privacy policy

Valid as of 11 / 05 / 2020

The protection of your privacy in the processing of personal data is an important concern to which we pay special attention in the context of our business processes. We handle personal data collected during visits to our websites, Apps and/or during using our mobile applications confidentially and entirely in accordance with legal regulations.

Herein, personal data is information about an identified or identifiable natural person and processing means any automated or manual operation performed on personal data (e.g. collection, recording, organization, structuring, storage, adaption, alteration, erasure, destruction, etc).

Comodule OÜ acts as data controller in respect to all users of COMODULE applications and as principle processer of collected data. This means that we will determine the purposes and means for processing the personal data that is being collected from you. We only use data in ways relevant to carrying out our business and services.

Our e-scooters that you may use from time to time are equipped with electronic system connected with our server helping us to locate our e-scooters, see their travelling routes, technical data like battery activity and operating time. Also our services need you to download our mobile application (hereinafter: App) into your mobile device. Our application will need access to other application of your mobile device like camera and location services.

Our services are not intended for children under the age of 16 years or any other age limit applicable in your jurisdiction and we do not knowingly collect data relating to children.

We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation) (hereinafter referred to as GDPR) and other legal acts governing personal data protection and this Privacy Policy.

Collection and processing of personal data

Commercial data

Data collected and processed:

  • Name including first name and family name

  • Mobile phone number

  • E-mail address

  • Password (password will be saved in an encrypted form and will not at any point be visible in plain text)

  • Payment information (bank card number, card expiration date, name of holder, bank and/or issuer details)

Purpose:

We collect, store and process commercial data in order to identify you, to register you as a customer/user, to create you a user account within our App, to charge you any fees and provide you with a receipt or resolve billing issues associated with your account.

We process commercial data to maintain the contractual relationship between us, that is to deliver our services, communicate with you and exchange information with third party service providers within our services, to manage our assets and accounting.

We may process commercial data for compliance with a legal obligation that we are subject to.

If you contact our customer service center by telephone you are giving your consent to record your telephone conversation – we will record the information and data (including personal data) provided by you to be able to duly process your request.

In case of an accident in which the e-scooter is involved, your data will be transmitted to insurance companies and, if necessary, to the other parties involved in the accident.

Based on the available data on the E-scooter we have the right and, in certain cases, an obligation to report information on road traffic offences (such as speeding, drunk driving, theft of rental vehicle) to the competent authorities (e. g., the Police).

Lawful basis for processing:

Legitimate interest to perform the contract and deliver services to you.

Your consent if processing is allowed only based on that.

Retention period:

If user has not deleted or requested his/her account to be deleted by us, then all commercial data will be retained in active database. We retain it in case there will be any dispute over compliance to TC or should any legislations arise and we need to verify the circumstances. After mobile application user profile has been deleted, all personal info will automatically be removed from COMODULE database.

Transactional data

Data collected and processed:

  • Bank account and payment card details (issuer, card holder, card number,card expiration date). Your payment card details will be stored by third-party payment processer Everypay OÜ (card holder name, card number, user IP address, email, invoice recipient address). Everypay OÜ provides its services to LHV Pank AS. Data processing principles for LHV Pank AS and Everypay OÜ are available at https://www.lhv.ee/en/principles-of-processing-customer-data.

  • Purchase and payment details for services you have purchased from us.

  • Information about your ride and compliance to our services (payments, fines, damages, interests, etc)

Purpose:

We process transactional data to deliver our services and manage your user account within our App.

LHV Pank AS and EveryPay OÜ processes the data to handle payments and prevent fraud.

The processing is necessary for compliance with a legal obligation that we are subject to.

Lawful basis for processing:

Legitimate interest to perform the contract and deliver services to you.

Your consent if processing is allowed only based on that.

Retention period:

We keep transactional data in our active database for unlimited time. After that it is archived and kept until the limitation periods for claims elapse.

Usage data:

Data collected and processed:

  • Position-related data (GPS)

  • IP address

  • Your login data

  • Drive unit data

  • Battery data

  • Display data

  • E-scooter manufacturer and model

  • Speed

  • Distance

  • Battery level

  • Data generated by the App and e-scooter like location, driving habits, speed

  • Information about how you use our website, App and e-scooters (including your ride and location history)

  • Browser/phone type and version

  • Time zone settings

  • Operating system and platform, other similar technology identifiers on the devices you use to access websites, the App and our e-scooters

Purpose:

It is our legitimate interest to analyse how our service holds up, to identify any shortcomings, analyse how customers use our e-scooters, App and website, to develop, keep up to date, to improve our offering and to ensure it is lawful, safe and reliable.

Lawful basis for processing:

Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for analytics purposes. For example, we will ask your consent to access the camera of your mobile device and to position your geolocation using your mobile device.

Retention period:

If user has not deleted or requested his/her account to be deleted by us, then all usage data will be retained in active database. We retain it in case there will be any dispute over compliance to TC or should any legislations arise and we need to verify the circumstances. After mobile application user profile has been deleted, all personal info will automatically be removed from COMODULE database.

Profile data:

Data collected and processed:

Includes your marketing and communication preferences, feedback and survey responses and other similar data you provide us with.

Existence of profiling and the consequences of such profiling and if it does or does not involve automated decision-making

Purpose:

To operate, improve and optimize the performance and user experience of the App and our services.

To perform customer and user analysis and segmentation in order to improve our understanding of our users, and provide better and tailored services to users, including you,

statistical purposes.

Lawful basis for processing:

Legitimate interest to perform the contract and deliver services to you.

Your consent if processing is allowed only based on that.

We will send you direct marketing messages and personal direct marketing messages only upon your consent.

Retention period:

Profile data will be kept as long as your consent is valid or until the termination of the contract between us, which ever comes first.

Our summarized principles for processing personal data are as follows:

  • Collected personal data will be adequate, relevant and limited to above stated purposes

  • Collected personal data will be kept accurate and up to date

  • Personal data is processed fairly, lawfully and in a transparent manner

  • Personal data is processed only for limited, specified and lawful purposes

  • Unnecessary data will be deleted

  • Personal data is automatically removed from our database after user has deleted his/her mobile application account or has requested us to delete their account

  • Appropriate organizational and technical security will be ensured, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage

  • Personal data will be transferred to other countries with matching protection levels and entities ensuring matching protection levels to such data.

We process sensitive personal data only with the explicit and unambiguous consent from the user to whom the data relates, or when needed for the protection of life, health or freedom or to fulfill applicable laws and regulations or contractual obligations.

Other purposes for processing personal data are:

(a)     securing compliance with the applicable legal, regulatory or professional requirements;

(b)     for processing requests and communications from competent authorities;

(c)      user relationship administration, financial accounting, internal compliance and risk procedures, and client relationship purposes;

(d)     utilization of systems and applications (hosted or internal) for information technology and information system services.

When you register for our services, you will, upon the logging in of your submitted contact details, indicate your consent to our collecting, processing and using this data and also the master personal data voluntarily provided by you in the context of the use of the available services, to the extent necessary for the provision of the contractually stipulated services. You also confirm that all the personal data provided to us is correct and up-to-date and you are taking an active obligation to update any item of personal data as soon as submitted data becomes incorrect, outdated or misleading.

COMODULE retains and uses anonymous/aggregated data in order to develop and improve applications in line with users’ requirements. We reserve the right to evaluate the data on an anonymous basis, to publish it on the platform in the form of statistics and to otherwise use the data.

Cookies

We may use cookies on our websites or our App. Please read more about the use of cookies in our cookie policy, which you can find in the footer of our website and in our App.

The purposes of processing of data collected by the use of cookies, are the following:

  • to operate, improve and optimize the performance and user experience of the website and its services,

  • perform customer and user analysis and segmentation in order to improve our understanding of our users, and provide better and tailored services to users, including you,

  • statistical purposes.

Use of your personal data in COMODULE group

We may make available your personal data to another affiliate within COMODULE group, that is data will move between different entities in different jurisdictions. This may be done due to division of business functions between different entities. All personal data protection and processing obligations as well as liability on COMODULE are in that case extended to such other entity receiving and processing the personal data.

Disclosure, transfer and making available personal data to recipients

Our disclosure and transfer of your personal data to recipients (natural or legal persons, public authorities, agencies or another body, to which the personal data is disclosed) is kept to a minimum and is subject to the existence of an adequate level of data protection.

We may disclose or make personal data available to recipients under the following circumstances:

  • Recipients who carry out services on our behalf, such as e.g. hosting, cloud computing, payment service, online identification service, IT-support, marketing services, administrative services, training services or other data processing. Such recipients are only allowed to process the personal data in accordance with our instructions and the relationship will be governed by a written data processor agreement; or

  • To establish, exercise or defend our legal rights; or

  • If you have provided your prior consent to the disclosure of personal data to a recipient or

  • As set out in our cookie-policy

If the recipient of the personal data is located in a country outside the EU/EEA not ensuring an adequate level of data protection, we will only transfer your personal data to such recipient following execution of a written transfer agreement based on the EU Commissions Standard Contractual Clauses.

Automated individual decisions

We may use automated decision making based on your personal data. Automated decision making will only take place if the decision is:

  • necessary for entering into, or performance of a contract between you and COMODULE;

  • authorized by Union or Member State law to which COMODULE is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

  • based on your consent.

In case we use automated decision making, we will ensure that suitable security measures are implemented.

Special personal data will in no event be subject to automated decision making unless you have provided your explicit consent or the processing is necessary for reasons of substantial public interest, on the basis of applicable law.

Your consent

As stated above some of our processing activities will be based on your consent. In such case, you will have the right to withdraw your consent at any time.

Please note that the withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal. Further, as a consequence of your withdrawal of your consent, we may not be able to satisfy your requests or provide you with our services.

Data security

In order to safeguard your personal data, COMODULE has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of art and the costs of their implementation.

Following the evaluation of the risk, COMODULE has taken measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of personal data over a network, and against all other unlawful forms of processing.

Training

In order to ensure that we always comply with applicable data protection legislation and the requirements and to ensure that our employees are familiar with such regulation, we have established an internal privacy training and education program that our employees with permanent or regular access to personal data are obligated to complete.

Your rights

You have the right to request more information about our data collection processes and further processing of your personal data. In addition, you have the right to correct your personal data, if necessary.

We will delete or correct any information, which is inaccurate or out of date by reason of the time elapsed since it was collected or by reason of any other information in our possession.

If you provide us with a written request, we will also delete your personal data without undue delay, unless we have a legal basis to continue the processing, e.g. if the processing is necessary to establish, exercise or defeat a legal claim or necessary to the performance of a contract with you.

In order to make use of any of the rights mentioned above, please contact us in writing via info@tuul.xyz.

With regard to such requests, kindly provide us with relevant information to take care of your request, including your full name, mobile telephone number and email address so that we can identify you. We will respond to your written data collection request as soon as possible and no later than within 10 (ten) working days.

If you disagree with our processing of your personal data please be informed that you can lodge a complaint with your local data protection agency.

Complaints

Should you have any complaints about the processing of personal data carried out by COMODULE, please feel free to contact us via info@tuul.xyz.

We will review and assess your complaint and if necessary we may contact you in order to obtain further information.

We strive at processing any complaint or objection within 10 (ten) working days. If it is not possible to make a decision within the given timeframe, we will inform you grounds for the delay and of the time (not exceeding 6 months from receipt) at which the decision can be expected to be provided.

At any time before, during or after the complaint process described above, you may also raise a complaint/file a case with Estonian Data Protection Inspectorate, located in Tallinn, 39 Tatari St., 10134  or online at www.aki.ee.

Links to other websites, etc.

COMODULE websites and App may contain links to third-party websites operated by providers that are not associated with us. After you click the link, we no longer have any influence over the collection, storage, or processing of any personal data transmitted to third parties upon your clicking of the link (such as the IP address or URL of the page that contains the link), as we naturally do not have any control over the behavior of third parties. Therefore, COMODULE cannot assume any responsibility for the processing of such personal data by third parties.

Changes to this privacy policy

We reserve the right to amend this Privacy Policy in the future due to changes in applicable legislation, the Terms and Conditions of COMODULE services or in COMODULE’ processes. We will inform you of any such amendments.

COMODULE data protection officer

COMODULE’s Data Protection Officer (DPO) will monitor internal compliance and ensure that the company processes personal data in compliance with GDPR and other applicable data protection laws.

You may contact the data protection officer of COMODULE via dpo@comodule.com.

General contact information

If you have a request or a question regarding processing of your personal data or this Privacy Policy in general, please contact our Customer Support via info@tuul.xyz.