Published using Google Docs
E-Magine Rides App - Privacy policy ENG
Updated automatically every 5 minutes

E-Magine Rides

Privacy Policy

Last update: 2024 August 16

1. Introduction

Our Privacy Policy informs you about the collection and processing of your data by E-Magine. It applies to the E-Magine app as well as to mobility services that can be booked via our app or via partner apps.

The data controller and service provider is:

E-MagineTravelServices Kft. („E-Magine”, “we”, “us”), registry number: 01-09-295484, registered address: 1053 Budapest, Ferenciek tere 2. fsz., Hungary; contact: hello@emaginetravel.com

together with SIA ATOM Tech („ATOM”), company number: 40203185808, registered address: Aldaru iela 10-4, LV-1050, Riga, Latvia; contact: support@atommobility.com, pursuant to Article 26 GDPR.

2. Data collection and processing when using our app and services

In our app, we offer users the opportunity to register by providing personal data. Registration is mandatory for the use of E-Magine Services.

2.1 Registration

When you register with E-Magine, we require the following information from you to create a customer account:

You enter this information yourself in our app when you register. If additional voluntary information can be provided, this will be marked accordingly.

You can also use a so-called “single sign on function” from Google or Apple ("SSO provider") to create an account with us. Your account with the SSO provider (e.g. your Google account) is then linked to our app. The master data you store with the SSO provider (name, email address, phone number) will be visible to us. The SSO providers inform you during the registration process about the data to be transferred; you can give explicit consent or refuse this. Please note that by linking the accounts, the SSO providers knows if and when you log in with us.

Registering and creating an account is a prerequisite for renting vehicles. The legal basis is Article 6(1)(b) GDPR.

2.2 Data collection and processing when using the E-Magine App

When you use the app or your end device, your current IP address and information about your end device (e.g. operating system used, version, language, device type/brand/model, device ID) as well as the date and time of access and the retrieved content or data are automatically transmitted to our servers ("access data"). This is technically necessary information and we collect it automatically when you use our app.

The legal basis is Article 6(1)(b) GDPR, insofar as the data processing serves to provide the app functionalities and our services. Furthermore, the data processing is carried out pursuant to Article 6(1)(f) GDPR based on our legitimate interest in sustained functionality and security as well as the further development of the app and our services.

2.2.1 App permissions

In order to use our services, we need access to certain functions of your device (so-called “permissions”). Depending on your operating system, you must explicitly grant permission or you can revoke it in each case. Any data that we may access as part of the authorisations will only be used for the purposes stated in this Data Protection Declaration.

Camera: Access to your camera function is required to scan the QR code placed on the vehicle before renting.

Location: We need information about your location to show you if there are vehicles near you and how to get there. Furthermore, we process information about your location when you use the app or rent a vehicle to improve our services and personalise them for you.

The legal basis is Article 6(1)(b) GDPR, as the data processing serves to provide the app functionalities and our services.

2.2.2 E-Magine App analysis and further development

To continuously optimise our service, we want to understand how users use our app. For this purpose, we also collect and process the following technical data: device information (e.g. device, operating system and app version information, language, time zone), the time you open the E-Magine app, your behaviour in the app (e.g. selecting vehicles or booking), duration of use or time spent in certain functionalities, and your device location.

In addition, we use a service to obtain diagnostic information such as device type, device ID, OS version, state of the app at the time of the crash, crash trace, internal app technical log data when the app crashes. This information does not contain any directly identifiable personal data. We use it to analyse errors in the app and thus improve stability and reliability.

For the crash reports, we use "Firebase", a service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We have concluded a data processing agreement with Google. In some cases, data are processed on a Google server in the United States. In the event personal data are transferred to the US or other third countries, we have concluded standard contractual clauses with Google pursuant to Article 46(2)(c) GDPR. Further information on these services can be found here: https://policies.google.com/te...

Our app uses Google Analytics, an analytics service provided by Google. When doing so, we analyse your usage behavior in our app in order to be able to improve our app and our offerings on this basis.

The personal data linked to advertising ID collected by Google Analytics are automatically deleted after 14 months. We have concluded a data processing agreement with Google. In some cases, data are processed on a Google server in the United States. In the event personal data are transferred to the US or other third countries, we have concluded standard contractual clauses with Google pursuant to Article 46(2)(c) GDPR.

The legal basis is Article 6(1)(f) GDPR, based on our legitimate interest in analysing errors in the app in order to fix them and improve the app, as well as in analysing the use of the app in pseudonymous form in order to improve the app and our offerings.

2.2.4 Google Maps

The E-Magine App uses Google Maps API applications, a service provided by Google. This allows us to show you interactive maps on our app, for example. This application is essential for the functionality and full provision of our content and services. You can view the Google Terms of Use here: https://www.google.com/intl/en.... The additional terms of use for Google Maps/Google Earth can be found here https://www.google.com/help/te.... The Google privacy policy can be found at: https://www.google.com/intl/en.... In addition to displaying available vehicles, we also use Google Maps to translate geo-locations into addresses and show you the estimated walking distance to the selected vehicle.

The legal basis is Article 6(1)b GDPR, as the data processing serves to provide the app functionalities and our services.

2.2.5 Navigation

In some cities, we provide you a navigation service integrated into the app. For this Service, we use Beeline navigation software from Relish Technologies Ltd, A212 The Biscuit Factory, 100 Drummond Road, London, United Kingdom ("Beeline"). You voluntarily decide whether you want to use the navigation software. While you use Beeline, Beeline receives information about your location as well as your movement. Further information on data processing done by Beeline can be found here: https://beeline.co/pages/priva....

The legal basis is Article 6(1)(b) GDPR, as the data processing serves to provide the app functionalities and our services.

2.3 Data collection and processing when renting a E-Magine vehicle

If you rent a vehicle, we collect and process additional data via the app and about our vehicles. The legal basis is Article 6(1)(b) GDPR, insofar as the data processing serves to perform the rental agreement, and otherwise Article 6(1)(f) GDPR based on our legitimate interest in the permanent functionality and security as well as the further development of the app and our services.

2.3.1 Data collection in our app

When you rent a vehicle, we record your device location at the start and end of the rental. Since a rental contract is concluded with every rental transaction, we also store the duration of your use and which vehicle you have rented. We use these data in particular to bill the rental.

2.3.2 Data collection by our vehicles

Our vehicles contain so-called “IoT boxes” or telematics units that send data (including the vehicle's location and diagnostic data, e.g. battery status) at regular short intervals. This permits us to determine where our vehicles are and at what speed they are moving. The IoT boxes send data regardless of whether a vehicle is currently rented or not.

We process data in connection with the rental in particular for the following purposes:

2.4 Data collection during contact, communication and social media

2.4.1 Contacting us

If you contact us via a contact form, email or telephone, we will process the information you provide for the purpose of handling the request and for possible follow-up questions. The communication with you will be stored pursuant to the legal retention periods, but at least until your customer account is closed.

The legal basis is your and our legitimate interest in processing your requests pursuant to Article 6(1)(f) GDPR.

If you have expressly consented to this, we may record your telephone call with our customer service for internal training and quality control purposes. These recordsing are automatically deleted by us after 30 days. You have the right to revoke your declaration of consent at any time. In this case, the recording will be deleted immediately.

The legal basis is Article 6(1)(a) GDPR.

2.4.2 Our contractual communication with you

Furthermore, we will send you necessary information about our services, changes to our terms and conditions, prices and similar topics via email and/or push messages. More information on marketing communications can be found below.

To receive push messages, you must confirm or activate the option to send push messages through our app on your device. You have the option to disable the receipt of push messages at any time. This is done in iOS and Android under the app-specific settings in the menu item "Notifications".

The legal basis is Article 6(1)(b) GDPR, insofar as the information is relevant to the contractual relationship; otherwise, your and our legitimate interest in the information pursuant to Article 6(1)(f) GDPR.

2.4.3 Social media appearances

If you publish information relating or connected to our social media profiles on the respective platform (e.g. comments, public messages / postings, videos, images, likes), these data will be published by the respective platform provider. We do not use these data for any other purpose. We may share your content published on the respective platform via our own profile (e.g. via "retweets"), if this function is offered by the respective social media platform.

We reserve the right to delete content on our own profile to the extent this is possible and appears necessary to us. The content you publish will be deleted in accordance with the usual procedures and policies of the respective social media platform.

If you contact us via social media platforms, we may communicate with you via the social media platform to respond to your inquiries. We delete the data collected in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations, insofar as deletion or restriction of processing is possible with the respective social media platform. Communication via social media platforms is potentially insecure. You may also contact us at any time through other means as described in this Data Protection Declaration.

We do not use any enhanced advertising options in connection with our profiles (e.g. interest, behavior or location-based advertising) of the social media platforms. We only use aggregated, anonymised usage statistics normally provided by the social media platforms.

We have no control over the data collected by the social media platforms or the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. In particular, experience has shown that socla media platform providers store your data as usage profiles and use them for their own purposes of advertising, market research, and demand-oriented design of their platforms. If we are able to do so, e.g. through settings and configurations, we work to have the respective social media platform handle your personal data in compliance with data protection law.

More detailed information on the data processing of the social media platforms can be found in the data protection declarations of the respective providers.

Data processing in connection with our social media presences (e.g. on Facebook, LinkedIn, Twitter, TikTok) is based on our legitimate interest in public relations and communication pursuant to Article 6(1)(f) GDPR.

2.5 Payment processing

To process the payment, we use external service providers to whom we transmit the data required for payment processing (first and last name, email address, telephone number, start and end time of the trip, payment ID, payment method, any further data about the means of payment, invoice number, language, zone/region).

For the legal basis of the data processing carried out by the payment service providers under their own responsibility, please refer to the data protection policies of the respective payment service providers:

Stripe Payments Europe Ltd, 25/28 North Wall Quay, Dublin 1, Ireland ("Stripe"). For more information, please see Stripe's privacy policy (https://stripe.com/en/privacy).

Unless you have given us your consent to do so pursuant to Article 6(1)(a) GDPR, the legal basis for forwarding the data to the payment service providers as part of the contract processing is Article 6(1)(b) GDPR, as the processing is necessary to settle the rental contract.

2.6 Damage and accidents

In the event of damage to our vehicles or accidents involving our vehicles, we will process your data (including master, contract, location and route data) for the purposes of customer care, claims settlement, processing and liquidation, to receive and process complaints, to secure and enforce our own claims and to avert further damage to you or us.

In this context, we may also transmit data to insurance companies for claims settlement and to competent authorities (e.g. in the context of hearings as a witness or accused in administrative offence or criminal proceedings).

The legal bases are Article 6(1)(b),(c),(f) GDPR and, if health data should be concerned in the context of an accident, Article 9(2)(f) GDPR. Our legitimate interest lies in particular in the settlement of claims and accidents in order to avert damage to our company.

2.7 Disclosure of data in case of criminal or administrative offences or contract violations

In connection with investigations into criminal or administrative offences, we may disclose data (e.g. master data, route/position data, communication and contract data) to the competent investigative authorities, e.g. in the context of hearings as a witness or accused. This can be done, in particular, for violations of traffic regulations, parking rules and similar laws. If, for example, a vehicle is parked incorrectly and contrary to our contractual arrangements or the road traffic regulations and E-Magine is threatened with a fine or penalty as a result, we can share data with the relevant authorities on who and when last rented and parked the vehicle. This also applies to accidents, speeding and similar offences. If in the aforementioned cases a third party raises legitimate claims against E-Magine, E-Magine may also share your data with the claimant.

If you are suspected by the relevant authorities of having committed a criminal or administrative offence with or in connection to our vehicles or services, we may also process the data provided to us by the relevant authorities in this context.

The legal basis is Article 6(1)(c) GDPR in the case of a statutory obligation to surrender; otherwise, our legitimate interest pursuant to Article 6(1)(f) GDPR in averting damage to our company as well as protecting our vehicles and exercising our contractual and non-contractual rights.

2.8 Other processing purposes

We also process your personal data for the following additional purposes:

Pursuant to Article 6(1)(f) GDPR based on our legitimate interests:

Pursuant to Article 6(1)(c) GDPR, to fulfill legal obligations, e.g. to comply with commercial and tax retention obligations or to fulfill obligations to provide data due to a legally binding court or administrative orders.

3. Transmission of personal data

A transfer of the data collected by us takes place as explained above and otherwise in principle only if:

We use external service providers for data processing who act on our behalf and are not allowed to process personal data for their own purposes. In addition to the service providers expressly mentioned in this Data Protection Declaration, this may include in particular IT and data center service providers, technical service providers, agencies, market research companies, group companies and consulting companies.

We may use service providers domiciled or processing personal data in so-called “third countries” outside the European Union or the European Economic Area. If this is the case and there is no adequacy decision pursuant to Article 45 GDPR for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union (if applicable, including additional agreements in accordance with the recommendations of the data protection supervisory authorities) or binding internal data protection regulations.

4. Advertising

We also process your data to display or send you personalised advertising. For this purpose, we use the information provided by you during registration, your booking history as well as data collected during your use of our app or confirmations of receipt and information that messages have been read. In particular, we also process your location for this purpose, as some of our product and services are only available in certain areas and we therefore only target users in those areas. You can object to this processing at any time by contacting us or closing your account.

The processing of your data for advertising purposes, unless consent is required pursuant to Article 6(1)(a) GDPR, is based on our legitimate interest pursuant to Article 6(1)(f) GDPR in direct advertising.

4.1 Newsletter

You can sign up for a newsletter to receive periodic information about our services, special offers or surveys. We send these emails only if you have explicitly agreed to receive them. In order to log your consent, we collect the following information on the basis of our legitimate evidentiary interest pursuant to Article 6(1)(f) GDPR, which we retain until you unsubscribe from the newsletter or delete your account: IP address used; time of registration for the newsletter; time the confirmation email was sent; content of the confirmation email; time of activation of the confirmation link or archiving of the response mail.

You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link available in each email or by sending an email to hello@emaginetravel.com.

The legal basis is Article 6(1)(a) GDPR.

4.2 Product recommendation emails and push messages

Even if you have not subscribed to a newsletter, we will send you a limited number of product recommendations, surveys and product review requests. You will receive such emails only if you use our service. If you no longer wish to receive these emails from us, you may opt-out at any time, free of charge, by clicking on the unsubscribe link available in each email or by sending an email to hello@emaginetravel.com.

You can change the settings for push notifications in your operating system at any time (see above).

The legal basis is Article 6(1)(f) GDPR (“marketing to existing customers”).

4.3 Online advertisements

We also show you ads within our app via so-called “in-app notifications” and outside our own services. You can object to us processing your data for these purposes in our app settings. Please note that you may continue to see advertisements from us outside our own services, even if you object to the use of your data for promotional purposes.

The legal basis is Article 6(1)(f) GDPR.

5. Market research

In order to continuously improve our products and better understand our users, we process your data for the purpose of market research. When doing so, we process information about your routes, your usage behaviour and the data you provided during registration.

Based on these data, we invite our users - depending on the type of invitation only with your consent - to voluntarily participate in market research initiatives, studies and surveys. If you participate in such initiatives, we will inform you separately about the associated data collection and processing. As E-Magine's service is a new kind of mobility service, our partners and especially cities, regions or ministries of transport are interested in our market research and the insights gained from it. Therefore, E-Magine shares aggregated and anonymised results with these partners.

The legal basis is our legitimate interest in market research and the optimisation and further development of our offerings pursunat to Article 6(1)(f) GDPR.

6. Erasure

In principle, we store personal data only as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidentiary purposes for claims under civil law or due to statutory retention obligations.

For evidentiary purposes, we may retain contract data for three years from the end of the year in which the business relationship with you ends. Any claims will expire on this date at the earliest in accordance with the standard statutory limitation period.

Even after that, we still have to store some of your data for accounting reasons. We are obliged to do so because of statutory documentation requirements that may arise from the Commercial Code, the Tax Code, the Banking Act, the Anti-Money Laundering Act and the Securities Trading Act. The time limits for storage and documentation specified therein are between two and ten years.

7. Rights of data subject

You are entitled to exercise the following rights as a data subject formulated in Articles 15 - 21 and 77 GDPR at any time if the legal requirements are met:

You have the right to revoke a previously granted consent to us at any time with effect for the future. The withdrawal of your consent does not affect the legality of the processing carried out based on this consent until the withdrawal.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of an objection to data processing for direct marketing purposes, you have a general right of objection, which we will implement even without you specifying any reasons.

To assert your rights, you may contact us at any time using the contact details above or at hello@emaginetravel.com. In doing so, we may ask you for proof of identity, such as by submitting your request through the email address registered in your account.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in specific cases, even longer for the assertion, exercise or defense of legal claims.

The legal basis is Article 6(1)(f) GDPR, based on our interest in defending against any civil claims in accordance with Article 82 GDPR, avoiding fines in accordance with Article 83 GDPR, and fulfilling our accountability obligations under Article 5(2) GDPR.

You can reach our data protection officer at dpo@ E-Magine.app or at the above postal address ("Attn: Data Protection Officer"). We expressly point out that when using the email address, the content of your communication is not exclusively noted by our data protection officer. Therefore, if you wish to exchange confidential information, please first contact us directly via this email address.

You have the right to lodge a complaint with a data protection supervisory authority.

8. Changes to this Data Protection Declaration

We will occasionally update this Data Protection Declaration to ensure that it always reflects current legal requirements and actual circumstances (e.g. when new services or features are introduced). We recommend that you check this Data Protection Declaration regularly for possible changes.