Mobire Privacy Terms

Effective as of 09th of October 2023

Mobire Eesti AS and other companies belonging to the Mobire group (“Mobire”) process client data primarily to offer full-service Vehicle rental services to private and legal entities.

In the Privacy Terms, we explain how Mobire protects and processes Client data and what are the rights and obligations of Us, Our Clients, and Website Visitors.

The Mobire Privacy Terms (hereinafter referred to as the “Privacy Terms”) are part of all contracts of the companies belonging to the Mobire group and apply to all Mobire Website Visitors who view the services, send inquiries, and ask for offers through the Website or other contact channels. By using Mobire’s services and options, we consider that you accept the principles of data processing describedhereinafter in the Privacy Terms.

1. Definitions

„Data Subject“ is an identified or directly or indirectly identifiable natural person whose Client Data is processed by Mobire, e.g. Mobire Client and Website Visitor, cooperation partners, other contractual service providers and employees (including board members).

„Client“ is a person or his representative who uses Mobire’s services, e.g. the lessee of a vehicle, the lessee’s representative or another person who has entered a contract with Mobire, as well as the Visitor of the Website.

„Client Related Person“ is a person whose Client Data is processed by Mobire for the fulfillment of the service contract, e.g. the user of the Vehicle.

„Visitor“ is a person who visits the Mobire Website or is otherwise interested in Mobire’s services.

„Customer Data“ is all data, including personal data, that becomes known to Mobire in connection with the Data Subject’s interest in or use of Mobire’s services.

„We, Us or Our“ isMobire.

„Website“ is Mobire’s website and its subdomains.

2. Obtaining and collecting Customer Data

2.1. Mobire receives Client Data when the Data Subject submits inquiries to Mobire, asks for offers and concludes a rental or other contract. Also, if the Data Subject comments, likes, or shares
posts on Mobire’s social media accounts. Or if the Data Subject subscribes to Our newsletter.

2.2. Mobire collects Client Data when the Data Subject contacts Mobire via the Website, e-mail, or telephone, as well as in direct communication and meetings. Mobire can receive Client Data
about the Data Subject from cooperation partners based on the priorly given consent by the Data Subject

2.3. Mobire may collect Client Data about the Data Subject from third parties (credit information and payment default databases, etc. registers).

2.4. Client Data regarding Users of the Vehicle can be obtained from the Lessee of the Vehicle or its representative. Mobire also receives Client Data of persons connected to the Vehicle from
national registers and offices.

3. Purpose of processing Client Data

3.1. Mobire ensures that there is always a legal basis for the processing of Client Data. As usual, theprocessing of Client Data is based on the person’s consent, contract, or law. Mobire may also
process Client Data based on legitimate interest (e.g. to prevent and detect fraud).

3.2. Mobire’s main purposes in processing Client Data are the following: creation of a customer relationship, the execution and termination of concluded contracts, the fulfillment of obligations
stipulated in legislation, better service to the Data Subject, making offers, analyzing the usability of services, and developing new services.

3.3. Mobire processes Client Data if processing is necessary for the said purposes in clause 3.2. On this basis, Mobire processes Client Data as follows:

3.3.1. for submitting offers, concluding, and fulfilling rental and other contracts;

3.3.2. for mediation of services covered by full-service rental (maintenance, tire changes, emergency assistance, insurance, and other services), i.e. transfer of Client Data to a third party;

3.3.3. to identify the identity of the Data Subject or its representative when concluding and executing the contract;

3.3.4. to perform the activities necessary for the provision of services to the Data Subject, including the purchase and sale of a Vehicle, registration in the traffic register, technical maintenance, tire change, use of a fuel card, emergency and insurance service and the organization and provision of other services;

3.3.5. for the services of Mobire and service providers for the calculation of brokerage and service fees, formulating and issuing invoices and payment schedules, checking receipts, and storing payment information in the database;

3.3.6. for transmitting information related to the use of services and for other activities necessary for the provision of services.

3.4. Mobire processes Client Data if the processing is necessary to fulfill Mobire’s legal obligation. On this basis, Mobire processes Client Data as follows:

3.4.1. for the exchange of information related to the provision of services and business activities, for the documentation of business activities (e.g. the transfer of information to fulfill the obligations imposed on Mobire by legislation, etc.; assess and prevent business risks and losses (depending on the exact circumstances, this may also take place based on legitimate interest);

3.4.3. We prevent money laundering and terrorist financing and fulfill our obligations arising from both international and domestic applicable law and international agreements;

3.4.4. to fulfill the accounting obligation.

3.5. Mobire processes Client Data if the Data Subject has given consent to process his Client Data for one or more specific purposes. The Data Subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal. On this basis, Mobire processes Client Data as follows:

3.5.1. for receiving inquiries and sending responses via Mobire’s Website and electronic solutions;

3.5.2. The Data Subject can give Mobire the right to provide him with information about Mobire’s products and services (direct marketing offers). If the Data Subject wishes
to receive Mobire’s direct marketing offers, he can give his consent to this on Mobire’s Website during the transfer of Client Data. Giving consent is voluntary and Data Subject has the right to withdraw consent at any time;

3.5.3. Mobire may also process Client Data in other purposes based on Client’s consent, e.g. by conducting consumer games. The purpose of processing the Client’s Data is specified during the consent process.

3.6. Mobire processes Client Data if the processing is necessary for the legitimate interest of Mobire or a third party unless such interest is outweighed by the interests or fundamental rights and freedoms of the Data Subject. On this basis, Mobire processes Client Data as follows:

3.6.1. to create and store logs, eliminate errors, and store Client data related to the contract (including using cloud services);

3.6.2. to improve Mobire’s services and the Data Subject’s user experience;

3.6.3. to assess and prevent business risks and losses (depending on the exact circumstances, this may also be done for the purpose of fulfilling a legal obligation);

3.6.4. to check the Data Subject’s background, payment defaults and payment behavior to make decisions about concluding a Vehicle Rental Contract;

3.6.5. the collection of Client Data is also necessary to prevent and avoid fraud;

3.6.6. to improve and develop the quality of customer service, to measure usage activity and the satisfaction of the Data Subject. Mobire may combine Client Data collected by providing different services if they are collected for the same purpose;

3.6.7. for the protection of violated or contested rights of Mobire and debt collection, including the transfer of Client Data (name, personal identification number, date of birth, place of residence, e-mail address, phone number, term of obligation, amount of debt) to a lawfirm and debt collection company, including to the register of payment defaults in the event of a payment default exceeding 30 calendar days until the debt is paid;

3.6.8.  to keep Mobire’s technical applications up-to-date and to make them more efficient, to ensure the integrity and security of Client Data, for IT developments through testing and improving services

4. Protection of Client Data

4.1. Mobire makes its best efforts to secure and protect Client Data. We protect Client Data with strict security and confidentiality rules, using organizational, physical and information technology security measures to ensure the integrity, availability, and confidentiality of Client Data. The protection of IT infrastructure, computer and communication networks, technical
equipment, employees, offices, and information is covered by the mentioned measures, with the aim of ensuring an up-to-date level for mitigating risks and preventing threats of leakage
and loss of Client Data.

4.2.We ensure the processing of Client Data in accordance with legislation and good business practices

4.3. We have regulated the protection of Client Data with Mobire’s internal principles of protection and processing of Client Data. Only those employees who need it to perform their duties have
access to Client Data.

4.4. Mobire has signed contracts with third party service providers to ensure compliance with the rules and protection of Client Data, being itself responsible for their proper processing of Client Data.

5. Sharing of Client Data

5.1. . Mobire shares Client Data in the following cases:

5.1.1. bases of the legitimate interest to Mobire’s parent company Inbank AS for business and risk management of companies belonging to the group;

5.1.2. in cases prescribed by legislation, to authorities (e.g. law enforcement bodies, state offices and supervisory authorities) upon request;

5.1.3. to legal and financial consultants, auditors, debt collection companies and other authorized processors, if this is necessary for the provision of Mobire’s service, fulfillment of obligations and protection of its rights;

5.1.4. to third party service providers, including Vehicle purchase and sale, technical maintenance, tire change, fuel sales, emergency service and other service providers, as well as Mobire support service providers, with the aim of offering and providing the best services.

5.2. If Mobire uses authorized processors in the processing of Client Data, Mobire establishes contractual instructions based on which the authorized processors must process Client Data.

6. Storage of Client Data

6.1. Mobire does not process Client Data longer than necessary. Mobire stores Client Data until the purpose of its use is fulfilled. Client Data collected before the conclusion of the contract is stored for a maximum of 1 (one) year after the request from the Data Subject to make an offer. In general, Mobire stores Client Data during the validity of the contract and for 10 years after the
termination of the contract.

6.2. Mobire can store Client Data longer than the Data Subject has given his consent to store Client Data. In this case, Client Data will be stored until consent is withdrawn

6.3. If the processing of Client Data takes place to fulfill the obligations prescribed by legislation (e.g. obligations arising from accounting), the Client Data is stored in accordance with the deadlines prescribed by legislation. For example, due to the Accounting Act, the original accounting documents are kept for seven years from the end of the financial year when the economic
transaction was recorded in the accounting register based on the original document.

6.4. If Mobire transfers Client Data to another data controller, the Client Data recipient sets the Client Data storage terms.

6.5. Mobire generally ensures the processing and storage of Client Data in the territory of the European Union. Mobire may also use authorized processors whose servers are located outside
the European Union. In doing so, Mobire ensures the comprehensive security of Client Data, based, among other things, on the new decision on the adequacy of the protection of secure and reliable data flows between the EU-US (EU-U.S. Data Privacy Framework) or by implementing other Client Data protection measures required by legislation.

7. Ensuring the rights of the Data Subject when processing Client Data

7.1. The Data Subject has the right to receive information from Mobire about the Client Data processed about the Data Subject, the purposes of their use, types, and sources. The Data Subject has the right to receive copies and extracts of the processed Client Data.

7.2. The Data Subject has the right to require Mobire to correct or supplement the Client Data if the Client Data is incorrect or inaccurate.

7.3. The Data Subject has the right to demand the deletion of Client Data, except if the right and obligation to process Client Data derives from legislation. The processing of Client Data will not
be terminated if it conflicts with the obligation to process Client Data or if there is another basis for continuing processing. It is also important to note that stopping the processing of Client Data may prevent the provision of services to the Data Subject.

7.4. The Data Subject has the right to demand the termination of the processing of Client Data and the deletion of Client Data if:

7.4.1. Client Data is no longer needed for the purpose for which Mobire processed it;

7.4.2. the Data Subject withdraws the consent given for processing and there is no other legal basis for processing Client Data;

7.4.3. the Data Subject objects to the processing of Client Data and there are no overriding legitimate reasons for the processing;

7.4.4. Client Data has been processed illegally;

7.4.5. Client Data must be deleted to comply with a legal obligation.

7.5. In the relevant case, the Data Subject has the right to request restriction of the processing of Client Data or to object to the processing of such Client Data.

7.6. The Data Subject has the right to request the termination of decision-making based on automated processing.

7.7. The Data Subject may consent to the direct marketing of Client Data or other marketing purposes and may refuse such consent and withdraw consent at any time.

7.8. The Data Subject has the right to request the transfer of the processed Client Data. Client Data is transmitted to the Data Subject as a machine-readable file by e-mail. The Data Subject has the right to also demand the transfer of processed Client Data to another data controller.

7.9. The Data Subject has the right to apply to the Data Protection Inspectorate or to the court, to demand the termination of the use of the Clients Data that does not comply with the legislation
and compensation for damages.

7.10. Mobire responds to the objections and requirements submitted by the Data Subject within one month at the latest from the receipt of the objection or demand.

8. Modification of Privacy Terms

8.1. Mobire reserves the right to unilaterally change these Privacy Terms.

8.2. The Privacy Terms are modified primarily (but not exclusively) to comply with applicable legislation.

8.3. The updated version of the Privacy Terms shall be published on the Website of Mobire.