ABetterRouteplanner.com is owned and operated by Iternio Planning AB (“Iternio”), a company based in Sweden, founded and operated by the developers of ABetterRouteplanner.com. Iternio also offers planning-as-a-service to third party websites and apps via its Route Planner API. This document describes our use and storage of personal data for both services.
The following policy reflects how Iternio collects and processes data in connection with its services. This document will be updated continuously with the development of our services. This version is updated as per January 2020.
Our role when it comes to personal data
Iternio Planning AB is a Swedish limited company, company registration number 556911-5487, Scheelevägen 15, SE-22370 Lund, Sweden. The easiest way to contact us is by e-mail to our CEO, Dr Bo Lincoln at email@example.com.
Iternio is “Data Controller” for the personal data that we process, which means that we determine why and how personal data is collected and processed by us. As Data Controllers we are legally responsible for our processing.
Our approach to (not) collecting personal data
The European General Data Protection Regulation “GDPR” and its equivalents around the world encourage us to avoid processing personal data and to limit the processing to what is necessary in order to fulfil legitimate purposes. We are also encouraged to be open (transparent) about it, so that people know why and how data about them is being used.
Our business is based on data, the analysis and presentation of which is the core of our services. But Iternio has actively designed its software and services in order to collect and store necessary data without processing personal data. As interested as we are in data related to the use and performance of different electric vehicles in different environments and under different circumstances, we are correspondingly un-interested in the identity of our users. By submitting vehicle telemetry (car live data) to use through any available method, you agree that we may store and process anonymized parts of that data to learn more about vehicles, traffic, chargers and similar to improve our service. It is completely optional to use telemetry in the service. Please note that anonymized data means information which cannot be linked to an individual, so it is actually not “personal data”.
We do not sell or transfer any personal data about our users or any other individuals. However, we reserve the right to publish content-based ads on our services, such as Tesla related ads to Tesla route planners.
Why we collect data about you
User account and login data
A user may register an account for using our web- or app-based services and can then access the service from different devices with the same settings and user data. In order to provide user accounts, we store the name of the user, e-mail address and password (all provided/chosen by the user). We also store the personal settings chosen by the user and the last destination searches. Such data is stored only in order to provide the service to you.
Vehicle, driving and charging related data
The quality of our services is dependent on gathering and analyzing data about how vehicles are being driven and charged under different conditions. Some users chose to provide us with more detailed data from their vehicle (“vehicle telemetry”), such as charging status, temperatures, speed etc. We may in such cases store a unique identifier of the vehicle in order to identify the brand, model, battery, power consuming options, and other vehicle specific data.
When and how we collect data
We collect user account data when you open a user account (optional), when you change the user settings or by collecting information provided by you, such as actual (stated) name, user name, e-mail address and password. We also gather information generated by your use of our services while logged in, including starting point, destination and current GPS position. The previous 15 searches (destinations) made from your user account are stored with your account for easy access.
In addition, the entire last/current route plan may be stored in further detail, to be accessible from the user’s different devices.
The types of data we collect
We collect user data, such as stated name, user name, e-mail address and password, for administration of user accounts (optional). We may also collect information about how different vehicle models are driven and charged.
We do NOT collect or store any “special categories of data” as defined in the GDPR (e.g. related to biometrics, health, sexuality, political or religious views etc) and we encourage you NOT to provide any such information in any communication with us. However, we may store GPS- and search related data that some people could consider to be sensitive information about their travel destinations. This data is only available for the logged in user.
Your choices and rights
As an individual you have certain rights under the GDPR. You can exercise your rights by sending us an email at firstname.lastname@example.org.
You have the right to access information we hold about you, including:
- the categories of data we’re processing
- the purposes of our data processing
- the categories of third parties to whom the data may be disclosed
- how long the data will be stored (or the criteria used to determine that period)
- your other rights regarding our use of your data
We will provide you with the information as soon as we can but always within one month of your request. There may be situations where we cannot provide certain information, for example if doing so would adversely affect the rights and freedoms of somebody else. If so, we will tell you about it.
If you have a user account, you can at any time access and change the user data or preferences.
For you as user, ABRP and our other services are tools that must be used responsibly by you and only for legal purposes. This includes personal data and YOU are responsible for your processing and use of such data. For instance, you may not in any way use our services for purposes of monitoring other individuals (such as other users of your vehicle, your computer or mobile device) unless you have a legally valid consent or other valid legal grounds to do so.
How we store and secure your personal data
First, we try to avoid storing or processing of “personal data” (information that could, directly or indirectly, be connected to an individual). Therefore we anonymize the data, when possible. Data that is connected to your (optional) account is stored only for the purposes of providing the service and making it available to the user from different platforms.
Specifically, if you connect vehicle live data to our apps or services, we will store your driving data so that it can be connected to your account for up to 48 hours – this is to be able to show how your last drive or charge was even if the app is not active. After at most 48 hours, we anonymize all historical data, meaning we can no longer identify the data to any particular account. We may at some point offer services such as statistics and maps of your previous drives, optionally, and this will of course mean that we need to keep the association between data and your account so that we can show it to you – but this will be opt-in.
If and when we choose to provide optional services at a cost, we will need to process further data in order to handle payments.
Very sensitive data such as vehicle API tokens (like MyTesla tokens) are stored encrypted with the decryption key completely outside of the server. This is so that even if a hacker gets a hold of a complete backup or disk from a server, it is still not possible to retrieve the data. Even with full access to the running server, it will be very hard to read out that information. We never store your password for such API services anywhere.
How long we keep your data stored
Your user account and data related to it will be stored as long as you chose to maintain the account. Data deleted by the user will immediately be deleted from our main systems and within 90 days from all backups.
Anonymous (thus not personal) data derived e.g. from the use of our services or otherwise provided to us will be stored and used as long as it is useful information, without any specific limitations.
International aspects – where your data is stored
Our data is stored on servers located in Sweden, including backups. We will not transfer personal data to countries outside of the EU (but we will of course give our logged-in users access to their own account data).