Automicle Holding B.V. and the companies affiliated with it (hereinafter referred to as ‘Automicle’) are Dutch enterprises. Our business activities take place in the European Economic Area (EEA) and we store our data on servers within the EEA, unless otherwise indicated.
This privacy policy summarises when and how your personal data is processed in connection with the use of the Automicle (Mobility) Services such as the Platform provided by us (hereinafter referred to as ‘Service’).
Automicle’s aim is to apply for ISO Certification for the following standards ISO/IEC 27001 Information security management systems and ISO/IEC 27701:2019 Privacy Information Management and be certified in Q2 2025.
Wherever possible we are implementing in line with these requirements from day 1.
In our capacity as data controller, we process personal data so that we can provide our Service and so that we can provide the best possible service to you as a User of Automicle’s Platform. We will only use personal data for that purpose.
We reserve the right to change the provisions of this privacy policy. Changes will only be made in connection with the purpose, described above, of providing Users with the Automicle (Mobility) Services. If we change the privacy policy we will inform Users. We advise Users to examine the latest version of the privacy policy on a regular basis.
Personal data can be collected in a number of ways when Users make use of the Service. Below is a list of the information Automicle may collect. The list describes which personal data is processed, for which purpose, which legal basis the processing is based on and for which period the personal data is stored.
Storage period 10 years unless otherwise indicated
▪ Name
▪ Address
▪ Invoice data
Not providing the above-mentioned personal data or objecting to its processing may affect Users' use of the Service. We may block or restrict access to the Service and we reserve the right to terminate the agreement or the right of use, as described in our General Conditions. The personal data specified here is required to comply with our statutory obligations.
Storage period up to 2 years after the end of the agreement unless otherwise indicated
▪ Name
▪ Title
▪ Gender
▪ Date of birth
▪ Work-related position
▪ Employer
▪ Staff number
▪ IBAN number
▪ Payment Service Provider Alias [we do not store credit or debit card details – but use reputable Payment Service Providers (PSPs)]
▪ Username
▪ Password
▪ User Identifier (an ID to associate your identity across various platforms)
▪ ID card /passport details (required to Rent a Vehicle)
▪ Driver’s licence details (required to Rent a Car)
▪ Car registration number and kilometre count (if mobile parking, fuelling and/or charging has been activated)
▪ The Services you use
▪ Personal preference settings for the Services you use
▪ Wallet (or budget) details
▪ Service Provider / Mode / User’s ID with Service Provider
▪ Price of transactions
▪ Composition of transactions
▪ Date and time of transactions
▪ Purchased services (including, among other things, the mode/type of vehicle/ID of vehicle/travel class/…)
▪ Where the services was purchased (business name and location)
▪ Parking time (start-stop, duration) and location
▪ Toll trip time (start-stop, duration) and location
▪ Automicle tag ID used for accessing Vehicles or (Mobility) Services (this personal data is shared with the Service Provider)
▪ Vehicle Rental or (Mobility) Services time (start-stop, duration) and address/location of the Hub or start-stop of the session
▪ Collection and drop off point in case of taxi, shared car, Vehicle Rental
▪ Departure and destination of flights and (international) train journeys
▪ Date and time of flights and (international) train journeys
▪ Hotel location and dates of stay
▪ Point of departure and destination in case of public transport use
▪ Other data submitted for the journey
This personal data is received from the Platform or Service Provider. We share the personal data mentioned above with the Service Provider.
▪ Time, date & place of use of the service
▪ Time, date & place of creation of IDs
▪ Name
▪ Address
▪ E-mail address
▪ Phone number
▪ Content of correspondence
If you use the Service through your employer, we will receive personal data from your employer, a partner or a reseller and we will share personal data with your employer, the partner or the reseller.
If you use the Service through another party, a partner or a reseller, we will receive personal data from the partner or the reseller and we will share personal data with the partner or the reseller. In that case we can also receive personal data from and share personal data with your employer in case the employer is providing a budget and pays for the service.
Personal data that we will receive from your employer, partner or reseller:
▪ All personal data, as specified under 3.2.1 (with the exception of the password)
Personal data that we will share with your employer, partner or reseller:
▪ Name
▪ Employer
▪ Staff number
▪ All data, as specified under 3.2.2
In order to find out how your employer, partner or reseller handles your personal data, please refer to the privacy policy of your employer, partner or reseller.
The personal data in this paragraph 3.2 that is collected and processed by Automicle will be used for:
▪ administrative purposes, such as collections and handling disputes;
▪ drawing up your monthly invoice or the monthly invoice of your employer;
▪ storing data for your or your employer's obligation to keep records and your or your employer's tax obligation;
▪ presenting detailed information and reports;
▪ communicating with you or your employer;
▪ recording agreements made;
▪ making the Service usable.
Not fully or correctly providing the above-mentioned personal data may affect your use of the Service. Your use of the Service may be impeded and it is possible that the Service will not function properly. We may block or restrict your access to the Service and we reserve the right to terminate the agreement or the right of use, as described in our General Conditions. The personal data specified here is required to have the Service function properly or to ensure proper performance of the Service.
Storage period up to 2 years after your use of our Service
▪ Hardware info – brand, model and version and unique ID
▪ Operating system and browser information
▪ Settings preferences
▪ Visit and use history
▪ Reference address (from which website did you find our website)
▪ The manner in which you navigate our website and app
▪ Which of our website pages you visit
▪ IP address
▪ Unique identification number to identify you
▪ Device ID
▪ User Identifier
▪ IP address
▪ Time, date & place of use of the service
If you already use a Automicle service, we process the following personal data until you use the unsubscribe option included with each newsletter
▪ Name
▪ E-mail address
▪ Address
▪ Gender
▪ Which Services of Automicle you use and how often you use them
Not providing the above-mentioned personal data or objecting to its processing may affect your use of the Service. We may block or restrict your access to the Service and we reserve the right to terminate the agreement or the right of use, as described in our general terms and conditions (this does not apply to the personal data specified under 3.3.3.). The personal data specified here is required to comply with the legitimate interests of Automicle and to prevent misuse of the Service and security incidents.
We will process the following personal data in order to inform you about the Automicle service followed by you or about other Automicle services, storage period until use the unsubscribe option as included in each newsletter
▪ Name
▪ Address
▪ E-mail address
▪ Phone number
We will process the following personal data in order to inform you and answer your questions, storage period up to 6 months
▪ Name
▪ Address
▪ E-mail address
▪ Phone number
▪ Content of correspondence
If you no longer wish to be informed about the Automicle service followed by you or about other Automicle services, please contact us at the e-mail address listed under 'Contact'. You can also unsubscribe by following the instructions to unsubscribe that are included in every promotional e- mail. This will not affect our right and option to send you emails related to the Service and your account, or to use your personal data as described in this privacy policy.
Not providing the above-mentioned personal data or objecting to its processing will not affect your use of the Service. Refusing or withdrawing permission will not negatively affect your use of the Service.
Unless otherwise specified in this privacy policy we will not share, sell or trade personal information about you with or to third parties.
We may engage third parties, such as hosting providers, to assist us in providing the Service (hereinafter referred to as ‘Processor’). Those third parties may process your personal data in that context.
The types of Processors we may engage are:
▪ analytical software (including Google Analytics, set up in such manner that no personal data is shared with Google);
▪ customer relation management software;
▪ Service Providers with which you use the (Mobility) Service;
▪ hosting providers;
▪ marketing;
▪ software developers;
▪ support.
In some cases the Processor may collect your personal data on our behalf. We inform Processors that they may only use personal data that they receive from us in order to provide the Service. We are not responsible for any additional information that you provide to the Processors directly. You must inform yourself about the Processor and their business before disclosing personal data to such Processors.
If you use our Service as an employee or if our Service is otherwise made available to you through your employer, the personal data that is processed will be shared with your employer / partner / reseller as specified in paragraph 3.2.5.
We will only share personal data with the parties described in paragraph 4.1, your employer (paragraph 4.2) or if we are obliged to do so as described in paragraph 4.4. If we wish to share personal data with other parties we will only do so if we have a valid processing ground to do so.
We may share personal data if this is reasonably necessary or appropriate to comply with the law or a legal request of an authority. We may also share personal data with third parties in order to respond to any claims by third parties or in order to protect the rights, property or safety of us, our users, our employees or the public and in order to protect us or our users against fraudulent, offensive, inappropriate or unlawful use of the Service. We will inform you as much as possible and will ask for your permission before we share data for those purposes, unless this is not reasonably possible or the law forbids this.
We may anonymise personal data so that it cannot be traced back to you. We may use such anonymised information for our own use and share it with third parties without your permission.
We may send you push and/or local notifications by text message and/or e-mail, for instance in case you have almost reached your spending limit, in case we want to notify you of (Mobility) Service alarms or disruptions, you still need to file a report after Renting a Vehicle, to remind you of active mobile parking transactions or any other service related information.
We will make sure that we take appropriate technical and organisational security measures for the processing of personal data. We comply with generally accepted standards to protect personal data, both during the transmission thereof and as soon as we have received the personal data. We have taken the following measures in any case:
- we have implemented physical and technical measures and management procedures designed to prevent unauthorised access, loss or misuse of personal data as much as possible;
- sensitive information or personal data, such as account passwords and other payment-related identifiable information, is sent in encrypted form;
- sensitive information (including your password) is stored in encrypted and/or hashed form where possible;
- we restrict the internal access to personal data to employees who require the information to perform their duties. Our employees are bound by a confidentiality clause;
- our information management systems are set up in such manner that employees who are not authorised to examine specific information or personal data do not, in principle, have access to such information;
- our servers are located in a secure environment in data centres in the EEA. You only have access to the front end of our servers and only by logging in by means of a username and password. You are responsible for keeping your login details safe;
- the personal data is backed up on a frequent basis.
Keep in mind that our Processors are responsible for processing, managing or storing (a part of) the personal data that we receive. Processors are not authorised to use this data to present advertisements to you. These Processors are contractually obliged, by means of a data processing agreement concluded with us, to protect the personal data that they have received from us.
We would like to point out to you that we cannot guarantee absolute security for the processing of personal data via the internet or a method of electronic storage.
Our Service may contain links or refer you to other websites, apps and advertisements of third parties that may keep information about you. We have no control over such sites or their activities. All data, including personal data, that you provide to such third parties is submitted directly to such third parties and is subject to the privacy policy of the third party in question. We are not responsible for the content, privacy and security practices and the policies of third parties to which we link, refer or which advertise on our Services and/or websites and in our apps. We advise you to examine the privacy and security practices and the policies of the third party before you submit data to them.
Privacy legislation gives you certain rights with regard to your own personal data. The rights that we describe below are not absolute rights. We will always consider whether we can reasonably meet your request. If we cannot meet your request, or if it would be at the expense of the privacy of others, we can refuse your request. If we refuse a request, we will let you know and explain our reasons.
You have the right to request which personal data we process about you. You can also ask us to provide insight into the processing grounds, relevant categories of personal data, the (categories of) recipients of personal data, the retention period, the source of the data and whether or not we use automated decision making.
You may also request a copy of your personal data that we process. Do you want additional copies? Then we can charge a reasonable fee for this.
If the personal data processed by us about you is incorrect or incomplete, you can request us to adjust or supplement the personal data.
If we grant your request, we will, to the extent reasonably possible, inform the parties to whom we provide information.
Do you no longer want us to process certain personal data about you? Then you can request us to delete certain (or all) personal data about you. Whether we will delete data depends on the processing ground. We only delete data that we process on the basis of a legal obligation or for the performance of the agreement if the personal data is no longer necessary. If we process data based on our legitimate interest, we will only delete data if your interest outweighs ours. We will make this assessment. If we process the data on the basis of consent, we will only delete the data if you withdraw your consent. Have we accidentally processed data or does a specific law require that we delete data? Then we will delete the data. If the data is necessary for the settlement of a legal proceeding or a (legal) dispute, we will only delete the personal data after the end of the proceedings or the dispute.
If we grant your request, we will, to the extent reasonably possible, inform the parties to whom we provide information.
If you dispute the accuracy of personal data processed by us, if you believe that we have processed your personal data unlawfully, if we no longer need the data or if you have objected to the processing, you can also request us to restrict the processing of that personal data. For example, during the time that we need to assess your dispute or objection, or if it is already clear that there is no longer any legal ground for further processing of those personal data, but you still have an interest in us not deleting the personal data. If we limit the processing of your personal data at your request, we may still use that data for the settlement of legal proceedings or a (legal) dispute.
If we process data on the grounds of a legitimate interest, you may object to the processing. If we process data on the basis of your consent, you may withdraw that consent. For more information, please refer to the relevant processing purposes above.
At your request, we may transfer the data that we automatically process to execute the agreement or based on your consent, to you or another party designated by you. You can make such a request at reasonable intervals.
Do you have a complaint about our processing of your personal data? Please contact us. We are naturally happy to assist you. If we cannot come to a solution, you are also entitled to submit a complaint to the national privacy authority, in this case the Dutch Data Protection Authority. For this you can contact the Dutch Data Protection Authority via https://autoriteitpersoonsgegevens.nl .
We do not take decisions based solely on automated processing.
You can view, verify, update, correct or delete your relevant personal data collected by the website and the Service, by using the function designed for this purpose in the Service (using the platform or at www.automicle.com ).
You can also send a request for access, correction, deletion, data transfer of your personal data or request for withdrawal of your consent or objection to the processing of your personal data to privacy@automicle.com .
To prevent abuse, we ask you to identify yourself adequately in the case of a written request for access, rectification or erasure. You can do this by sending a copy of a valid proof of identity. Do not forget to screen off your citizen service number and passport photo on the copy.
We strive to process your request, complaint or objection within a month. If it is not possible to make a decision within a month, we will inform you of the reasons for the delay and the time when the decision is expected to be made (no longer than 3 months after receipt).
If you have any questions, problems or comments concerning this privacy policy, please contact us by e-mail at privacy@automicle.com , or by letter sent to Automicle Holding BV, Graaf Wichmanlaan 58, 1405 HC Bussum, The Netherlands
In order for Automicle to provide mobility services we have to share personal info with Mobility Service Providers / (Public) Transport Operators. (see also 3.2. Processing operations required for the performance of an agreement (the provision of the Service)
Whenever we use Mobility Service Aggregators, these Service Providers may have the obligation to share personal information.
An overview of these organisations will be maintained in Automicle’s Privacy and Security administration.
The list of organisations that oblige us to publicly announce their contractual right includes:
NS, Tranzer, SHPV
Version 1.1 June 2nd 2023
02-06-2023 PRIVACY STATEMENT AUTOMICLE.docx /