top of page

Iternio Data Privacy Notice

1. Scope of this Notice
We at Iternio Planning AB (“Iternio”, “we” or “us”) respect your privacy, and we are committed to protecting it. We are a company based in Sweden, founded and operated by the developers of ABetterRouteplanner.com (“ABRP Website”). With this Data Privacy Notice (the “Notice”), we describe the processing of your personal data when we offer services through Iternio and ABRP websites and the ABRP Mobile App (“ABRP App”). We also offer planning-as-a-service to third party websites and apps via our application programming interfaces (“APIs”) and this Notice also applies to these services. This Notice has the following sections:


1. Scope of this Notice
2. Who We Are (Identification of the Data Controller)
3. Our Processing of Your Personal Data
4. Legal Grounds for Our Processing
5. Disclosure of Personal Data
6. Data Retention
7. Data Security
8. International Transfers
9. Your Privacy Rights
10. U.S. State Privacy Disclosures
11. Changes to this Notice

2. Who We Are (Identification of the Data Controller)
A data controller is the individual or legal person who controls personal data by means of determining the purposes and means of the processing and who is therefore responsible to safeguard compliance with the applicable data protection laws, such as the General Data Protection Regulation of the European Union (“GDPR”). Wherever we use the phrase “data controller” in this Notice, we use it as defined in Article 4(7) GDPR.


The data controller for the processing of personal data described in this Notice is:


Iternio Planning AB
Scheelevägen 15
SE-22370 Lund
Sweden


Iternio Planning AB is incorporated under the laws of Sweden and registered under the
company registration number 556911-5487.


The easiest way to contact us is by email at privacy@iternio.com.

3. Our Processing of Your Personal Data
The GDPR and equivalent laws around the world require us to limit the processing of personal data to what is necessary. We are also required to be transparent, so that people know why and how personal data about them is being processed. Our business is based on data, the analysis and presentation of which is the core of our services. But Iternio has designed its software and services in order to minimize the processing of personal data. We do not sell or share personal data, as those terms are defined by applicable privacy regulations.  We do not participate in third-party telemetry exchanges or share data with such exchanges. Under the scope of this Notice, we process the following categories of personal data, depending on the service you are using:

 

Visiting Iternio or ABRP Websites
If you visit any of our websites, the web server automatically processes the following data:

 

  • Your Internet Protocol (IP) address

  • The type of browser you are using

  • The date and time of your visit

  • Depending on your browser configuration, the website you are coming from (if you were referred to our website, e.g., by clicking a link or when third party websites embed our websites’ content)

We also use cookies to automatically collect certain information about your equipment, browsing actions, and patterns when you visit our websites. Cookies are small files stored on your browser or device that enable the cookie owner to recognize the device when it visits websites or uses online services. We may automatically use some cookies that are strictly necessary to provide the services you request or enable communications and to protect our website, including identifying irregular or fraudulent activity. These cookies cannot be disabled. We request your consent for all of our other cookie uses on our websites, which may include:

 

  • Marketing Cookies: These cookies are used on Iternio.com to track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests.

  • Functional Cookies: These cookies enable our websites to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

  • Analytics Cookies: These cookies allow us to measure and improve the performance of our websites, including analytics that help us understand how individuals use the sites. 

We also store certain information related to your routes and your use of ABRP, which may include your personal data, in your browser’s local storage. To clear your browser’s local storage, you should be able to navigate to the browser's settings or options menu and select the option to clear browsing data or clear cache and cookies. This action should remove any locally stored data, including cookies, local storage, and session storage, from your device. It is important to note that this action cannot be undone, and any data that was stored locally will be permanently deleted.


Using our Route Planner

If you use the Route Planner on our website or within the App, we also process the following
data:

 

  • Route Data (start, end, and waypoints, where applicable)

  • Vehicle type

  • User-entered parameters (e.g., vehicle state of charge, preferred charging networks and cards, language preferences)

Creating an ABRP user account and using our services as a registered user
If you decide to create an ABRP user account, we will process the following personal data in
addition to what is described in the section “Visiting Iternio or ABRP Websites”:

 

  • Your name

  • The username you have chosen upon registration

  • Bookmarked addresses (e.g., home address, work address)

  • Saved routes and route history

  • The email address used for registration

  • A hash of your chosen password

  • Third-party account ID (if you choose to link your ABRP account with external services, such as Google, Apple, Facebook for login purposes)

  • Certain login data, such as the client IP of the latest visit and a timestamp of the latest login attempt

If you create an entry for your vehicle within the ABRP service, we will process the following
additional data about your vehicle (together the “Vehicle Data”):

 

  • Vehicle ID (this is a unique ID used within the ABRP engine and not the VIN as issued by your car manufacturer)

  • Vehicle type/model

  • Driving preferences

  • Charger preferences

  • Driving preferences

  • Real-time vehicle telematics data*, such as battery state of charge, current, voltage, charge state, and estimated range; speed, location, heading, elevation; drive mode, tire pressure; and outside temperature, cabin temperature, and battery temperature

* If you link (integrate) your vehicle to your ABRP account


As a reminder, we do not sell or share personal data, as those terms are defined by applicable privacy regulations, and we do not participate in third-party telemetry exchanges or share data with such exchanges.


Using premium features
If you have created a user account, decide to use certain fee-based premium features, we may also process the following data in addition to what is described in the section “Creating a user account and using our services as a registered user”:

 

  • Payment information (e.g., bank or credit card details, which are not processed or

  • stored by Iternio)

  • Billing postal address

  • Order history

 

However, these personal data will not be processed by us if you purchase premium features via the Google PlayStore or Apple App Store. Please refer to the data privacy notices of these stores if you need more information about how your personal data are processed by Google and Apple.


Using live data feature, the telemetry API, or an OBD device
If you use the live data feature, use our service via third-party providers that utilize the telemetry API, or if you have an ODB device and link it to the App, we process some
additional data that is transmitted by and associated to your vehicle:

  • Vehicle Data (as defined above)

  • GPS location

  • Speed

  • Vehicle calibration state (energy consumption at different speeds, weight, etc.)

  • Technical Vehicle Data coming from sensors (e.g., inside/outside temperature, state of charge)

4. Legal Grounds for Our Processing
We will typically collect and use the personal data we collect from you based on the following legal grounds:

  • Consent: You have given consent to the processing of your personal data for one or more specific purposes, e.g., for vehicle data, telematics data and GPS location. We will always ask for your consent in advance before we start processing such personal data from you.

  • Performance of a Contract: The processing is necessary for the performance of a contract or to take steps to enter into a contract with you, e.g., we need to process your billing information if you purchase an OBD device.

  • Compliance with our Legal Obligations: The processing is necessary for compliance with our legal obligations, e.g., to comply with statutory (tax) obligation for record keeping.

  • Legitimate Interests: The processing is necessary for the purposes of our legitimate interests or for the purposes of the legitimate interests of a third party which are not overridden by your interests or fundamental rights and freedoms which require protection of personal data. We may, for example, store the IP address of every website user for a certain amount of time to safeguard the website’s security in case of attacks (e.g., DDoS-attacks).

Where we process information relating to special categories of personal data requiring
higher levels of protection, the processing of such special categories of personal data will
typically take place only if you have given explicit consent to the processing of such data
for one or more specified purposes

5. Disclosure of Personal Data
Where permitted by law, we may disclose your personal data to the categories of third parties set forth below for legitimate business purposes, such as if you explicitly consent to share it with others, or as necessary to complete your transactions or provide the products or services you have requested or authorized:

 

  • Affiliates: Iternio-branded companies or other affiliates related by common ownership or control, including Rivian and its affiliates, to provide the ABRP services, to develop new and improve existing products and services, and for our legitimate interests.

  • Technology and Other Service Providers: Software, IT, mapping, data analytics, cybersecurity, charging, cloud service, consultants, financial, legal and other similar providers and data processors we use to support our business.

  • Business Partners and Other Third Parties: Where you have elected to receive a service from them, authorized them to receive data from us, or directed us to share your personal data with them. For example, if you use our services through an API utilized by a car manufacturer, we may share certain information with them.

  • Law Enforcement: When legally required or when we deem advisable to do so, such as at the request of governmental authorities or law enforcement or to verify or enforce compliance with applicable laws. In addition, we may disclose your personal data if we believe disclosure is necessary or appropriate to protect our rights, property or safety.

  • Corporate Transactions: In connection with, during, or upon completion of a merger, acquisition, asset sale, or other business transaction that involves some, or all, of our assets, data you have provided to us may be transferred to a third party such as a successor or purchaser as part of or following such a transaction.

  • Other Third Parties: To other third parties if you authorize us to do so.

We may also share reasonably de-identified, aggregated, or anonymized data in accordance with applicable law without restriction with third parties for legitimate business
purposes.

6. Data Retention
Your user account and data related to it will be stored as long as you choose to maintain the account. Data deleted by the user will immediately be deleted from our main systems and within 90 days from all backups.

 

If you would like your account to be actively deleted together with all your identifiable data, you can do so in the ABRP App (Settings -> My ABRP profile -> Delete account) or contact privacy@iternio.com.


We reserve the right to store and use anonymous or de-identified data derived, aggregated, or otherwise provided to us as long as it is useful information, without any specific limitations.

7. Data Security
We have in place reasonable security measures intended to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, including encryption of this information in transit and at rest and the implementation of controls designed to limit access to your personal data to those individuals who have a genuine business need to know it. Those individuals who process your personal data are required to do so only in an authorized manner and are subject to confidentiality requirements.

 

We also have procedures in place to deal with any suspected data security breach. We will notify you and/or any applicable regulator of a suspected data security breach where we
are legally required to do so in accordance with any legally prescribed timeframes.

 

Despite our implementation of these measures, posting or transmission of personal data via the internet, by email, or by other electronic means is not completely secure. We cannot guarantee that personal data that is transmitted to us, particularly by electronic means, will be totally secure. It is possible that third parties may unlawfully intercept or access such data

8. International Transfers
We are based in Sweden and our data is stored on servers located in Sweden or other data locations within the European Union (EU), including backups.

 

If we transfer personal data to other countries, we pay attention to the lawfulness of such transfers. Where personal data are transferred to countries outside the EU or the European Economic Area (EEA), we only carry out such transfers if a so-called adequacy decision is in place (which states that the level of data protection is similar to that in countries within the scope of the GDPR), or if the recipient of the data enters into so-called EU standard contractual clauses with us and thus submits to a level of protection with regard to the personal data involved that is similar to that in countries within the scope of the GDPR.

 

In particular, we use analytics tools to generate statistics about the use of our website and apps. For this purpose, we use the Google Analytics tool from Google LLC. Google LLC is a company based in the USA and when used, truncated IP addresses of users are transferred to servers in the USA. Since from the perspective of the legislator, the USA does not have a level of data protection comparable to the EU, we have entered into EU standard contractual clauses with Google LLC to ensure the required level of data protection. Regardless of this, we only transfer data to Google LLC as part of the analysis if you give your explicit consent via our cookie banner.

9. Your Privacy Rights
Where permitted by applicable law or regulation and subject to the respective legal requirements, you have the right to:

 

  • Access/Know: Request confirmation from us as to whether or not your personal data is being processed by us and, if so, access to such data and/or the more detailed circumstances of the data processing.

  • Correction/Rectification: Request that we correct any inaccurate personal data relating to you without undue delay. In this context, taking into account the purposes of the processing, you may also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration. If you signed up for an account, you may update the information associated with your account at any time by contacting us or logging into your account.

  • Deletion/Erasure: Request that your personal data be deleted without undue delay. In certain circumstances, it may not be possible for us to accept your request, for example, when the processing is necessary to comply with a legal obligation, or if the processing is necessary for the performance of a contract.

  • Portability: Request that we provide a copy of the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and transfer this data to another controller, where feasible.

  • Restriction of Processing: Request that we restrict processing of your personal data. In certain circumstances, it may not be possible for us to accept your request, for example, when the processing is necessary to comply with a legal obligation, or if we can demonstrate compelling legitimate grounds otherwise.

  • Object to Processing: Object, on grounds relating to your particular situation, to our processing of personal data concerning you which is (i) necessary for the performance of a task carried out in the public interest, (ii) carried out in the exercise of official authority vested in us, or (iii) processed by us on the basis of our legitimate interest. In this case, where applicable, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

  • Consent Withdrawal: Withdraw your consent that you have previously provided for our collection, use or disclosure of your personal data, subject to reasonable notice and any contractual or legal exceptions. Note that this will not affect the lawfulness of our processing of your personal data based on consent before its withdrawal.

  • Automated Individual Decision-Making: Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Note that this right shall not apply if such a decision is necessary as part of a contract we have with or want to conclude with you, we have your consent, or we are permitted by law to engage in such automated decision making. In these cases, we will implement measures to safeguard your rights and freedoms and legitimate interests and you may contest the decision by contacting us (see Section 2 (“Who We Are”) of this Notice).

  • Complaints: Lodge a complaint with a supervisory authority at any time if you are of the opinion that the processing of personal data relating to you violates applicable law. You can lodge such complaint with a supervisory authority in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement. You may identify the applicable supervisory authority based on your location on the European Data Protection Board website.

To exercise the above privacy rights, please contact us using the details mentioned in Section 2 (“Who We Are”) of this Notice.


We will acknowledge and coordinate any request as timely as possible. Initially, we will respond to and fulfill any such requests within one month or in accordance with applicable
laws. In case we cannot comply with a request or cannot fulfill a request within that timeframe, we will generally provide you with the reason for this. We may request specific information from you to help us confirm your identity and your rights. Applicable laws may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will generally inform you of the reasons why, subject to any legal or regulatory restrictions.

10. U.S. State Privacy Disclosures
Several U.S. states have passed data privacy laws over the past few years, such as the California Consumer Privacy Act, as amended (“CCPA”). This section describes additional disclosures that we are required to make under these state-specific privacy laws. We will update this section periodically as new laws and requirements are passed.

 

Personal Information Collection, Use, and Disclosure
We have collected the categories of personal data from or about California consumers and disclosed such personal data for a business purpose within the last twelve (12) months as shown in the table below. Additional information can be found in Sections 3 and 5 above. We do not sell or share personal data, as those terms are defined by applicable privacy regulations, such as the CCPA.

10._U.S. State Privacy Disclosures.png

  • Use of Personal Information. We use the categories of personal information listed above as described in Section 2 (“Who We Are").

  • Disclosure of Personal Information. We may disclose your personal information to the categories of service providers set forth in Section 5 (“Disclosure of Personal Data”). In the preceding twelve (12) months, Iternio has disclosed each of the personal information categories as shown in the table above to our service providers for a business purpose.

  • Access to Personal Information. You can request, up to two times each year, that we disclose the categories and/or specific pieces of personal information that we collect, use, disclose, and may sell.

  • Correction of Personal Information. You have the right to have inaccurate personal information corrected.

  • Deletion of Personal Information. You can ask us to delete the personal information that we have collected from you, subject to certain exceptions such as to complete a transaction for you, to exercise our rights, or to comply with a legal obligation.

  • Sales of Personal Information. In the preceding twelve (12) months, Iternio has not “sold” personal information as this term is defined in the CCPA. 

  • Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to direct us to limit our use of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer. Iternio does not otherwise use sensitive personal information beyond what is necessary to perform the services or provide the goods that have been requested of us.  

  • No Retaliation. You are entitled to exercise the rights described above free from retaliation as prohibited by the CCPA.


To exercise your California privacy rights, please see the information in Section 2 (“Who We Are”) below.

Additional Information for California Residents

  • Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.  You can designate an authorized agent to make a request under the CCPA on your behalf if: (1) the authorized agent is a natural person or a business entity registered with the Secretary of State of California; and (2) you sign a written declaration that you authorize the authorized agent to act on your behalf.


If you use an authorized agent to submit a request to exercise your rights, please
have the authorized agent take the following steps in addition to the steps
described above:

 

  • Mail a copy of your signed written declaration authorizing the authorized agent to act on your behalf to privacy@iternio.com; and

  • Provide any information we request in our response to your email to verify your identity. The information requested will depend on your prior interactions with us and the sensitivity of the personal information at issue.


If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

 

  • Identity Verification. You may only submit a request to know twice within a 12-month period. Your request must provide sufficient information about you (which may include personal data such as your name and other personal identifiers) and your relationship, if any, with us that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in the request to verify the requestor's identity or authority to make it.

  • Financial Incentives. We may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA- permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

11. Changes to this Notice
We will post any changes we make to this Notice on our website. If we make material changes to how we treat your personal data, we will notify you by email to the primary email address specified in your account or through a notice on the website. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Notice to check for any changes. Your continued use of our website or services following the posting of changes constitutes your acceptance of such changes.


Last Updated: August 20, 2024

bottom of page