Privacy policy of Mobire Eesti AS

Privacy policy of Mobire Eesti AS

Mobire Eesti AS, registry code 10814092, registered address Mäealuse 2/3, Tallinn, e-mail info@mobire.ee, (hereinafter ‘Mobire’) processes personal data primarily for the purpose of providing full-service rental services.

  • In this privacy policy, we explain how we protect and process personal data, as well as what the rights and obligations of Mobire, our customers, and the visitors of our website are.
  • We protect and process personal data on the basis of applicable legislation, including the European Union General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter ‘GDPR’).
  • This privacy policy is a part of all agreements concluded with Mobire and applies to all activities of the visitors of our website www.mobire.ee, including the making of enquiries and requests for offers via the website. By using these services and features, you agree to the data processing rules set out in this privacy policy.

Definitions

  • ‘Person’ means a customer, a person associated with a customer, or a visitor.
  • ‘Customer’ means a person or a representative of theirs who uses Mobire’s services (vehicle renter, renter’s representative, or other person who has concluded an agreement with Mobire).
  • ‘Person linked to a customer’ means a person whose data are processed by Mobire for the performance of the service agreement (e.g., a user of the vehicle).
  • ‘Visitor’ means a person who visits Mobire’s website or is interested in Mobire’s services.
  • ‘Data’ means information about a person, including personal data, that becomes known to Mobire in connection with a customer’s use of or interest in Mobire’s services.
  • ‘Us’, ‘we’, etc. refers to Mobire.
  • ‘The website’ means the website www.mobire.ee.
  • Use of the singular in the case of any of these terms also includes the plural.

How we collect personal data

  • Mobire receives personal data whenever a person submits enquiries to Mobire, requests offers, or enters into a rental agreement or other agreement with Mobire.
  • Mobire collects personal data whenever a person contacts Mobire via the website, by e-mail, or by phone, as well as when meeting and communicating directly. Mobire may receive data about a person from partners, if the person has consented to this.
  • Mobire may collect data about a customer from third parties (from the Krediidiinfo database, data controller: Creditinfo Eesti AS; from public registers such as Ametlikud Teadaanded, etc.).
  • Mobire collects data about vehicle users from the renter or their representative. Mobire collects data about persons linked to a vehicle from the Road Administration.

Why and on what grounds we use personal data

Mobire makes sure that there is always a legal ground for processing personal data. Generally, personal data are processed on the basis of the consent of the person, an agreement, or law. Mobire may also process personal data on the basis of its legitimate interest (e.g. to prevent and detect fraud). In the following, we describe in greater detail why and on what grounds Mobire uses personal data.

Mobire processes personal data where these data are necessary for the performance of an agreement to which the data subject is a party or for taking pre-contractual measures as per the request of the data subject. On this ground, Mobire processes personal data:

  • for submitting offers and entering into and performing rental and other agreements;
  • for providing services under a full-service rental agreement (maintenance; tyre changes; emergency, insurance, and other services);
  • for identifying the customer or their representative when entering into or performing an agreement;
  • for performing operations that are necessary for providing services to the customer, including purchase and sale of vehicles, registration of vehicles in the traffic register managed by the Road Administration, technical maintenance, tyre changes, use of a fuel payment card, as well as organising and providing emergency, insurance, and other services;
  • for calculating commissions and service fees for services provided by Mobire and other companies, drawing up and issuing invoices and payment schedules, verifying receipt of payment, and storing payment information in databases;
  • for transmitting information about the use of services and for performing other operations necessary for providing services.

Mobire processes personal data where such data are necessary to fulfil Mobire’s legal obligations. On this ground, Mobire processes personal data:

  • for exchanging information in connection with business operations and provision of services, as well as for documenting business activities (e.g., transmission of information for the fulfilment of Mobire’s legal obligations, etc.);
  • for assessing and preventing business risks and damage (depending on the circumstances, this may also fall under legitimate interest);
  • for fulfilling accounting obligations.

Mobire processes personal data where the data subject has consented to the processing of their personal data for one or more specific purposes. Data subjects have the right to withdraw their consent at any time. However, withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal of consent. On this ground, Mobire processes personal data:

  • for receiving and answering enquiries via Mobire’s website and electronic solutions;
  • for sending offers. A person may grant Mobire the right to send them information about Mobire’s products and services (direct marketing offers). Persons who wish to receive direct marketing offers from Mobire can consent to this in the course of submitting data via Mobire’s website. Granting consent is voluntary and granted consent may be withdrawn at any time;
  • Mobire may also process personal data in other cases with consent. The purpose of the processing will be specified during the process for granting consent. Any consent granted for processing is purely voluntary and persons may withdraw their consent at any time.

Mobire processes personal data where such data are necessary for protecting the legitimate interests of Mobire or a third party, unless such interest is outweighed by the interests or fundamental rights and freedoms of the data subject. On this ground, Mobire processes personal data:

  • for creating and maintaining logs, correcting errors, and storing data related to agreements (incl. through cloud services);
  • for improving Mobire’s services and the user experience of customers and visitors;
  • for assessing and preventing business risks and damage (depending on the circumstances, this may also fall under fulfilment of legal obligations);
  • for investigating a customer’s background, data, payment defaults, and payment behaviour to make informed decisions regarding entry into a vehicle rental agreement. Data collection may also be necessary to prevent and detect fraud;
  • for improving the quality of customer service, as well as for measuring user activity and customer satisfaction. Mobire may combine data collected through the provision of different services, provided that the data have been collected for the same purpose;
  • for protecting Mobire’s violated or contested rights and for collecting debts, including for transmitting data (name, personal identification code, place of residence, e-mail address, phone number, maturity of the liability, amount of the debt) to a law firm or collection agency, including to a register of payment defaults in the case of a debt unpaid for more than 30 calendar days, until the payment of the debt;
  • for keeping Mobire’s technical applications up-to-date and effective, for ensuring data integrity and security, and for developing IT solutions through testing and improvement of services.

Types of personal data we collect

For the purposes listed above, Mobire processes the following types of data:

  • names and contact details (for making offers);
  • data from the analysis performed prior to starting a business relationship with a customer, including data collected from the Krediidiinfo database (data controller: Creditinfo Eesti AS) and the customer’s bank statement;
    personal identification code, date of birth, place of residence, e-mail address, communication numbers, customer contacts, identity document number, bank statement, invoice and payment details, language of communication, field of activity, and communication channels of customers and their representatives;
  • name, personal identification code or date of birth, e-mail address, and communication numbers of a person linked to a customer, name of the insured asset, its registration number and other registry data, characteristics, age, condition, and any other information about the asset that is necessary for concluding an insurance agreement;
  • data about the use of Mobire’s services by a customer: data about the commencement and period of use of services, data about the customer’s agreement, amendments to the agreement, termination of the agreement, orders, offers and declarations of intent relating to agreements, data about invoices, payments, and incidents of damage, data about choices and activities in electronic channels, log data, data collected using cookies, data about the payment discipline of the customer, and other data concerning the use of Mobire’s services.

How we protect your personal data

We make extensive efforts to ensure the security and protection of your data. We protect personal data through strict security and confidentiality rules, and we implement organisational, physical, and IT security measures to ensure the integrity, availability, and confidentiality of the data. These measures are implemented for the protection of IT infrastructure, computer and communication networks, technical equipment, staff, offices, and information, with a view to ensuring an up-to-date level of prevention of risks and threats of data leakage and loss.
We guarantee the processing of your data in accordance with legislation (e.g., the GDPR) and good business practices.
Our data protection activities are governed by Mobire’s internal data protection rules. Personal data are only accessible to employees who need the access to perform their job duties.
Mobire has entered into agreements with service providers to ensure compliance with the personal data protection rules, while assuming liability for the appropriate processing of personal data by such service providers.

Who we share your personal data with

Mobire shares data with the following third parties in the following cases:

  • with public authorities (e.g., law enforcement agencies, the Financial Intelligence Unit, courts, bailiffs, tax authorities, supervisory authorities), at their request;
  • with legal and financial advisors, auditors, debt collection agencies, and other data processors, where necessary for the provision of Mobire’s services, fulfilment of Mobire’s obligations, or protection of Mobire’s rights;
  • with service providers, including providers of vehicle purchase and sales, technical maintenance, tyre change, fuel sales, emergency, and other services, as well as companies providing support services to Mobire, for the purpose of offering and providing the best possible service to customers.
  • Mobire processes the personal data of customers, persons linked to a customer, and other persons as a data controller by establishing contractual instructions that must be complied with by service providers (data processors) when processing personal data.

Data retention

  • Mobire does not process data for any longer than is deemed necessary. Mobire retains the data only until the purpose of use thereof has been achieved. Data collected prior to entry into an agreement shall be retained for a maximum of one year after receipt of a request for an offer from the customer. Mobire generally retains personal data for the duration of the agreement, along with ten years after the termination of the agreement.
    Mobire may retain personal data for longer, if the person has consented to the retention of their data. In such a case, the personal data shall be retained until withdrawal of the consent.
  • Personal data that are processed for the fulfilment of obligations arising from law (e.g., accounting obligations) shall be retained in accordance with the time limits prescribed by law. For example, the Accounting Act provides that accounting source documents must be retained for seven years as of the end of the financial year when the relevant business transaction was recorded in the accounting journals and ledgers on the basis of the source document.
  • If Mobire transmits personal data to another data controller, the data retention period is set by the recipient of the data.
    Mobire generally ensures the processing and retention of data in the territory of the European Union. However, Mobire may also use the services of data processors whose servers are located outside the European Union. In such cases, Mobire ensures the security of your personal data on the basis of, inter alia, the EU–US Privacy Shield Framework or by implementing other data protection measures required by law.

Rights guaranteed to customers and other persons when we process personal data

  • A person has the right to receive information from Mobire about the personal data relating to them that are processed, including the purposes of use, types, and sources of the data. A person has the right to receive copies of and extracts from the personal data being processed.
  • A person has the right to request Mobire to correct or supplement the data if such data are incorrect or inaccurate.
  • You have the right to request the erasure of your data, unless the right and obligation to process the data arises from law. The processing of personal data shall not be terminated where this would be in conflict with the obligation to process the personal data or if there are other grounds for continuing the processing. Please note also that terminating the processing of personal data may prevent the provision of the relevant service to you. In particular, you have the right to request the termination of the processing of your personal data and the erasure of the data, if:
    • the personal data are no longer needed for the purpose for which they were processed by Mobire;
    • you withdraw your consent to the processing and there is no other legal ground for the processing of the personal data;
    • you object to the processing of the personal data and there are no overriding legitimate grounds for the processing;
    • the personal data have been processed illegally;
    • the personal data must be deleted in order to fulfil a legal obligation.
  • Where relevant, you have the right to request the restriction of the processing of your personal data or to object to the processing of your personal data.
  • You have the right to request the termination of decision-making based on automated processing.
  • You may consent to the processing of your personal data for direct marketing or other marketing purposes, and you may refuse to grant such consent or withdraw your consent at any time.
  • You have the right to request the transmission of the personal data being processed. The data shall be sent to you as a machine-readable file by e-mail. You also have the right to request that the data being processed be transmitted to another data controller.
  • You have the right to contact the Data Protection Inspectorate or turn to the court, and to demand the termination of non-compliant use of data and seek compensation for damage.
    Mobire shall respond to submitted objections and claims within one month.

Changes to the privacy policy

Mobire reserves the right to make changes to this privacy policy. Most (but not all) changes to the privacy policy are made for compliance with data protection legislation. When changes are made to this privacy policy, the new policy shall be published on the website. Mobire shall notify customers of any changes to the privacy policy by e-mail.

This privacy policy is valid from 6 September 2020.