communication related to the reservation processes, like for instance confirmations of reservations, technical information, updates, security warnings, as well as administrative messages
- Supplying support and information about the onesto system, according to the agreed contract
- A better understanding of the application and the usage of the onesto systems, as well as the continuous improvement and development of new product and services, in order to increase the users experience
- Researching and avoiding fraudulent reservations, illegal accesses or other security incidents, as well as of other illegal activities
In case your company has subscribed to services, which permit the localisation of some or all users, in order to be able to communicate with them during some incidents, like for instance in case of natural disasters, attacks or other dangerous events, the onesto system uses for your localisation the data from your user profile, your itineraries or your localisation services, which you place at our disposal in a direct way or via the mobile app onesto2go.
The rights of the onesto app
The onesto app needs the following rights in order to place the complete functionality at your disposal. It is not necessary to grant individual rights for using the app, but in that case a specific functionality will not be available.
The rough and the exact location
For supporting the search within the immediate surrounding in case of travel bookings, as well as for the optional functionality of the emergency calls.
Internet
For the synchronisation of the reservations
Network status
For the synchronisation of the reservations
Fingerprint
For the authentication on the app instead of a PIN
Notifications
For receiving notifications to bookings (e.g. rebookings, delays)
Camera
Take photos in order to attach them as images or documents in an order for the documents management or for attaching them as receipts in the travel expense module
Access to data
Take photos in order to attach them as images or documents in an order for the documents management or for attaching them as receipts in the travel expense module
Your rights while processing your data
The affected person has the right to ask for a confirmation from the responsible person, in case the personal data will be processed. If yes, then the affected person has the right for information about this personal data, as well as to individual specific information according to art. 15 DSGVO.
The affected person has the right to request an immediate correction of the personal data from the responsible person, in case of incorrect personal data as well as to complete the personal data in case this is incomplete (Art. 16 DSGVO)
The affected person has the right to request the immediate deletion of personal data from the responsible person, in case one of the reasons mentioned separately in art. 17 DSGVO will apply, for instance when the data for certain scopes is not necessary anymore (right to delete).
The affected person has the right to request from the responsible person, the limitation for processing the personal data, in case one of the prerequisites of the art. 18 DSGVO applies, for instance when the affected person does not further agree with the processing of the personal data, during the further checks being cared of by the responsible person.
The affected person has the right to request at any moment at the responsible person the stopping of the personal data processing due to any reasons, resulting from a certain situation. The responsible person will not process the personal data anymore, except the situation when he/she can prove the reasons which are necessarily needed for this processing, which are predominant to the interests, rights and freedoms of the affected person or the processing serves to the establishment, exercise or defence of legal claims (art. 21 DSGVO)
Without any administrative or legal remedy, each affected person has the right to place a complaint at a control authority, when the affected person considers that the processing of the personal data is not performed correctly according to the DSGVO (art. 77 DSGVO). The responsible person can make use of this right within a control authority in the member state where he/she lives, works or where the supposed incident took place. In Bavaria the responsible authority hereto is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
The security of your data
The data you have placed at the disposal of onesto GmbH will be further protected by the corresponding technical and organisational means, having the scope of making sure to protect them against an accidental or intended manipulation, the lost or getting damaged, against the access of unauthorized persons or against the disclosure to unauthorized third parties. Our security measures will be permanently controlled and improved, according to the technological and organisational possibilities.