Data protection notice: Telematics / Software

Status as of January 2026

1. General Provisions

1.1 This Data Protection Notice concerns the collection and processing of personal data by telematics units distributed and installed by syniotec GmbH, Am Wall 146, 28195 Bremen (“syniotec”), as well as their subsequent processing in systems operated by or under the responsibility of syniotec, in particular within the scope of the software solutions “SAM” and “RAM” (“Software”).

1.2 The telematics units and software solutions are used by entrepreneurs or companies (“Customers”) who maintain a contractual relationship with syniotec and who wish to record and evaluate the condition, location, and use, as well as other information relating to the construction machinery, equipment, or other vehicles and facilities in use by them (“Customer Objects”).

1.3 Syniotec processes the data concerned primarily on behalf of and in accordance with the instructions of the Customer, and thus acts as a processor pursuant to Art. 28 GDPR. For this purpose, syniotec enters into a separate data processing agreement with its Customers. The Customer remains the data controller under data protection law for the processing and is therefore specifically responsible for ensuring that the processing of the data is permissible from a data protection and employment law perspective.

1.4 With regard to certain processing activities, syniotec is the data controller under data protection law. Information on this can be found in this Data Protection Notice.

1.5 In the event that the Customer does not use the Customer Objects personally, but transfers them to its employees, the employees of affiliated companies, or other persons, the Customer must ensure that the respective persons who use Customer Objects equipped with telematics units and whose personal data may therefore be processed (“Users”) are informed of the fact and scope of the processing in accordance with this Notice and the information obligations incumbent upon the Customer itself, and that any required consents under data protection law are obtained from the User by the Customer.

2. Data Controller

2.1 The Controller within the meaning of Art. 4 No. 7 GDPR is:

syniotec GmbH
Am Wall 146, 28195 Bremen, Germany

Managing Directors: Rezi Chikviladze, Arne Stehnken

info@syniotec.com
+49 421 83679700

3. Collection and Processing of Machine Data and Personal Data by Telematics Units

3.1 The telematics units collect technical usage data from the telematics units delivered by syniotec (e.g., details regarding the vehicle, trips, times, positions, sensor and diagnostic data, vehicle and device identifiers).

3.2 The data collected and processed by the telematics units generally constitute so-called machine data, which describe purely technical or physical states or processes and are not personal (“Machine Data”).

3.3 In the case of some of this data, it may, either inherently or in combination with other data or parameters, constitute data relating to an identified or identifiable natural person (“personal data” pursuant to Art. 4 No. 1 GDPR): Each telematics unit is assigned to the respective Customer within syniotec’s system. The data generated or processed by the telematics units may therefore be personal or may become personal under certain conditions—for example, if conclusions can be drawn via the serial number of the unit, the data stored by the Customer in the system, or solely via details regarding the Customer Object in connection with shift or duty schedules of the Customer, such as regarding the usage behavior of the User, their location, or their travel route, or if this is precisely intended by the Customer by storing identifying data.

3.4 The telematics units can—with manufacturer-dependent differences in the specific scope—collect the following data (“Telematics Data”) and store it locally in the memory of the respective unit:

  • 3.4.1 Location and Movement Data: Historical position and location data (e.g., GPS coordinates with timestamps) of the connected machine or vehicle, as well as movement information derived therefrom, in particular speed and direction of movement. Altitude information is not recorded.
  • 3.4.2 Usage and Operating Data: Data regarding the technical operation and use of the machine or vehicle, in particular operating and running times, start and stop times, idle times, as well as status information such as engine and ignition status (e.g., on/off).
  • 3.4.3 Driving and Mission-Related Technical Data: Technical information regarding the deployment or movement of the machine or vehicle, in particular speed data. No recording or evaluation of driving style or behavioral characteristics takes place.
  • 3.4.4 Vehicle and Machine Data via Technical Interfaces: To the extent technically available and supported, certain technical measurement and diagnostic data can be read out via vehicle- or machine-side interfaces (e.g., CAN bus, OBD) depending on the manufacturer, in particular engine speed, fuel level or consumption, and battery voltage. The data collection is purely read-only and continuous, without active intervention in the control of the machine or vehicle.
  • 3.4.5 Sensor-Based Event and Status Data: Data generated by sensors integrated into or connected to the telematics units, in particular movement or vibration signals that can indicate technical changes in state or events.
  • 3.4.6 Device and System Data of the Telematics Unit: Technical information regarding the telematics unit itself, in particular device or serial numbers, device identifiers, SIM or network identifiers, firmware and software versions, as well as information on the cellular or connection status (e.g., signal strength).
  • 3.4.7 Local Storage and Pre-processing: The Telematics Data may be temporarily cached and technically pre-processed (e.g., buffering or summarization) on the respective telematics unit in order to enable a subsequent transfer. Permanent archiving on the telematics unit is not intended.
  • 3.4.8 Third-Party Telematics: Insofar as telematics solutions from third-party providers are used instead of or in addition to syniotec’s own telematics units, these may record comparable or differing technical Telematics Data depending on the respective manufacturer, device type, and functional scope. In these cases, the specific scope is governed by the specifications of the respective third-party provider. Information on this can be provided by syniotec—insofar as it is available—upon request.

 

3.5 Depending on the manufacturer, the telematics units send different data packets at various intervals to syniotec’s servers. Further details are available at https://syniotec.com/products/telematics-construction-machines/

3.6 The data transmitted to syniotec is made available to the Customer in the Software. The data is further processed and can subsequently be downloaded by the Customer as a graphic representation or in list form. In addition, this data can be used by the Customer to determine the positions of devices, to define operating hours performed, and to plan future deployments.

4. Data Collection via Customer Input in the Software

4.1 Customers have the option to store further data in the Software regarding the Customer Objects and their integration into the Customer’s business operations, e.g., deployment plans, preferred drivers/users, or similar. This may involve personal data. In detail, the following information is possible:

  • 4.1.1 Last name, first name, branch address, date of birth, email (business), telephone number (business), personnel number, nationality, contract type, occupation, employee vehicle, emergency contact (last name, first name, telephone number), construction site-related qualifications, certificates, driving licenses.

5. Use by syniotec for its own purposes

5.1 To the extent that we obtain telematics and usage data from the use of the systems provided by us, we process this data to a limited extent for our own purposes in addition to providing our contractual services to our Customers.

5.2 This concerns, in particular, technical usage, operating, and telematics data from the telematics and software systems delivered or connected by us. This includes, in particular, information on machines, vehicles, and devices (e.g., type, configuration, technical states), usage and operating data (e.g., deployment and running times, standstills, operating states), temporal information, historical position and movement data, sensor, measurement, and diagnostic data, system and device identifiers, as well as other technical metadata generated by the system.
Furthermore, data may be processed that is stored in the system of the respective Customer for organizational assignment, such as assignments of machines or vehicles to construction sites, projects, deployment types or—insofar as provided by the Customer—to internal identifiers of users or drivers (e.g., internal IDs, pseudonyms, or other designations assigned by the Customer), without this resulting in a direct identification of natural persons by syniotec.
The aforementioned data may also include information that arises or is derived within the scope of using the systems, such as summarized usage and deployment patterns, statistical indicators, aggregated evaluations, as well as technically generated analysis and forecast data, including insofar as these arise within the scope of the further development, testing, or prospective use of data-based analysis, optimization, or learning processes (e.g., algorithmic or AI-supported functions). Processing takes place exclusively to the extent necessary for technical analysis, system optimization, product development, statistical evaluation, and to ensure stable, secure, and high-performance system operation.

5.3 Syniotec uses the data mentioned in Section 1.2—wherever possible in pseudonymized, aggregated, or otherwise abstracted form—for the following purposes of its own:

  • 5.3.1 Analysis, monitoring, and improvement of the technical functionality, performance, stability, availability, and security of the telematics, software, and cloud solutions provided, including the detection, analysis, and rectification of errors, faults, and security risks. Further development and testing of new functions, algorithms, and evaluations;
  • 5.3.2 Further development, conception, testing, validation, and optimization of existing and new functions, modules, evaluations, and system components, including the development and improvement of data-based, algorithmic, or prospectively learning processes (e.g., analysis, forecast, optimization, or support systems), insofar as these serve to improve the products and services. The use of this data for purposes extending beyond this or for the evaluation of individual behavior does not take place;
  • 5.3.3 Execution of aggregated and statistical evaluations for product management, quality assurance, capacity and resource planning, as well as for evaluating and optimizing the use, performance, and cost-effectiveness of the systems (e.g., failure rates, typical deployment and usage patterns of machines, performance and stability metrics).

5.4 The use of the aforementioned data for the individual evaluation of performance, behavior, or personality of natural persons, for employment law purposes, or for the creation of personal profiles does not take place.

6. Processing scenarios and legal bases for processing

6.1 To the extent that the data processed during the operations described under Sections 3 to 5 constitutes personal data, the processing scenarios and legal bases for the processing are set forth below.

  • 6.1.1 The collection of personal data of the Customer, its transmission via telematics unit to syniotec, the processing within the scope of preparation, graphic representation, and evaluation, as well as the granting of access to the Customer, is carried out to fulfill contractual obligations toward the Customer. The legal basis in this case is Art. 6 Para. 1 Sentence 1 lit. b) GDPR.
  • 6.1.2 Insofar as this affects personal data of Users with whom syniotec has no contractual relationship, the processing is carried out on behalf of the Customer and exclusively on its express instructions, and thus by syniotec as a processor for the Customer pursuant to Art. 28 GDPR. In this respect, a separate data processing agreement exists between syniotec and the Customer. The Customer is the data controller under data protection law for this.
  • 6.1.3 The processing of Customer inputs is carried out by syniotec on behalf of the Customer and exclusively on its express instructions, and thus by syniotec as a processor for the Customer pursuant to Art. 28 GDPR. In this respect, a separate data processing agreement exists between syniotec and the Customer. The Customer is the data controller under data protection law for this.
  • 6.1.4 The processing of personal data for internal purposes by syniotec is carried out—wherever possible in pseudonymized and/or aggregated form—for the following purposes of its own: analysis and improvement of the functionality, stability, and security of our telematics and cloud solutions, further development and testing of new functions, algorithms, and evaluations, statistical evaluations for product management and quality assurance (e.g., failure rates, typical usage patterns, performance metrics). The legal basis for this processing is Art. 6 Para. 1 lit. f) GDPR. The legitimate interest consists in the further development, optimization, and safeguarding of the telematics and cloud services, as well as in ensuring a high level of quality and security of the products. Insofar as the data subjects have consented to the processing, for example within the scope of company agreements or similar, the legal basis is Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

7. Rights of the data subject

7.1 As a data subject, you have the right:

  • 7.1.1 pursuant to Art. 15 GDPR, to request information about your personal data processed by us;
  • 7.1.2 pursuant to Art. 16 GDPR, to demand without undue delay the rectification of inaccurate personal data or the completion of your personal data stored by us;
  • 7.1.3 pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • 7.1.4 pursuant to Art. 18 GDPR, to request the restriction of processing of your personal data;
  • 7.1.5 pursuant to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request its transmission to another controller;
  • 7.1.6 pursuant to Art. 7 Para. 3 GDPR, to withdraw your once given consent at any time. As a result of this, syniotec may no longer continue the data processing that was based on this consent for the future; and
  • 7.1.7 pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority.

8. Separate information regarding the right to object

8.1 Where syniotec processes personal data to safeguard legitimate interests on the basis of Art. 6 Para. 1 lit. f) GDPR, data subjects have the right under Art. 21 GDPR to object to the processing of their personal data, provided that there are grounds arising from their particular situation.

8.2 If data subjects wish to make use of their right of withdrawal or objection, an email to […] shall suffice.

9. Automated individual decision-making or profiling measures

9.1 Syniotec does not use automated processing methods to bring about a decision—including profiling.

10. Duration of storage of personal data / erasure of personal data

10.1 In general, syniotec erases or anonymizes personal data as soon as it is no longer required for the purposes for which it was collected or used in accordance with the preceding sections, unless further storage of the personal data is required due to a legal obligation.

10.2 Personal data processed for contract execution or fulfillment is generally stored for a period of 3 years from the complete fulfillment of mutual contractual obligations and is erased thereafter, provided that the data is not subject to statutory retention obligations, e.g., pursuant to the German Commercial Code (HGB) or the German Fiscal Code (AO). In this case, the data will only be erased after the expiry of the statutory retention obligation.

10.3 Insofar as personal data is processed for own purposes, it is anonymized or pseudonymized beforehand and erased as soon as it is no longer required for this purpose. No identifying use of the data takes place in this context.

11. Changes of purpose

11.1 Processing of personal data for purposes other than those described shall only take place insofar as a statutory provision permits this or the data subjects have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, syniotec shall inform the data subject of these other purposes prior to further processing and provide further relevant information for this purpose.

12. Disclosure of data

12.1 Personal data processed by syniotec will generally not be disclosed to third parties, unless a legal obligation or authorization exists. Data disclosure may take place, for example, for the establishment, exercise, or defense of legal claims or for law enforcement. The disclosure of this data is based on the legitimate interest of syniotec in combating abuse, prosecuting criminal offenses, and securing, establishing, and enforcing claims. The legal basis is Art. 6 Para. 1 lit. f) GDPR.

12.2 Furthermore, a disclosure of the data may take place if the data subject has consented thereto. The legal basis in this respect is Art. 6 Para. 1 lit. a) GDPR.

12.3 For the provision of its services, syniotec may be dependent on contractually affiliated third-party companies and external service providers who may come into contact with personal data or process it on behalf of and in accordance with the instructions of syniotec and are therefore processors pursuant to Art. 28 GDPR. These processors are carefully selected and regularly reviewed. The processors may use the data exclusively for the specified purposes and are furthermore contractually obligated to meet the legal requirements for the protection of personal data.

13. Amendments to the Data Protection Notice

13.1 This Data Protection Notice is regularly monitored and updated as necessary. You can access the respective current version at any time on our website at […].

As of January 2026