1. General information
When you as a customer creates an account and/or use the Service, the Company processes your personal data by obtaining and providing information on your mobile phone, tablet or other devices.
2. Terminology and definitions
2.1. The following terms are used in this policy with the meanings stated below:
2.2. Personal data refers to all types of information that directly or indirectly can be attributed to a natural person who is alive. This could mean name, personal identity number, address etc. Encrypted data and several types of electronic identifiers (such as IP addresses) are considered personal data if they can be linked to natural persons.
2.3. Processing of personal data refers to everything that happens to the personal data. Every action taken with personal data represents processing, irrespective of whether it is performed in an automated manner or not. Examples of common forms of processing are collection, registration, organizing, structuring, adaptation or alteration, transmission and erasure.
3. Data that we collect
3.1. Data that you provide to us
3.1.1. Registration information, including your first and last name, date of birth, profile picture, contact information (address, e-mail address and telephone number) and country, that you provide when you sign up with mooova and the anonymized customer ID that is generated when you register. The photo or photos you specifically choose when you create a sticker with mooova.
3.1.2. Enhanced customer due diligence – to comply with the rules that we as a payment institute must follow, we will from time to time ask for further information about you, i.e. in which country you were born, in which countries you hold a citizenship, in which country you are resident for tax purposes, what your occupation is and if you or someone in your family or a person known to be a close associate with you is or has been a politically exposed person.
3.1.3. The processing of this data is a prerequisite for you to be able to use the Service and is undertaken to enable us to fulfil our agreement with you, as well as to enable us to fulfil statutory obligations.
3.1.4. Your specific location: We will never gather or use your specific device location (for example by using GPS) without first getting your explicit consent. This information enables us to automate the input of an address when you create a sticker for a pick-up or delivery at mooova. This information also enables us to provide you with features, information, ads and other content depending on your current location and your location in relation to other mooova users. If you choose to share your specific location but later change your mind, you will always have the possibility to withdraw your consent by changing your settings in your device’s operating system.
3.2. Data from others
3.2.1. In addition to the data that you provide us with, we may also collect personal data from another source (third party). For example, the Company collects address information from public registers.
3.2.2. The processing of this data is a prerequisite for you to be able to use the Service and is undertaken to enable us to fulfil our agreement with you, as well as to enable us to comply with our statutory obligations.
3.3. Use of the Service
3.3.1. We store user data when you visit or use our Services, including our applications, websites and our platform technologies (for example add-ons outside of the website), such as when you visit or click on content and install or update one of our mobile applications. We use logins, cookies, device information and IP addresses to identify you and to log your use of the Service.
3.4. Cookies, web beacons and similar technologies
3.5. Your device and location
3.5.1. When you download the Company’s application on your mobile phone, tablet or other device the Company needs to store and obtain certain technical information from your device to be able to provide and update the Service. By downloading the application, you agree to the Company storing and obtaining certain technical information from the device. The processing of this data is a prerequisite for you to be able to use the Service and the information is stored to enable the Company to fulfil the agreement with you to provide to Service. If you no longer want the Company to store and obtain the technical information, you must uninstall the application.
4. This is how we use your data
4.1. As stated above, the Company process your personal data for several purposes based on various legal grounds. The Company mainly processes personal data to provide, administrate, develop and adjust the Service and its functionalities to fulfil our agreement with you. The personal data is also processed to ensure customer due diligence, to administrate the customer relationship with you, and to meet requirements related to security and other statutory obligations, to fulfil the Company’s legal obligations. The personal data in sections 3.1-3.5 above may also be used for market- and customer analysis, market surveys, statistics, business follow-up and business development and method development, which is based on either a consent that is obtained from you when you register to create an account at the Company, or on the Company’s legitimate interest to market itself and its services, and to develop and provide the customers an improved supply of services.
4.3. Furthermore, personal data may be processed to protect the Company’s legal interests or to discover, prevent or draw attention to fraud and other problems related to security or technology, which all constitute legitimate interests for the Company to perform the processing.
4.4. If you do not wish for the Company to process your personal data for direct marketing, you may announce this to the Company in writing through the contact information in section 10.
5. This is how we share your personal data
5.1. Personal data may be shared if it is necessary to comply with requirements provided in law or by authorities, in order for the Company to comply with legal obligations.
5.2. Furthermore, the Company may share your data to other parties in order to enable the processing of your transaction and to facilitate payments, enable updates of your transaction status and to send offers from the Company and the Company´s partners through SMS, e-mail or other direct marketing. This processing is performed to fulfil the agreement that you have entered with the Company and, in terms of marketing, based on a consent or a legitimate interest.
5.3. To be able to provide the Service the Company will share your personal data to partners, such as Stripe Limited, for the management of your card data and information.
5.4. Where it is necessary to enable the Company to offer you the Service, we share your personal data with companies that act as processors for the Company. A processor is a company that processes the information on behalf of The Company and in accordance with the Company’s instructions. The Company has processors that assist the Company with IT-services, as well as companies that conduct marketing activities on behalf of the Company. However, the Company is always responsible for ensuring that your personal data is processed correctly. When your personal data is shared with processors, it is only for purposes that are compatible with the purposes for which The Company has obtained the information (for example to be able to fulfil The Company’s commitments in accordance with the agreement with you as a customer). The Company checks all processors to ensure that they can provide sufficient guarantees regarding the security and secrecy of personal data. The Company has written agreements with all processors (data processing agreements) under which they guarantee the security of the personal data processed and undertake to fulfil The Company’s security requirements and requirements regarding international transmission of personal data.
6. Where is your personal data processed?
6.1. Your personal data is in general processed only within the EU/EEA.
6.2. Your personal data may be transmitted to or stored in a country outside the EU/EEA, on the condition that there is a legal ground, i.e. a legal obligation or consent from you, and that there are appropriate safeguards or that The Company and its processors have taken adequate precautions. Appropriate safeguards are that an agreement is in place that covers EU standard agreement clauses or other approved clauses, codes of conduct, certifications, etc. approved in accordance with GDPR. See ec.europa.eu/info/law/law-topic/data-protection_en for further information. It is also required that the country outside the EU/EEA where the recipient is located has a reasonable level of data protection which is established by the European Commission, and that the recipient is certified in accordance with Privacy Shield (applicable to recipients in the United States).
6.3. Further information on transmission of personal data to countries outside the EU/EEA can be obtained on request.
7. Information about storage
7.1. Data storage
7.1.1. Your personal data is normally not stored for longer period of time than what is necessary to fulfil the purposes for which the data was collected. The Company will erase or de-identify the data collected that may be traced back to you when you terminate your account at The Company, except for such information that The Company is obliged to keep in accordance with law, normally ten years after you have terminated your account at the Company. The personal data is stored only to comply with such legal obligations or to protect the Company’s legal interests, such as if there is a pending legal process.
8. Your choices and rights
8.1. The right to access and control your personal data
8.2. Regarding personal data that we store about you:
· Delete personal data: you can request erasure of all or some personal data (for example if the data is no longer necessary to provide the Services).
· Change or correct personal data: you can edit some of your personal data through your account. You can also request that we edit, update or correct your personal data if, for example, the personal data is inaccurate.
8.3. The Company may charge an administrative fee in case of unfounded or implausible requests (for example if they are made repetitively). You will then be notified about this in advance. The Company will normally answer your request within one (1) month. Requests are made through firstname.lastname@example.org.
9. Other important information
9.1.1. We have appropriate safeguards designated to protect your information, such as encryption of your data during all processing. We supervise our systems regularly to discover possible weaknesses and attacks. We can, however, not guarantee the security of all information that you provide us. There is no guarantee that information cannot be accessed, exposed, changed or destructed through attacks on our physical, technical or administered firewalls.
9.2. Management of personal identity numbers
9.2.1. The Company will only process your personal identity number when it is clearly warranted in consideration of the purpose, necessary for a reliable identification or if there is any other notable reason. The Company always minimizes the use of your personal identity number as far as possible through, when it is sufficient, using a User ID that does not contain your birth date.
9.3. Legal grounds for processing
9.3.1. We will only collect and process your personal data when there is a legal ground for it. These legal bases include consent (when you have given us your consent), agreement (when processing is necessary for the execution of the agreement (for example to deliver the Services from the Company that you have requested)) and legitimate interests, such as to protect you, us or others from security threats or frauds, to improve your experience with the Service or to comply with the statutory obligations that apply to us.
9.3.2. If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. If the processing is based on legitimate interests, you have the right to object to our processing. If you have any questions about the legal grounds on which we collect and use your personal data, you may contact us in accordance with section 10 below.
9.4. The Company reserves the right to make changes in this policy at any time. The Company shall, with reasonable notice through website or application, inform users that hold an account at the Company in case of upcoming changes of the policy. If you do not accept the changes, you have the right to terminate the agreement with the Company before the revised policy enters into force. You terminate your agreement with the Company by terminating your account at the Company.
10. Contact information
10.1. The Company is the controller and responsible for ensuring that your personal data is processed in accordance with applicable law.
10.2. Do not hesitate to contact the Company if you have any questions regarding the processing of your personal data or any complaints. Written or verbal questions and complaints are primarily directed to:
Mooova Technology AB
c/o Norrsken, Birger Jarlsgatan 57C, 113 56 Stockholm
E-mail: email@example.com write “Data protection” as topic.
See also our Terms of Service here: https://mooova.io/terms-of-service/