Privacy policy of Mobire Eesti AS

PRIVACY POLICY OF MOBIRE EESTI AS

Mobire Eesti AS, registry code 10814092, registered office Mäealuse 2/3 Tallinn, e-mail info@mobire.ee (hereinafter Mobire) processes personal data above all in order to provide vehicle full-service rental services.

  • In the privacy policy, we explain how we protect and process personal data and what are our rights and obligations as well as the obligations of our Customers and the Visitors of the Website.
  • Upon the protection and processing of personal data, we proceed from applicable legislation, including the General Data Protection Regulation (GDPR) of the European Union (Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
  • The privacy policy is a part of all Mobire contracts, including rental contracts, and also applies to all the activities of the Visitors of our Website www.mobire.ee and to persons submitting inquiries and requesting offers via the Website. By using the aforesaid services and possibilities, you approve the principles of data processing as provided in the privacy policy.

 

Definitions

  • Person means a Customer, a Person related to the Customer or a Visitor.
  • Customer means a person using Mobire services or their representative (lessee of vehicle, representative of lessee or another person who has entered into a contract with Mobire).
  • Person related to the Customer means a person whose data is processed by Mobire in order to perform the service contract (e.g. the user of the vehicle).
  • Visitor means a person who visits the Website of Mobire or is interested in the services of Mobire.
  • Data means the Person’s data, including personal data that is disclosed to Mobire in connection with the use of Mobire’s services or expression of interest in them by the Customer.
  • We, us or our means Mobire.
  • Website means the website www.mobire.ee.
  • All definitions given in the singular are also applicable in the plural.

 

How do we collect personal data?

  • Mobire receives personal data when a Person submits inquiries to Mobire, requests offers, and enters into a rental contract or another contract.
  • Mobire collects personal data when a Person addresses Mobire via the Website, e-mail or telephone, and also during direct communication and meetings. Mobire may receive the Data concerning a Person from its partners if the Person has given their consent therefor.
  • Mobire may collect Data concerning a Customer from third parties (the database of Krediidiinfo, the controller Creditinfo Eesti AS, public registers such as the publication Ametlikud Teadaanded, etc.).
  • Mobire receives the Data on the users of a vehicle from the lessee of a vehicle or their representative. Mobire receives the Data on the Persons related to the vehicle from the Transport Administration.

 

What do we use personal data for and on what grounds?

Mobire always ensures that there is a legal basis for processing personal data. The basis for processing personal data is generally the Person’s consent, a contract or legislation. Mobire may also process personal data on the basis of legitimate interest (e.g. in order to prevent and identify fraud). We will subsequently describe in more detail what Mobire uses personal data for and on what grounds.

Mobire processes personal data if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. On this basis, Mobire processes personal data:

  • for submitting offers and entering into and performing rental contracts and other contracts;
  • for intermediating services related to full-service rental (technical maintenance, tyre changes, emergency assistance, insurance and other services);
  • for identifying the Customer or the Customer’s representative upon entering into and performing a contract;
  • for conducting the activities required in order to provide services to the Customer, including the purchase and sale of a vehicle, registration in the Traffic Register of the Transport Administration, organising and provision of technical maintenance, tyre change, fuel card, emergency assistance and insurance services;
  • for calculating the intermediation and service fees related to the services of Mobire and the services of service providers, drawing up and issuing invoices and payment schedules, inspecting the receipt of payments and storing the payment information in a database;
  • for communicating information related to the use of services and for other activities required for the provision of services.

 

Mobire processes personal data if the processing of personal data is required in order for Mobire to comply with legal obligations. On this basis, Mobire processes personal data:

  • for the exchange of information related to the provision of services and business, documentation of business activities (e.g. sending information to Mobire for performing statutory duties, etc.);
  • for assessing and preventing business risks and damage (depending on the precise circumstances, this may also take place on the basis of legitimate interest);
  • for performing accounting obligations.

 

Mobire processes personal data if the data subject has given consent to the processing of their personal data for one or more specific purposes. Consent may be withdrawn by the data subject at any time. Withdrawing consent does not affect the lawfulness of processing based on consent prior to its withdrawal. On this basis, Mobire processes personal data:

  • for receiving inquiries and submitting responses via the Mobire Website and electronic solution;
  • for submitting offers. A Person is able to grant Mobire the right to communicate information to them regarding the products and services of Mobire (direct marketing offers). If a Person wishes to receive the direct marketing offers of Mobire, they can grant their consent therefor during the process of submitting Data to Mobire on the Website. Granting consent is voluntary and the Person has the right to withdraw their consent at any time;

 

  • Mobire may also process personal data in other instances on the basis of consent. The purpose of processing is specified during the process of granting consent. Consent granted for processing is voluntary and the Person has the right to withdraw their consent at any time in every instance.

 

Mobire processes personal data if processing is necessary for the purposes of the legitimate interests pursued by Mobire or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. On this basis, Mobire processes personal data:

  • for creating and storing logs, eliminating errors and maintaining and storing the Data related to contracts (including by means of cloud services);
  • for improving Mobire services and the user experience of Customers and Visitors;
  • for assessing and preventing business risks and damage (depending on the precise circumstances, this may also take place on the basis of legal obligations);
  • for verifying the background and Data of the Customer and inspecting credit problems and payment history in order to render decisions on entering into vehicle rental contracts. Collecting Data is also required in order to prevent and avoid fraud;
  • for improving the quality of and developing customer service, measuring user activity and Customer satisfaction. Mobire may combine Data collected by providing various services, provided that the data have been collected for the same purpose;
  • for the protection of the infringed or contested rights of Mobire and recovery of debts, including the right to disclose the Data (name, personal identification code, date of birth, place of residence, e-mail address, telephone number, due date of an obligation, amount of debt) to a law firm and a debt recovery firm, including to a credit default register in the case of a payment that has been overdue for more than 30 calendar days until the debt has been settled;
  • for keeping the technical applications of Mobire up to date and improving them, ensuring the completeness and security of the Data, and for IT developments via the testing and improvement of the services.

 

What kind of personal data do we process?

Mobire processes the following Data for the purposes specified above:

  • the name and contact details of the Person for making offers;
  • the data of the analysis for commencing a business relationship with the Customer, including an extract from the database of Krediidiinfo (controller Creditinfo Eesti AS), and the Customer’s bank statement;
  • the Customer’s and the Customer’s representative’s personal identification code, date of birth, place of residence, e-mail address, telecommunications numbers, contact details, number of the identity document, bank statement, invoice and payment details, language of communication, field of activity, communication channels;
  • the name, personal identification code or date of birth, e-mail address, telecommunications numbers of the Person related to the Customer, the name of the insured property, the registration plate and other registry data, qualities, age, condition and other information on the property that is required for entering into an insurance contract;
  • the Data on the use of Mobire services by the Customer: data on the commencement of the use of the services and its period, data on the contract of the Customer, amendments to the contract, termination of the contract, declarations of intention related to orders, offers, contracts, invoices and payment information as well as insured events, data on choices, selections and logs made in electronic channels, data collected via cookies, data on the payment discipline of the Customer, and other data related to the use of Mobire services.

 

How do we protect personal data?

  • We take all reasonable efforts in order to ensure the security and protection of the Data. We protect personal data through strict security and confidentiality rules, using organisational, physical and information technology security measures to ensure the integrity, availability and confidentiality of the Data. These measures cover the protection of the IT infrastructure, computer and communications networks, technical equipment, employees, offices and information with the aim of ensuring an up-to-date level of mitigating risks and preventing threats of Data leaks and losses.
  • We ensure the processing of Data in accordance with legislation (e.g. GDPR) and good business practice.
  • We have regulated the protection of data with internal data protection rules of Mobire. Only the employees who need access to personal data for performing their duties are granted access to the data.
  • Mobire has entered into contracts with service providers for ensuring compliance with personal data rules and the protection thereof, being responsible for the due and proper processing of personal data by such service providers.

 

Who are the persons we disclose personal data to?

Mobire discloses data in the following instances:

  • in instances provided by legislation at the request of the authorities (e.g. law enforcement agencies, the Financial Intelligence Unit, the courts, enforcement officers, tax authorities, supervisory authorities);
  • to legal and financial advisors, auditors, debt recovery undertakings and other authorised processors where required for the provision of Mobire services, performance of Mobire’s duties and obligations, and the protection of Mobire’s rights;
  • to service providers, including service providers of purchase and sale of vehicles, technical maintenance, tyre change, fuel sales, emergency assistance and other service providers, as well as the providers of support services to Mobire with the objective of offering and providing the best services to the Person;
  • Mobire processes the Data of Customers, Persons related to Customers and other persons whose Data it collects as a controller, establishing contractual guidelines on the basis of which the service providers (processors) must process the personal data.

 

Data retention

  • Mobire does not process the Data any longer than necessary. Mobire stores Data until the purpose of using it has been met. Data collected before entry into a contract will be stored for no more than 1 year as of the request of an offer by a Customer. Mobire generally stores personal data during the period of validity of the contract and for 10 years after the expiry or termination of the contract.
  • Mobire may store personal data for a longer period of time if the Person has given their consent for data retention. In this case, personal data will be stored until the withdrawal of consent.
  • If the processing of personal data takes place in order to perform obligations provided in legislation (e.g. obligations arising from accounting), personal data will be retained pursuant to the terms provided in legislation. For example, pursuant to the Accounting Act, the accounting source documents must be preserved for seven years as of the end of the financial year when a business transaction was recorded in the accounting journals and ledgers on the basis of the source document.
  • If Mobire submits the personal data to another controller, the recipient of the data will determine the terms of retention.
  • Mobire will generally ensure the processing and retention of data on the territory of the European Union. Mobire may also use processors whose servers are located outside the European Union. Mobire will thereat ensure the comprehensive security of your personal data, above all proceeding from the EU-US Privacy Shield Framework or by implementing other data protection measures required by legislation.

 

What are the rights of Customers and other persons that we ensure when processing personal data?

  • Persons have the right to receive information from Mobire concerning their processed personal data, as well as their purpose of use, types, and sources. Persons have the right to receive copies and extracts from the processed personal data.
  • Persons have the right to demand that Mobire correct or supplement the Data if the Data is incorrect or incomplete.
  • You have the right to demand the deletion of Data unless the right and obligation to process data arises from legislation. The processing of personal data will not be stopped if it would be in contradiction with the obligation to process personal data or there is another basis for continuing processing. It is also important to note that stopping the processing of personal data may prevent the provision of services to you. Above all, you have the right to demand to stop the processing of personal data and the deletion of data if:
  • personal data is no longer required for the purpose for which Mobire processed it;
  • you withdraw the consent given for processing and there are no other legal grounds for the processing of personal data;
  • you file a complaint against the processing of personal data and there are no predominant legitimate reasons for processing;
  • personal data has been processed illegally;
  • personal data must be deleted in order to perform a legal obligation.
  • In relevant instances, you have the right to demand the restriction of the processing of personal data or file a complaint against such processing of personal data.
  • Persons have the right to demand that decision-making based on automated processing be ceased.
  • You may grant your consent for the processing of personal data for direct marketing or other marketing purposes, you may refuse to grant such consent, or withdraw your consent at any time.
  • You have the right to request the transfer of personal data being processed. The Data will be submitted to you via e-mail in a machine-readable file. You are also entitled to request the transfer of the data being processed to another controller.
  • You have the right to address the Data Protection Inspectorate or have recourse to the courts and demand that the use of Data that does not comply with legislation is ceased and demand for compensation for damage.
  • Mobire will respond to any filed complaints and claims within one month at the latest.

 

Amendment of the privacy policy

Mobire reserves the right to amend the privacy policy. The terms and conditions provided herein will be amended above all (but not exclusively) in order to comply with legislation related to data protection. Upon the amendment of the privacy policy, the relevant new terms and conditions will be available on the Website. Mobire will inform Customers of any amendments to the privacy policy via e-mail.

The privacy policy is effective from 10.06.2021.