Data protection

The main changes at a glance:

• Article 1:: Supplement for business customers and organisation 

• Article 3a: Clarification of driving licence details for legal entities 

• Article 3b (new litres) : Regulation of the processing of data that Mobility receives from business customers, organisations and vehicle pools

• Article 4a: Upon conclusion of the contract, an address check can be carried out via Swiss Post 

• Article 4k: Wording of the text simplified. Regulation on the wallet solution is explained as a separate litre l.

• Articles 4o and p (new literae): explains the disclosure of personal data to the respective business customer or Organisation and vehicle pool 

• Further textual corrections were made, e.g. as Writing style. These will not result in any changes to the content.

1. SCOPE

This Privacy Policy uses the same terms as the GTC.

This privacy policy applies to customers (including business customers and organisations) who use Mobility’s products, services, offer and/or vehicles.

Customers accept this privacy policy when they first register with Mobility.

The latest version of the Privacy Policy, which can be found on Mobility’s website, applies. 

The German version of the privacy policy is authoritative.

2. SECURITY OF COLLECTED CUSTOMER DATA

Mobility protects the customer data it collects with appropriate security measures and on secure servers.

The data that Mobility processes and the Mobility app itself are protected against loss, destruction and manipulation as well as against access, alteration and dissemination by unauthorised parties by appropriate technical and organisational measures.

3. DATA COLLECTED AND PURPOSE OF USE

a. Registration and account of customers and other users
Registration with Mobility requires the storage/transmission of data (including personal data) after acceptance of the GTC, the privacy policy and any other contractual components, in particular of:

• First name, surname

• Date of birth

• Home address

• Telephone numbers

• E-mail addresses

• Driving licence details (including place of origin and nationality) 

• Language of correspondence

• Information on payment methods  

• IP address, channel and date of registration, date of acceptance of the GTC and privacy policy and any other contractual documents such as e.g. as accepting the exchange of data via SwissPass 

• Information on the creditworthiness according to the credit rating company (Intrum AG, CHE-104.502.525). Mobility requires this data for the purpose of concluding the contract and processing the reciprocal contractual services.

• For legal entities: UID number, company, address, telephone numbers, email addresses, VAT number, contact persons (including contact details), any driving licence details of all authorised users with personal access medium (including place of origin and nationality), language of correspondence, personnel numbers, cost centres

Mobility may request access to the smartphone’s camera for the purposes specified by it (e.g. checking the driver’s licence or identity card, documenting damage, etc.) and the customer is obliged to grant this access.

The data stored is primarily used to process benefits and communicate between Mobility and the customer.

b. Processing of data received by Mobility from business customers, organisations and vehicle pools
Mobility can collect personal data from its business customers, organisations and vehicle pools (cf. Section 3 lit. a) from employees or authorised users. Mobility processes these, in particular to determine whether the persons in question are already contractual partners of Mobility and are entitled to use them.

c. Use of a vehicle
Mobility collects and processes usage data, vehicle data and data on the driving behaviour of drivers insofar as this is necessary for the purpose of executing the agreement or safeguarding Mobility’s rights, in particular to prove and prosecute breaches of contract and/or criminal offences and to improve Mobility’s offer. The Mobility app collects data on user behaviour, such as booking behaviour, device login details, app version, device type, booking requests, current station, date and time of last login.

The vehicles may also have functions that enable Mobility to collect, process and use location data (GPS) as well as information about the vehicle’s condition, such as the lock, speed, sensor data or the activation of a guard mode. This may also apply to data transmitted to Mobility by platforms for these purposes.

The manufacturers of the vehicles and of vehicle components (original equipment manufacturers) also collect data. Mobility has no control over the relevant collection and use of data and refers to the privacy policies of the manufacturers. 

It is possible that the customer’s smartphone connects to a vehicle’s communication system and transmits data to the vehicle. This is at the customer’s own risk, especially if the data is stored in the vehicle. Mobility accepts no liability in connection with this data. 

d. Contact 
Mobility may record electronic and/or telephone communications with customers and all departments, in particular for quality assurance purposes, for training purposes and/or to reconstruct the situation in the event of a complaint.
Mobility offers a number of channels to get in touch with her. Personal data is collected when the customer makes it available for the purpose of using Mobility services.

e. Use of Third-Party Products and Services
Mobility works in various areas (e.g. Payment processing) with third parties with whom the customer enters into an independent contractual relationship independent of Mobility. 
Mobility has no control over the data collected and used by these third parties and refers to their privacy policies. Cf. in all other respects also Section 3 lit. c) and Sections 4. 

f. Use of the Mobility website and the Mobility app
Mobility collects and uses data generated, transmitted or disclosed by customers when they use the Mobility website and/or the Mobility app.
When customers use the Mobility website or the Mobility app, cookies and other identification technologies are used, which include: serve the authentication of users, the storage of user settings and the analysis of these channels.
Further information can be found at Section 5 “Cookies and web analysis” and Section 6 “Social plugins” to be found. 

g. Newsletters 
Customers can subscribe to the Mobility newsletter. By registering for the newsletter, customers consent to Mobility using their contact details for advertising purposes, e.g. as to send e-mails of an advertising nature, invitations to events and to deliver customer-specific advertising. 
Mobility is entitled to commission third parties with the technical handling of its advertising measures and to pass on customer data to third parties for this purpose. The customer’s email address will be used for advertising and marketing purposes until the customer withdraws their consent. They can revoke their consent at any time and at the same time (compulsory) unsubscribe from the newsletter by unsubscribing via the unsubscribe link at the end of the respective newsletter.

h. Surveys
During surveys, the data that customers disclose voluntarily are collected in direct contact with them.

This data is collected and analysed in anonymised form by Mobility or an external market research institute.

4. DISCLOSURE OF DATA TO THIRD PARTIES FOR THE PURPOSE OF DATA PROCESSING BY THIRD PARTIES

Mobility is entitled to collect and process customer data (including personal data) and create corresponding data collections for the purpose of concluding the contract, processing reciprocal contractual services and communicating (cf. Sections 3).

Trading in client personal data is excluded. 

Mobility only discloses its customers’ personal data to third parties in connection with its business activities, namely as follows:

a) For the conclusion and processing of the contract (including verification and updating), to the credit, creditworthiness and debt collection company domiciled in Switzerland, to Swiss Post and to Swiss road traffic authorities.

b) to “Soft and hardware companies domiciled in Switzerland” for the purpose of verifying the identity of the customer and/or their driving licence and optimising the technology used.

c) To verify contact details at Swiss registration offices.

d) At the instigation of customers (e.g. to customer contacts or in connection with the use of certain features or social media).

e) For marketing purposes and market research for Mobility and other companies active in the field of individual mobility services, in particular in the areas of shared mobility, for operators of public transport and complementary services, and for events.

f) If Mobility is confronted with claims arising from the behaviour of the customer after Mobility has informed the customer as much as possible (e.g. to private parking space owners).

g) To Swiss authorities in accordance with the statutory provisions or by official order.

h) To safeguard the legitimate interests of Mobility (e.g. if there is a risk of claims against Mobility by third parties or authorities).

i) To identify and process enquiries from customers when contacting them via all Mobility communication channels.

j) To promote, design, improve and further develop Mobility products and services incl. of the vehicles.

k) For payment processing with debit/credit cards: When paying by debit/credit card, Mobility forwards the customer’s card and personal data (first name/surname, email address, home telephone number, business telephone number, mobile number) via Mobility’s payment service provider (Datatrans) to the customer’s card issuer. The transmission is carried out solely for the purpose of authorisation and transaction processing and in encrypted form. If customers decide to pay by card, they will be asked to enter all mandatory information (payment card type, payment card number, CVC2/CVV2, expiry date, first name, surname). Under certain circumstances, it may be necessary to register as an Eligible Cardholder, e.g. as with the 3DSecure procedure.

l) For payment processing with wallet solutions (e.g. Twint): In the case of wallet payment solutions, the customer’s card details have been stored securely in the wallet beforehand. If customers decide to pay with a wallet solution, payment card information usually no longer needs to be entered. Only the data required for authorisation and transaction processing are transferred via the wallet.

m) To settle claims (/damage) with the insurance company with which Mobility works or third-party insurance companies through direct contact or by means of the accident report.

n) For processing in the context of the above Sections 3 and this Sections 4, insofar as this is not done by Mobility itself.

o) To business customers: Mobility is entitled to transfer personal data about authorised employees of business customers to the relevant department of business customers, incl. Details of journeys for business purposes and information as to whether employees of business customers are authorised to use Mobility (stating their name). The latter can serve to simplify the onboarding process for employees of business customers both at Mobility and for business customers.
Mobility may also provide business customers with anonymised data on authorised employees and their use of Mobility products, insofar as the information may be relevant for the performance of contracts between Mobility and the business customer. This is without prejudice to internal regulations of business customers over which Mobility has no control.

p) To organisations and vehicle pools: Mobility may provide organisations and vehicle pools with anonymised data about the Authorised Users they have procured and their use of Mobility products, insofar as the information may be relevant for the performance of contracts between Mobility and the business customer. 

If Mobility passes on data to third parties who process customer data on its behalf, Mobility ensures that the third parties only process customer data in the same way as Mobility itself is permitted to process it.

Mobility also discloses customer data to third parties based abroad. The countries are: France, Germany, India, Ireland, Italy, the Netherlands, Spain and the United Kingdom.

5. COOKIES AND WEB ANALYTICS

The Mobility website and the Mobility app use Google Analytics, a web analysis service provided by Google Inc. (“Google”).

Google Analytics uses so-called “Cookies”.

The information generated by cookies about your use of Mobility’s website (including your IP address) is transmitted to a Google server in the USA and stored there. Google uses this information for the purpose of evaluating the use of the website by customers, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also share information with third parties.

Customers can prevent the installation of cookies by selecting the appropriate settings in their browser software; in this case, customers may not be able to make full use of some functions of the website.

Customers can find more information about Google and its privacy policy at: https://policies.google.com/privacy.

Mobility uses a Google Analytics function for its website and the Mobility app, which is based on Google display advertising. Visitors to the Mobility website can deactivate the Google Analytics functions for display advertising and display network ads by clicking on the following link: https://adssettings.google.com/anonymous?hl=en.

Mobility also uses other third-party services that use trackers and/or cookies. Mobility is not responsible for the data processing by these third parties. Customers are free to change the privacy policies of the relevant services (e.g. Facebook, Pixel or Bing Ads).

Customers can prevent the use of trackers/cookies by such third parties via the browser settings if necessary.

6. SOCIAL PLUGINS

The Mobility website uses social plugins (“Plugins”) of social networks (e.g. facebook.com and youtube.com). The plugins can be identified by their logo or the corresponding social network. The plugins allow customers to bookmark these pages and share the bookmarks with other people who use social networks.

When customers visit a page on the Mobility website with plugins, the browser establishes a direct connection to the servers of the social network. The embedded plug-ins inform the social network that the customer has accessed the corresponding page on Mobility’s website. If the customer is logged into the social network, the visit can be assigned to the corresponding account of the social network. If customers interact with plugins, for example by clicking on a Facebook “Like” button or entering a comment, the corresponding information is transmitted from the browser directly to the social network and stored there. Even if the customer is not logged into the social network, it is possible that the plugin transmits the IP address to the social network.

Mobility has no influence over the data collected by the plug-ins or the purpose and scope of the associated data processing. Information about the purpose and scope of data processing by the social networks as well as the related rights and setting options to protect the user’s data can be found in the privacy policies on the websites of the social networks. Further information on plugins and the privacy policies of the social networks can be found in the privacy policies of the respective social networks (e.g. Facebook, YouTube, Twitter, Instagram, etc.).

If customers do not want a social network to assign the data collected via the Mobility website to their social network account, they must log out of the relevant social network before using the Mobility website.

Mobility uses Google Enhanced Conversions to measure the effectiveness of its marketing campaigns. Enhanced Conversions improves conversion tracking by adding hashed first-party conversion data from Mobility’s website to existing conversion tags. The first-party data is hashed (pseudonymised) before being transmitted to Google Ads.

The Mobility website uses Google Consent Mode, a Google feature, to ensure compliance with data protection regulations and cookie consent regulations (cf. Sections 5). Google Consent Mode enables Mobility to take account of users’ consent settings, in particular in connection with the use of Google products such as Google Analytics and Google Ads.

7. RETENTION PERIOD

The duration of the storage of the data depends on the purpose for which it is used. Data is only retained for as long as is necessary for business purposes and proportionate.

Data that Mobility is obliged to retain for a certain period of time due to legal requirements (e.g. as a result of documentation and retention obligations for accounting or tax documents), are retained at least for the statutory retention obligation.

8. RECTIFICATION AND DELETION OF PERSONAL DATA

The customer can correct/update the personal data transmitted to Mobility at any time or if Mobility is not required to retain it for legal reasons.

If customers wish to have their personal data deleted, they can do so by sending an email to data(at)mobility.ch with the subject line “Delete personal data” and a description of the request.

Mobility does not delete any data that it only collects and stores in anonymised form and/or that can only be attributed to a particular customer with disproportionate effort.

9. CHANGES TO THE PRIVACY POLICY

Mobility reserves the right to amend this privacy policy at any time. Changes (including the loss of rights and/or benefits) shall not give rise to any right of termination on the part of customers.

Changes shall be communicated to the client in an appropriate form and shall be deemed to have been approved by the client from the communicated change date.

Changes to the data protection provisions of third parties are beyond Mobility’s control and are not communicated by Mobility.