PRIVACY POLICY

v0.1

With this Privacy Policy we, ("we" or "Bond Mobility AG""), wish to explain to you ("you" or the "User") how and why we collect and use your personal data when you use our BOND application and its related services (together the "Application and "Website"; more information on what these related services are, can be found in the Terms and Conditions).

Your privacy is very important to us, so we wish to be very clear on what we intend to do with your personal data. The privacy policy adheres to Swiss data protection regulations and acknowledges EU data protection law to the necessary degree. If you have questions regarding this Privacy Policy or anything explained herein, please do not hesitate to contact us.

We ask you to read this Privacy Policy as well as the terms and conditions of our Application (“Terms and Conditions”; you can consult them here) carefully, because they are both an integral part of our relationship with you.

Please note: this Privacy Policy only covers the collection and use of your personal data by Bond Mobility through the Application and through the website. It does not apply to:

1. WHO IS RESPONSIBLE?

Short: We, Bond Mobility, are responsible for the collection and use of your personal data via the Application for the purposes explained below. In this section we provide you with our contact details in case you wish to contact us regarding our collection and use of your personal data.

The controller (i.e. the entity responsible) for the collection and use of your personal data through the Application is:

Bond Mobility (Europe) AG
Birmensdorfer Strasse 419
8055 Zürich
Switzerland
Enterprise no. (CHE-142.924.229)
E-mail: privacy@bond.info
Tel. : +41 44 544 05 30

For any further questions please contact the Chief Operating Officer as data protection representative.

2. WHAT RIGHTS DO YOU HAVE?

Short: You have a right to access, correct or erase your personal data or limit or oppose the processing of your personal data. You also have a right to data portability and the right to withdraw earlier given consent. In this section we explain how, and under which conditions you may exercise these rights.

  1. You have the right to request access to all personal data processed by us insofar it pertains to you. You can exercise this right first and foremost via the Application itself. We reserve the right to refuse multiple requests for access that are clearly submitted for causing nuisance or harm to us or others or we may choose to charge you an administrative fee.
  2. You have the right to ask that any personal data pertaining to you which are inaccurate, are corrected free of charge. Some personal data can be corrected by yourself via the Application. If a request for correction is submitted, such request must be accompanied of proof of the flawed nature of the data for which correction is asked.
  3. You have the right to request that personal data pertaining to you will be deleted if they are no longer required in light of the purposes outlined above. However, you need to keep in mind that a request for deletion will be evaluated by us against:
    1. our own or a third party’s overriding interests;
    2. legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
      Instead of deletion you can also ask that we limit the processing of your personal data if and when (1.) you contest the accuracy of that data or you object to our processing of it and you want us to limit the processing of your personal data for the time during which we are assessing the validity of your claim, (2.) the processing is illegitimate or (3.) the data are no longer needed for the purposes which are outlined above, but you need them to defend yourself in judicial proceedings.
  4. You have the right to oppose the processing of personal data for the purposes c. through i. in section 5, but you are required to explain your particular circumstances on which your request for opposition is based.
  5. For the purposes a., b., j. and k. in section 5, you have the right to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us.
  6. For the purposes j. and k. in section 5 you have the right to withdraw your earlier given consent. You can do this via the Application or by following the process as described below.

Each request addressed to us can be send via e-mail to privacy@bond.info.

An e-mail requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should clearly state and specify which right you wish to exercise and the reasons for it, if such is required. It should also be dated and signed and accompanied by a digitally scanned copy of your valid identity card proving your identity.
We will promptly inform you of having received this request. If the request proves valid, we will notify you as soon as reasonably possible and at the latest thirty (30) days after having received the request.
If you have any complaint regarding the processing of your personal data by Bond Mobility, you may always contact us via the e-mail address mentioned above. If you remain unsatisfied with our response, you may file a complaint with the competent data protection authority, i.e. the data protection authority.

3. What IS THE PRIVACY POLICY FOR USERS OF OUR WEBSITE?

Short: In this section we detail the collection and use of data of visitors from our websites and social media presences.

3.1 OUR WEBSITES

We currently operate the website www.bond.info and sub-sites such as www.delivery.bond.info, help.bond.info. Furthermore, we maintain social media presences on LinkedIn, Facebook, Instagram and Twitter.

3.2 INFORMATION ON DATA PROCESSING

We collect and retain necessary data from visitors to our websites and social media channels in order to achieve the purposes of providing a practicable service for and with our web presences.

3.3 DATA PROCESSING ON OUR WEBSITE

On our website, we mainly collect the data of your usage which can involve information on the time and length of your visit, your approximate location, the visited websites but will not involve your personal data unless you use the contact form on the website and consent to the provision due to your own initiative.
As we are working with several companies (Facebook, Google, Zendesk, Stripe, Mailchimp) from non-EU countries, specifically the US, it is important to note that the personal data we potentially collect on our website may be processed in the US or other third countries. Due to a lack of comparable data protection law, your data might not receive a levelled protection as it receives under the Swiss DSG and the EU-GDPR. In this case we strive for sufficient contractual mechanisms to maintain an adequate level of protection for your data as well as our own. As mentioned before, we only collect personal data with the contact form on our website and ask for your explicit consent before a potential transfer of personal data to the US or any third country.

3.4 THE USE OF COOKIES AND WEB ANALYTICS

We use cookies to make our website more user-friendly by tracking the number of users and engagement on our website and providing said information for analysis purposes. The cookies can be deleted and controlled depending on the specifics of the web browser used to visit and use our web presence. Please be aware that you might not be able to access certain areas or features of our websites if you decide to delete all current or future cookies.

We use Google Analytics and Facebook Pixel which in turn use cookies to collect and store information on your website visits. This allows the companies to analyse your behaviour on our websites and to create a better marketing framework for our company, provide better services to our current and future customers and to optimise ads and create target groups. Further information can be found on http://www.google.com/privacy.html and https://www.facebook.com/policies/cookies/ .

On the basis of our data protection understanding we explicitly ask for your consent to the use of cookies upon your first visit of our websites. Further, the consent can be revoked at any given time.

3.5 SOCIAL PLUGINS

Our websites also use social plugins of social media platforms that can be identified by the small icons at the bottom of each page. They enable functions of convenience such as adding bookmarks, creating reading lists or sharing websites with other users of social media networks.
If you are logged into any of the specific social media networks that are linked on our websites and consequently interact within their frameworks it is possible that the visited social media network collects and stores your information. We have no impact on the scope of data collection in your visited social media networks and kindly refer to their respective policy privacies. If you do not wish for the social media networks to collect your information through plugins you are kindly asked to log out of your profile before visiting our websites.

3.6 CONTACT FORM

The contact form on our website allows visitors to connect with our team for business purposes. However, only your email address will be stored in our respective mail server (for support@bond.info) and will not be shared with third parties.

3.7 YOUTUBE

As we embedded YouTube videos on our website, it is important to note that your browser will automatically connect to the YouTube or Google server once you open a website with an embedded video. Consequently, certain data will be transferred and processed according to your settings. If you require further information, we kindly refer to Google Ireland Ltd. as they are responsible for data processing in Europe, https://policies.google.com/privacy?hl=de.

4. WHAT IS THE PRIVACY POLICY FOR USERS OF OUR APPLICATION?

Short: In this section we detail the collection and use of data of users from our Bond application. For information on the reasons why we process your data, please refer to section “Why do we process your personal data?”.

4.1 ACCOUNT REGISTRATION

When you register your account, we collect the following categories of personal data:

  1. personal identification data (e.g. your full name, date of birth, language, e-mail address, postal address, contact info, location, potential discounts);
  2. your driver license. Note that we engage a third-party verification service provider who will collect and verify your driver license details (e.g. front and back image of your driver license). The service provider Jumio (Jumio Software Development GmbH) strictly adheres to the security regulations of the PCI DSS and acts only upon our instructions;
  3. payment information for in-app payments. Note that we do not collect your payment credentials itself nor any information which we can use to initiate or execute payments as we do not provide any payment services ourselves. We currently engage a third-party payment service provider who will process your payment credentials directly (e.g. your credit card number, expiration date and CVV/CVC code or other payment details). The processing of payments for Bond services is executed through a third-party service provider that has been thoroughly inspected and indentured in order to maintain the privacy standard (Stripe; Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA). Their privacy policy can be found here: https://stripe.com/de/privacy.

Once the registration process is completed, the user contract between Bond and you, the user, is considered to be finalized.

4.2 USE OF APPLICATION

When you use the Application, we also collect the following categories of usage data:

  1. profile activity and information about your use of the Application;
  2. your contract data;
  3. echnical information about your use of your e-mobility device as collected by the e-mobility device, the connectivity device and the Application;
  4. electronic identification data (e.g. information about your phone’s Bluetooth radio, its MAC address and IMEI number of your phone, serial number of your e-mobility device, IP addresses etc.);
  5. use of IT equipment (e.g. the operating system of your mobile device, time stamps, log files, browser type, ISP, etc.);
  6. contact history

In principle, we collect all of the personal data (section 4.1. a - c) listed here directly from you and gather and store the usage data (section 4.2. a - g) for purposes of data analysis anonymously.

4.3 DATA MANAGEMENT

We are currently using two systems to link our vehicle modules to customers: Wunder Mobility (WunderCar Mobility Solutions GmbH, Hongkongstrasse 2-4, 20457 Hamburg, Germany), a platform that enables us to scale our micro-mobility services and the Fleet Management System (FMS) that is currently being developed by our own tech team. All information from personal to usage data is stored in both systems. These are used to organise our operations, administration and technology development as effectively as possible.
The collected data is not shared with third parties unless for reasons of legal obligations according to data protection regulations. However, data is processed through us in order to provide our services, carry out our billings, communication, issue accident investigations and probe insurance claims.
The information will also be used to contact our customers in case of an amendment to our terms and conditions, privacy policy or general services.

4.4 PAYMENT OF SERVICES

We process data that is necessary for the effortless provision and subsequent billing of our services. For this, we need to process the personal data, including the payment data, of our customers and transfer said data to the payment provider in order to carry out the transaction. The data will be deleted once the contractual basis and the necessity for further data storage is obsolete.

The processing of payments for Bond services is executed through a third-party service provider that has been thoroughly inspected and indentured in order to maintain the privacy standard (Stripe; Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Their privacy policy can be found here: https://stripe.com/de/privacy). However, the transferred data includes name, address, stored payment methods and bank data but anonymises the user-ID and thus prevents a linkage between personal data and user-ID.

4.5 CUSTOMER RELATIONS MANAGEMENT

We are currently employing the CRM system “Zendesk” (Zendesk, Zendesk Inc., 989 Market Street #300, San Francisco, CA 94103, USA, https://www.zendesk.de/company/customers-partners/privacy-policy/) to allow us an efficient and effortless handling of our customer’s enquiries. They instilled safeguards that are adequate to current European data protection standards and only use data for the technical processing of inquiries but will not transfer them to third parties.
The user must provide at least a valid e-mail address in order to send out an enquiry to our customer support. Further requests potentially require the processing of data such as names or addresses. However, if the user does not consent, there are further options of inquiry such as mail or telephone.

We also engage Mailchimp (The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 US, privacy policy: http://mailchimp.com/legal/privacy/) as our third-party provider for the dispatch of e-mail campaigns, newsletters or adaptions to our policies. By registering and confirming your account and consenting to our newsletter you consent to the processing of data through Mailchimp.

5. WHY DO WE PROCESS YOUR PERSONAL DATA?

Short: We collect and use your personal data for a number of different purposes, which we explain in the following. We are also obliged to indicate to you why our purposes are legitimate.
We collect and use your personal data for the following purposes:

  1. to allow you to use the Application.

    The collection and use of data are allowed because of their necessity to perform our contractual services that we have agreed upon through your acceptance of our Terms and Conditions.

    For this, we collect and use all the personal data mentioned in section 2 for this purpose.

  2. to verify your age, identity and validity of your driver’s licence in order to allow you to use the Bond Mobility Vehicles

    Such collection and use of data is allowed because of their necessity to perform our part of the service agreement that has been established through your acceptance of our Terms and Conditions. We collect and use all of the personal data mentioned in section 2 for this purpose. The verification of your licence requires us to transfer specific data to our third-party service provider Jumio, see section 4.1.b of this policy.

  3. to allow you to use third-party services via the Application.

    Such collection and use of data is allowed because they are a prerequisite to perform our contractual obligations included in the service agreement we have with you. Third-party services include payment and identity-verification services.

    We collect and use all the personal data mentioned in section 2 for this purpose.

  4. to communicate with you about the Application (not for promotional purposes).

    The collection and use of personal and usage data are allowed in order to pursue our legitimate interest of being able to communicate with our users about certain events concerning the Application, such as downtime, incidents, updates, etc. We collect and use personal data as described in section 2 and 4.5 for this purpose.

  5. to provide our services to our customers (i.e. mobility service and equipment providers; employers; etc.).

    Such collection and use are allowed because of the necessity of such collection and use to pursue our legitimate interest of providing our services to our customers. Note, however, that we do not share your personal data with the customer or our service providers that enable us to provide our services but anonymise personal and usage data in case we are contractually obliged to share them with our customers or service providers. Our customers are themselves responsible to inform you about the use they make of your personal data.

    We collect and use the personal data mentioned in section 2 for this purpose.

  6. for improving the Application, personalise and enhance your experience adding new features and developing new services.

    The collection and use of personal and usage data provide a framework for our legitimate interest of continuously improving our products and services. If any of our third-party service providers adapt their data collection and processing, they are themselves responsible to inform you about the reformed use they make of your personal data.

    We collect and use the personal data mentioned in section 2 for this purpose.

  7. for statistical reasons, so that we may understand how you and others use the Application.

    Such collection and use of your personal and usage data are allowed in order to pursue our legitimate interest of assessing how the Application and its features are used. If any of our third-party service providers adapt their data collection and processing, they are themselves responsible to inform you about the reformed use they make of your personal data.

    We collect and use the personal data mentioned in section 2 for this purpose.

  8. for security reasons and misuse detection, prevention, and reporting.

    The collection and use of your data is necessary in order to pursue our legitimate interest of keeping the Application, its underlying systems and software infrastructure as well as our users safe and secure from fraudulent, malicious or harmful content or behaviour. We collect and use the personal data mentioned in section 2 for this purpose.

    We collect and use the personal data mentioned in section 2 for this purpose.

  9. to defend ourselves in legal proceedings.

    Such collection and use are allowed because of the necessity to pursue our legitimate interest of being able to build our case, compile evidence and defend ourselves in courts or other judicial proceedings in connection to our business and corporation. We collect and use the personal data mentioned in section 2 for this purpose.

    We collect and use the personal data mentioned in section 2 for this purpose.

  10. to inform any third party in the context of a possible merger with, acquisition from/by or demerger by that third party, even if that third party is located outside the EU.

    Such collection and use of data are allowed because of their necessity to pursue our legitimate interest of being able to conclude corporate transactions.

    We collect and use the personal data mentioned in section 2 for this purpose.

  11. to send you promotional communications, newsletters, or marketing materials.

    For such collection and use we will ask for your consent before we make any personal data available to any of our service partners that enable us to communicate with you on a promotional basis.

    We collect and use the personal data mentioned in section 2 for this purpose.

  12. to comply with our legal obligations as well as with any valid request from law enforcement, judicial or governmental authorities.

    Such collection and use are allowed because of the necessity to comply with our legal obligations to potentially provide data for the enforcement of legal or governmental actions.

    We collect and use the personal data mentioned in section 2 for this purpose.

6. RECIPIENTS AND TRANSFERS

Short: Your personal data are shared with a limited number of parties, such as our own service providers and our customers. We can also share your personal data with other users or third parties if you have consented to this. In this section we explain to whom we send your personal data and how we ensure that your personal data are kept safe when sent abroad.

Your personal data may be sent to the following categories of recipients:

  1. Yourself, to enable you the use of our services and customer support;
  2. your contacts or business relations (e.g. your employer), in a B2B context. However, data will be fully anonymised so that we share metrics but allow no immediate user identification;
  3. our service providers, to allow for maintenance and repair requests;
  4. social media providers, for marketing purpose;
  5. our shareholders, potential acquirers, subsidiaries and affiliates, to provide for updates on daily business;
  6. governmental, judicial, and other competent bodies, if legally bound to provide data.

Your personal data are processed in the European Union. If we were to transfer your personal data outside the European Economic Area (“EEA”) at some point in the future, we ensure that these data are adequately protected through:

7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

Short: We only retain your personal data for as long as we are required to achieve the purposes listed in section 5 and in any case for the duration of you having an account in the Application and until ten years after such account has been closed.

Your personal data are only processed for as long as needed to achieve the purposes listed in section 5 above. Where our collection and use of your personal data relies on your consent, we will stop using your personal data for such purpose as soon as you withdraw your consent. However, please bear in mind that your personal data will at the earliest be deleted and de-identified after ten (10) years starting from the moment where you close your account with us. Moreover, de-identification will only be possible when none of the following overriding circumstances arises:

8. CONSENT

We understand your use of our services as a conclusive consent to our terms and conditions as well as to our privacy policy.
Lastly, we suggest that you regularly familiarize yourself with our privacy policies as they are subject to regular adaptations to our product’s functionality.

Status: 6 July 2021