ConnectApp Privacy Policy

We – BRP-Rotax GmbH & Co KG – operate the Rotax mobile app ("Rotax Connect App") to give you the opportunity to experience the whole world of Rotax karting: We provide you with information about professional races, events and services and we give you the possibility to organize races by yourself and connect to likeminded racers.

If our privacy policy does not answer all your questions, we will be happy to provide you with additional answers at the e-mail address privacy.rotax@brp.com. Or you can write us:

BRP-Rotax GmbH & Co KG
c/o data protection
Rotaxstrasse 1
4623 Gunskirchen
Austria


In this privacy policy, we explain, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and the applicable national laws, which personal data we process. In addition, we also inform you about your rights in relation to our data processing activities.

The following information relates to data processing operations within the scope of our Rotax Connect App.

You may come across race organizer or partner websites during your browsing experience in the Rotax Connect App. The respective race organizers and partners are solely responsible for the data processings that take place directly on their websites.

The protection of your personal data is our special concern. We therefore process your data exclusively on the basis of the relevant legal provisions (GDPR, Austrian DSG, Austrian TKG 2021, German TTDSG).
All data processing requires a legal basis. Within the scope of the Rotax Connect App, we only process your data if at least one of the following conditions applies:

  • Consent (Art. 6(1) lit. a GDPR): You have given us your consent to process data for a specific purpose (e.g. consent to receive push messages in the Rotax Connect App).
  • Contract (Art. 6(1) lit. b GDPR): In order to fulfill a contract or pre-contractual obligations, we process your data (e.g. engine registration).
  • Legal obligation (Art. 6(1) lit. c GDPR): If we are subject to a legal obligation, we process your data (whenever it is foreseen by law that we have to process data of customers e.g. for insurance reasons).
  • Legitimate interests (Art. 6(1) lit. f GDPR): We reserve the right to process personal data because of our legitimate interests, if this does not conflict with any overriding protective interests on your part. For example, we process data in order to provide you with information about kart races in which Rotax is involved.

When you use the Rotax Connect App, various personal data are collected and processed. "Personal data" are information about an individual that is linked to his or her identity, such as name, e-mail address, or other identity identifier (e.g., race license). Our privacy policy explains what data we collect and what we use it for. It also explains how and for what purposes this is done.

HOW DO WE COLLECT YOUR DATA?

On the one hand, your data are collected when you provide them to us. This can be, for example, data that you enter for the account registration. Other data are collected by our IT systems automatically when you visit the Rotax Connect App or after your consent has been given. These are mainly technical data (e.g. operating system or time of page view).

WHAT DO WE USE YOUR DATA FOR?

Purposes for data use may vary: from processing your account registration, to ensuring that there is no unauthorized access to the Rotax Connect App, to marketing. Detailed information on the processing purposes can be found below in the description of the individual data processing activities.

HOW LONG WILL YOUR DATA BE STORED?

Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose of the data processing has been achieved. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be used only for these purposes foreseen by law and will be deleted once these reasons no longer apply.

Cooperation with processors

For some data processing we rely on the support of service processors. We have concluded a contract on commissioned processing (data processing agreement acc. to Art. 28 of the GDPR) with them. This is a contract required by data protection law, which is intended to ensure that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

We will only transfer your personal data to third parties where:

  • you have given your consent in accordance with Art. 6(1) lit. a GDPR, or
  • a transfer is necessary for fulfilling our contractual obligations towards you (Art. 6(1) lit. b GDPR), or
  • there is a legal obligation to transfer the data (Art. 6(1) lit. c GDPR), or
  • the transfer is necessary to safeguard legitimate interests, including exercising or defending of legal claims, and is not overridden by contrary prevailing interests worthy of protection (Art. 6(1) lit. f GDPR).

The following explanations do not relate to the transmission of data to third countries which is executed by Rotax services as a result of your own decision to send your data to a specific foreign recipient, e.g. a foreign distributor or event manager, as such a communication is not a “transfer” in the sense of Chapter V GDPR.

  • First of all, if we ourselves decide to process data in a third country, or processing takes place in the context of the use of third-party services or in the form of the disclosure or transfer of data to other persons or companies abroad, this is done only on the basis of one of the legal grounds outlined in the above section on ‘Transfers of personal data to third parties’.
  • Secondly, we transfer data to third countries exclusively in accordance with Art. 44-49 GDPR. Apart from the existence of explicit consent or contractual necessity in individual cases, this means that data are only transferred to third countries, if their level of data protection is recognized as adequate, or if the data are processed in the third country on the basis of special guarantees: These guarantees may be the result of contractual obligations of the foreign data importer in the form of the EU Commission's standard data protection clauses, or may be based on certification of the foreign data importer or on approved Codes of Conduct that the foreign data importer has undertaken to comply with.

On the transfer of personal data to the USA:

The ECJ ruled in 2020 (Schrems II case , C 311/18) that as a result of the extraordinarily extensive access rights of US law enforcement and state security authorities, the Privacy Shield system, agreed between the US and the EU, could not provide adequate protection for personal data exported from the EEA to the US; therefore adequate protection must be established in other ways, in particular by concluding appropriate standard data protection clauses (Art. 46 (2)(c) GDPR).

However, in view of the fact that contractual obligations of US companies cannot ultimately influence the access rights of US authorities, we use European software products whenever possible. This process will be continued in line with the gradually expanding range of products. As far as reliance on European software products is not feasible for technical or other important reasons, we continue to use software products from U.S. companies, but only from those that have entered into standard data protection clauses with us in accordance with the Commission's implementing decision (EU) 2021/914 of June 4, 2021. Special protection mechanisms such as pseudonymization are used where possible. Furthermore, within the scope of the available possibilities, service provision by way of servers located in Europe is preferably agreed upon in order to make any attempts by US authorities to access data from the European Economic Area (EEA) significantly more difficult.

WHAT RIGHTS DO YOU HAVE REGARDING YOUR DATA?

According to Art. 7, 12–22, 77 GDPR you have the following rights:

  • Before we process your data, you will be informed by us about all essential items relating to the processing, such as in particular the categories of data concerned, the purpose(s) of processing, the legal basis and the storage period of the data (Art. 13 and 14 GDPR).
  • Acc. to Art. 15 you have the right to obtain, upon request, information at any time about the categories (types) of data processed, the purpose(s) of the data processing, the recipients of the data, if any, including information on whether data are transferred to third countries, the storage period, as well as the origin of your personal data, if they were not collected from you
  • You also have the right to request the correction or deletion of your data if you believe that the data are inaccurate or are being processed improperly (Art. 16, 17 and 19 GDPR).
  • Further, you have the right to request the restriction of the processing of your personal data under certain circumstances (Art. 18 GDPR).
  • In addition, you have the right to data portability (Art. 20 GDPR).
  • Insofar as one of our processing operations is based on our legitimate interests, you have the right to object. In this case, we may only continue the processing if we succeed in proving compelling legitimate reasons for this processing which override existing interests in protection of these data (Art. 21 GDPR).
  • You also have the right, in accordance with Art. 22 GDPR, not to be subjected to decisions made solely by automated means. (We do not carry out such processing!)
  • If you have given your consent to certain data processing operations, you can revoke this consent at any time with the effect that future use of these data is prohibited (Art. 7 paragraph 3 of the GDPR).
  • Furthermore, you have the right to lodge a complaint to the data protection supervisory authorities in accordance with Art. 77 of the GDPR. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company.

The responsible data protection authority for BRP-Rotax GmbH & Co KG is:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

For all questions relating to data protection you may contact us at any time
by e-mail to privacy.rotax@brp.com
or by mail to:
BRP-Rotax GmbH & Co KG
c/o data protection
Rotaxstrasse 1
4623 Gunskirchen
Austria

Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a proof of your identity.

DATA PROCESSING WITHIN THE ROTAX Connect APP

We protect your personal information from unauthorized access, use or disclosure. We ensure that your personal data stored by us is used in a controlled, secure environment that prevents unauthorized access and disclosure.

There is a registration option for you in the Rotax Connect App. Passwords set during registration are encrypted in our database.

Access-Log-Files

Log files are also created and stored for the last login: IP address, date and time of access, username/email, errors and warnings.

We have a legitimate interest (Art. 6(1) lit. f GDPR) in the technically error-free presentation and optimization of our Rotax Connect App – for this purpose, the server log files must be collected.

Storage period: 30 days

If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, contact details, content of the inquiry) will be processed by us for the purpose of processing with your request. We do not pass on these data to third parties without your consent.

The processing of these data is based on Art. 6(1) lit. b GDPR if your request is related to pre-contractual measures or to the performance of a contract between you and us. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6(1) lit. f GDPR).

Data from inquiries will be stored by us for as long as is necessary to process your request, but for no longer than six months, unless mandatory statutory provisions – in particular statutory retention periods – require longer storage or where it is necessary for the establishment, exercise or defense of legal claims.

There are three ways to register and login:

  1. registration with your Apple account
  2. registration with your Google account
  3. registration with username and password

The registration and log-in processing via Apple and Google is based on your consent ((Art. 6(1) lit. a GDPR). Your data (e-mail address, for Google additionally: username, language settings, profile picture) will be passed on to us on the basis of your consent in order to provide you with all functions of the Rotax Connect App.

For further information please read the privacy information from Apple (https://support.apple.com/en-gb/HT210318) and Google (https://support.google.com/accounts/answer/10130420?hl=en&ref_topic=7188760#zippy=%2Cso-werden-daten-geteilt%2Cverwaltung).

Your data (e-mail address, username and password, optional foto), which you provide within the third way of registration, will be processed on the basis of our legitimate interest (Art. 6(1) lit. f GDPR) for the purpose of providing all functions of the Rotax Connect App.

Your registration data will remain stored until you delete your account. In the account settings, you have the option to delete your account at any time. In this case data that you have entered during an event registration / race registration will be deleted as well.

DATA COLLECTION FOR our OWN MARKETING PURPOSES IN THE CONTEXT OF REGISTRATION / Login

We store the email-address and optionally name you provide in the app registration process in our customer and prospect file for marketing purposes. This data will - if you have not objected - be used for the newsletter communication about our events, services and products around Rotax Kart. The data processing is based on our legitimate interest in providing you as a customer or interested party with information relevant to you about Rotax Kart (Art. 6(1) lit. f GDPR). You have the option to object to this use at any time, before entering the data into the prospect file for marketing purposes and in each newsletter by means of an unsubscribe link or by e-mail to privacy.rotax@brp.com. Your data will be stored as long as you have not objected, longest, however, until two years after our last newsletter mailing.

In order to tailor our newsletters to your interests as much as possible, we analyze the behavior of newsletter recipients when browsing in the newsletters and on our website https://www.rotax-kart.com Among other things, we can analyze how many recipients have opened a newsletter and how often which link in the newsletter was clicked. All links in the e-mail are so-called tracking links, which can be used to count your clicks and analyze your website behavior. The data processing is based on your consent (Art. 6(1) lit. a GDPR) to the cookies necessary for such processing (see section "Marketing cookies" in the COOKIE POLICY of our Website https://www.rotax-kart.com/privacy-policy).

If you have given your consent (Art. 6(1) lit. a GDPR) for push messages in the Rotax Connect App, we will provide you continuously with news and information about races, events, invitations and services. The primary purpose of these messages is to keep you up to date before, during and after the races and events directly in the Rotax Connect App and to inform you about possible changes promptly.

PUSH MESSAGES VIA FIREBASE FROM GOOGLE

Push messages that are displayed directly in the Rotax Connect App are created via Google's US solution "Firebase" and delivered via Google's and Apple's US push providers or Huawei's Chinese providers. Push messages in the Rotax Connect App will only be displayed with your consent (Art. 6(1) lit. a GDPR).

The push messages are created via Google's "Firebase" tool and delivered directly to your mobile phone. Push messages can be delivered to your mobile phone only, if the Mobile Device ID is processed. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for all Google services in Europe.

Data collected through Firebase is stored on Google's own servers distributed around the world. Most servers are located in the United States. Google currently transfers and processes data to/in the United States based on the standard contractual clauses of the EU Commission (Article 46(2) and (3) of the GDPR) and thus undertakes to largely comply with the European level of data protection when processing your data. However, the fact that US authorities may request access to this data cannot be avoided. You can find details about this topic here: https://policies.google.com/privacy/frameworks?hl=en

Depending on whether you use Google tools (e.g., a Google account), and depending on which Google services you have consented to Google for use, Google may combine data collected through the Rotax Connect App with information Google already has about you and create profiles about you. This enables Google to subsequently offer services and benefits tailored to you.

The storage period depends on the type of data collected and the particular tool used for processing.

Further useful links:

My Garage: Engine Registration

In the Rotax Connect App you have the possibility to register your Rotax Kart engine. The following data will be collected and processed by us – and in this particular case also by the distribution partners ( https://rotax.my.salesforce-sites.com/DistributorList?Type=Kart), who are responsible for you: Your name, e-mail address, address, country and information about your purchased products. The processing of these data is based on Art. 6(1) lit. b GDPR, the data are necessary for a contract.

We store the data for as long as mandatory legal provisions - in particular legal retention periods - require. Additionally, data will be stored where it is necessary for the establishment, exercise or defense of legal claims.

My Garage: Google and Apple Maps

We offer you a geographic, visually appealing search function for race tracks, dealers and distributors as well as the possibility to find out, whether there are races taking place in your area. Therefore we use the map integrations "Google Maps" from Google and “Apple Maps” from Apple. You have the option to allow (Art. 6(1) lit. a GDPR) the processing of your location data so that you can see partners in your area. You can manage the settings at any time in your phone settings. The app can also be used without disclosing the location data.

Data processing during the use of map integration is carried out by the respective map providers. You can find more information here:

Google Maps
Apple Maps


Social: Friends and races

A key feature of the Rotax Connect App is networking with your friends and organizing races. You can invite friends who are registered in the Rotax Connect App at any time in the "Account" area. If the invited person confirms the invitation, you can easily invite them to races that you organize yourself through the app. When a race is "public" all app users will see the participant data: First name, last name and photo, if applicable. If it is a private race, only the users who are invited to the race will see the participant info. Friends can be deleted from the friends list at any time. The data processing is based on our legitimate interest in providing you with these central functions (Art. 6(1) lit. f GDPR). Your friend’s data remain available in the Rotax Connect App as long as they have not either terminated the friendship or deleted their account.

During the events, recordings may be made of the visitor area to document the events and the mood of the participants for the interested public. No photographs will be published that depict participants in a way that they might find objectionable. If individual participants are to be separately photographed or interviewed, this will only be done with their consent. For more information, please contact privacy.rotax@brp.com.

Gunskirchen, on 22. December 2022



Racing
  • Rotax MAX Dome
Products