top of page

Iternio Data Privacy Notice

1. Introduction and Scope of this Notice

We at Iternio Planning AB (“Iternio”, “we” or “us”) respect your privacy, and we are committed to protecting it. We are a company based in Sweden, founded and operated by the developers of ABetterRouteplanner.com (“ABRP Website”). With this Data Privacy Notice (the “Notice”) we describe the processing of your personal data when we offer services through the websites of Iternio, ABRP, our APIs and the ABRP Mobile App (“ABRP App”). We also offer planning-as-a-service to third party websites and apps via our APIs and this Notice also applies to these services. This Notice has the following sections:

 

1.     Introduction and Scope of this Notice

2.     Who We Are (Identification of the Data Controller)

3.     Our Processing of Your Personal Data

4.     Legal Grounds for Our Processing

5.     Disclosure of Personal Data

6.     Data Retention

7.     Data Security

8.     International Transfers

9.     Your Privacy Rights

10.   Changes to this Notice

2. Who We Are (Identification of the Data Controller)

A data controller is the individual or legal person who controls personal data by means of determining the purposes and means of the processing and who is therefore responsible to safeguard compliance with the applicable data protection laws, such as the General Data Protection Regulation of the European Union (“GDPR”). Wherever we use the phrase “data controller” in this Notice, we use it as defined in Article 4(7) GDPR.

 

The data controller for the processing of personal data described in this Notice is:

 

Iternio Planning AB

Scheelevägen 15

SE-22370 Lund

Sweden

 

Iternio Planning AB is incorporated under the laws of Sweden and registered under the company registration number 556911-5487.

 

The easiest way to contact us is by email at privacy@iternio.com.

3. Our Processing of Your Personal Data

The GDPR and equivalent laws around the world require us to limit the processing of personal data to what is necessary. We are also required to be transparent, so that people know why and how personal data about them is being processed. Our business is based on data, the analysis and presentation of which is the core of our services. But Iternio has designed its software and services in order to minimize the processing of personal data.

 

Under the scope of this Notice, we process the following categories of personal data, depending on the service you are using:

 

Visiting Iternio or ABRP Websites

 

If you visit any of our websites, the web server automatically processes the following data:

 

  • Your Internet Protocol (IP) address

  • The type of browser you are using

  • The date and time of your visit

  • Depending on your browser configuration, the website you are coming from (if you were referred to our website, e.g., by clicking a link or when third party websites embed our websites’ content)

 

We also use cookies to automatically collect certain information about your equipment, browsing actions, and patterns when you visit our websites. Cookies are small files stored on your browser or device that enable the cookie owner to recognize the device when it visits websites or uses online services. We may automatically use some cookies that are strictly necessary to provide the services you request or enable communications and to protect our website, including identifying irregular or fraudulent activity. These cookies cannot be disabled. We request your consent for all of our other cookie uses on our websites, which may include:  

 

  • Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly. 

  • Performance Cookies: These cookies allow us to measure and improve the performance of our site, including analytics that help us understand how individuals use the site.

 

We also store certain information related to your routes and your use of ABRP, which may include your personal data, in your browser’s local storage. To clear your browser’s local storage, you should be able to navigate to the browser's settings or options menu and select the option to clear browsing data or clear cache and cookies. This action should remove any locally stored data, including cookies, local storage, and session storage, from your device. It is important to note that this action cannot be undone, and any data that was stored locally will be permanently deleted.

 

Using our Route Planner

 

If you use the Route Planner on our website or within the App, we also process the following data:

 

  • Route Data (start, end, and waypoints, where applicable)

  • Vehicle type

 

Creating an ABRP user account and using our services as a registered user

 

If you decide to create an ABRP user account, we will process the following personal data in addition to what is described in the section “Visiting Iternio or ABRP Websites”:

 

  • Your name

  • The username you have chosen upon registration

  • Bookmarked addresses (e.g., home address, work address)

  • Saved routes and route history

  • The email address used for registration

  • A hash of your chosen password 

  • Third-party account ID (if you choose to link your ABRP account with external services, such as Google, Apple, Facebook for login purposes)

  • Certain login data, such as the client IP of the latest visit and a timestamp of the latest login attempt

 

If you create an entry for your vehicle within the ABRP service, we will process the following additional data about your vehicle (together the “Vehicle Data”):

 

  • Vehicle ID (this is a unique ID used within the ABRP engine and not the VIN as issued by your car manufacturer)

  • Vehicle type/model

  • Driving preferences

  • Charger preferences

  • Driving preferences

 

Using premium features

 

If you have created a user account, decide to use certain fee-based premium features, we may also process the following data in addition to what is described in the section “Creating a user account and using our services as a registered user”:

 

  • Payment information (e.g., bank or credit card details, which are not processed or stored by Iternio)

  • Billing postal address

  • Order history

 

However, these personal data will not be processed by us if you purchase premium features via the Google PlayStore or Apple App Store. Please refer to the data privacy notices of these stores if you need more information about how your personal data are processed by Google and Apple.

 

Using live data feature, the telemetry API, or an ODB device 

 

If you use the live data feature, use our service via third-party providers that utilize the telemetry API, or if you have an ODB device and link it to the App, we process some additional data that is transmitted by and associated to your vehicle:

 

  • Vehicle Data (as defined above)

  • GPS location

  • Speed

  • Vehicle calibration state (energy consumption at different speeds, weight, etc.)

  • Technical Vehicle Data coming from sensors (e.g., inside/outside temperature, state of charge)

4. Legal Grounds for Our Processing

We will typically collect and use the personal data we collect from you based on the following legal grounds:

 

  • Consent: You have given consent to the processing of your personal data for one or more specific purposes, e.g., for vehicle data, telematics data and GPS location. We will always ask for your consent in advance before we start processing such personal data from you.

  • Performance of a Contract: The processing is necessary for the performance of a contract or to take steps to enter into a contract with you, e.g., we need to process your billing information if you purchase an OBD device.

  • Compliance with our Legal Obligations: The processing is necessary for compliance with our legal obligations, e.g., to comply with statutory (tax) obligation for record keeping.

  • Legitimate Interests: The processing is necessary for the purposes of our legitimate interests or for the purposes of the legitimate interests of a third party which are not overridden by your interests or fundamental rights and freedoms which require protection of personal data. We may, for example, store the IP address of every website user for a certain amount of time to safeguard the website’s security in case of attacks (e.g., DDoS-attacks).

 

Where we process information relating to special categories of personal data requiring higher levels of protection, the processing of such special categories of personal data will typically take place only if you have given explicit consent to the processing of such data for one or more specified purposes.

5. Disclosure of Personal Data

Where permitted by law, we may disclose your personal data to the categories of third parties set forth below for legitimate business purposes, such as if you explicitly consent to share it with others, or as necessary to complete your transactions or provide the products or services you have requested or authorized:

 

  • Affiliates: Iternio-branded companies or other affiliates related by common ownership or control for everyday business purposes and to develop new and improve existing products and services.

  • Technology and Other Service Providers: Software, IT, mapping, data analytics, cybersecurity, charging, cloud service, consultants, financial, legal and other similar providers and data processors we use to support our business.

  • Business Partners and Other Third Parties: Where you have elected to receive a service from them, authorized them to receive data from us, or directed us to share your personal data with them. For example, if you use our services through an API utilized by a car manufacturer, we may share certain information with them.

  • Law Enforcement: When legally required or when we deem advisable to do so, such as at the request of governmental authorities or law enforcement or to verify or enforce compliance with applicable laws. In addition, we may disclose your personal data if we believe disclosure is necessary or appropriate to protect our rights, property or safety.

  • Corporate Transactions: In connection with, during, or upon completion of a merger, acquisition, asset sale, or other business transaction that involves some, or all, of our assets, data you have provided to us may be transferred to a third party such as a successor or purchaser as part of or following such a transaction.

  • Other Third Parties: To other third parties if you authorize us to do so.

 

We may also share reasonably de-identified, aggregated, or anonymized data in accordance with applicable law without restriction with third parties for legitimate business purposes

6. Data Retention

Your user account and data related to it will be stored as long as you choose to maintain the account. Data deleted by the user will immediately be deleted from our main systems and within 90 days from all backups.

 

If you would like your account to be actively deleted together with all your identifiable data, you can do so in the ABRP App or contact privacy@iternio.com

 

We reserve the right to store and use anonymous or de-identified data derived, aggregated, or otherwise provided to us as long as it is useful information, without any specific limitations.

7. Data Security

We have in place reasonable security measures intended to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, including encryption of this information in transit and at rest and the implementation of controls designed to limit access to your personal data to those individuals who have a genuine business need to know it. Those individuals who process your personal data are required to do so only in an authorized manner and are subject to confidentiality requirements.

 

We also have procedures in place to deal with any suspected data security breach. We will notify you and/or any applicable regulator of a suspected data security breach where we are legally required to do so in accordance with any legally prescribed timeframes.

 

Despite our implementation of these measures, posting or transmission of personal data via the internet, by email, or by other electronic means is not completely secure. We cannot guarantee that personal data that is transmitted to us, particularly by electronic means, will be totally secure. It is possible that third parties may unlawfully intercept or access such data.

8. International Transfers

We are based in Sweden and our data is stored on servers located in Sweden or other data locations within the European Union (EU), including backups.

 

If we transfer personal data to other countries, we pay attention to the lawfulness of such transfers. Where personal data are transferred to countries outside the EU or the European Economic Area (EEA), we only carry out such transfers if a so-called adequacy decision is in place (which states that the level of data protection is similar to that in countries within the scope of the GDPR), or if the recipient of the data enters into so-called EU standard contractual clauses with us and thus submits to a level of protection with regard to the personal data involved that is similar to that in countries within the scope of the GDPR.

 

In particular, we use analytics tools to generate statistics about the use of our website and apps. For this purpose, we use the Google Analytics tool from Google LLC. Google LLC is a company based in the USA and when used, truncated IP addresses of users are transferred to servers in the USA. Since from the perspective of the legislator, the USA does not have a level of data protection comparable to the EU, we have entered into EU standard contractual clauses with Google LLC to ensure the required level of data protection. Regardless of this, we only transfer data to Google LLC as part of the analysis if you give your explicit consent via our cookie banner.

9. Your Privacy Rights

Where permitted by applicable law or regulation and subject to the respective legal requirements, you have the right to:

  • Access/Know: Request confirmation from us as to whether or not your personal data is being processed by us and, if so, access to such data and/or the more detailed circumstances of the data processing.

 

  • Correction/Rectification: Request that we correct any inaccurate personal data relating to you without undue delay. In this context, taking into account the purposes of the processing, you may also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration. If you signed up for an account, you may update the information associated with your account at any time by contacting us or logging into your account.

 

  • Deletion/Erasure: Request that your personal data be deleted without undue delay. In certain circumstances, it may not be possible for us to accept your request, for example, when the processing is necessary to comply with a legal obligation, or if the processing is necessary for the performance of a contract.

 

  • Portability: Request that we provide a copy of the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and transfer this data to another controller, where feasible.

 

  • Restriction of Processing: Request that we restrict processing of your personal data. In certain circumstances, it may not be possible for us to accept your request, for example, when the processing is necessary to comply with a legal obligation, or if we can demonstrate compelling legitimate grounds otherwise.

 

  • Object to Processing: Object, on grounds relating to your particular situation, to our processing of personal data concerning you which is (i) necessary for the performance of a task carried out in the public interest, (ii) carried out in the exercise of official authority vested in us, or (iii) processed by us on the basis of our legitimate interest. In this case, where applicable, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

 

  • Consent Withdrawal: Withdraw your consent that you have previously provided for our collection, use or disclosure of your personal data, subject to reasonable notice and any contractual or legal exceptions. Note that this will not affect the lawfulness of our processing of your personal data based on consent before its withdrawal.

 

  • Automated Individual Decision-Making: Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Note that this right shall not apply if such a decision is necessary as part of a contract we have with or want to conclude with you, we have your consent, or we are permitted by law to engage in such automated decision making. In these cases, we will implement measures to safeguard your rights and freedoms and legitimate interests and you may contest the decision by contacting us (see Section 2 (“Who We Are”) of this Notice).

 

  • Complaints: Lodge a complaint with a supervisory authority at any time if you are of the opinion that the processing of personal data relating to you violates applicable law. You can lodge such complaint with a supervisory authority in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement. You may identify the applicable supervisory authority based on your location on the European Data Protection Board website.

 

To exercise the above privacy rights, please contact us using the details mentioned in Section 2 (“Who We Are”) of this Notice.

 

We will acknowledge and coordinate any request as timely as possible. Initially, we will respond to and fulfill any such requests within one month or in accordance with applicable laws. In case we cannot comply with a request or cannot fulfill a request within that timeframe, we will generally provide you with the reason for this. We may request specific information from you to help us confirm your identity and your rights. Applicable laws may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will generally inform you of the reasons why, subject to any legal or regulatory restrictions.

10. Changes to this Notice

We will post any changes we make to this Notice on our website. If we make material changes to how we treat your personal data, we will notify you by email to the primary email address specified in your account or through a notice on the website. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Notice to check for any changes. Your continued use of our website or services following the posting of changes constitutes your acceptance of such changes.

 

Last Updated: March 2, 2023

bottom of page