Deze Privacy Policy is in het Engels opgesteld. Indien u het Engels niet begrijpt, neemt u contact op met Poppy (via privacy@poppy.be) alvorens de applicatie ervan te aanvaarden om een vertaling of een verklaring in het Nederlands te krijgen. Door deze Privacy Policy te aanvaarden, verklaart u Engels en de inhoud van deze Privacy Policy te begrijpen.
La présente Privacy Policy est établie en anglais. Si vous ne comprenez pas l’anglais, veuillez prendre contact avec Poppy (via privacy@poppy.be) avant d’en accepter l’application pour recevoir une traduction ou une explication en français. En acceptant la présente Privacy Policy, vous déclarez comprendre l’anglais et le contenu de cette Privacy Policy.
1. Introduction
2. Scope: to whom does this Privacy Policy apply and what does it cover? 3. How do we obtain personal data?
4. Which personal data do we collect?
5. For which purposes do we process personal data?
6. To whom can we transmit your personal data?
7. Are your personal data protected?
8. How long will your personal data be saved?
9. Will your personal data be used for automated decision-making? 10. What are your rights?
11. How can you contact us?
12. Modifications to this Privacy Policy
13. Legislation and competent courts
Date of Last Revision: 24/08/2020
This website (« Website ») (https://poppy.be) and the Poppy application (« Application ») are the property of and are managed by Poppy Mobility NV (« Poppy »), an environmentally friendly vehicle (cars: SEAT Ibiza, SEAT Mii, SKODA Citigo, OPEL Corsa – scooters: NIU – kickscooters: OKAI) sharing platform, established at Sanderusstraat 25, 2018 Antwerpen, registered under number BE 0681.505.370.
At Poppy, we do our utmost to protect and process the personal data that are entrusted to us in a correct and transparent way, more particularly in accordance with the applicable law and especially with the General Data Protection Regulation 2016/679 of 27 April 2016 (« GDPR »).
This policy applies to all individuals of whom we process personal data (data subjects), such as clients, Website visitors and Application users.
With this Privacy Policy, we wish to inform you about how and why we process your personal data as a controller when we perform our activities or when you visit this Website, use the Application or drive a vehicle, to whom we transmit this information, what your rights are and who you can contact for more information.
We can obtain such personal data because you have given it to us. Registering on the Website or Application and filling out the fields that request some personal data make said data immediately available to Poppy.
We can also obtain your personal data through the way in which you interact with us, such as by booking or using a car, scooter or kick scooter or by using our Customer Service.
The personal data that we collect can include the following elements:
Identification information
When you decide to sign up for our services and create an account when you buy one of our packs or gift cards online, send us an email or communicate with our customer service, you are voluntarily providing us with certain individually identifiable information that we collect and process. Such personal information may include but is not limited to your name, date of birth, physical address, email address, telephone number, billing information, driver license number and image thereof, bank account number or other payment details such as credit card number or other payment method numbers, and the expiration date.
Personal characteristics
Poppy will not collect data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We may, however, sometimes ask you questions asking about your character (e.g. “would you describe yourself as eco-conscious?”) via a survey. Surveys remain anonymous and are answered on a voluntary basis; this means you may refrain from answering any such questions.
Consumption habits
When you decide to use any of our vehicles (cars, scooters, or kick scooters), you are voluntarily providing us with certain individually identifiable information regarding their usage. We collect and process this information, which may include but is not limited to the type of vehicle you used, the duration of your booking, and the distance you drove a vehicle.
Judicial data
When you decide to use our vehicles (more specifically when using our cars and scooters), Poppy will collect some judicial data (e.g. “has your driver license already been revoked in the past?”) for insurance purposes as it is required by the law. This data and information are connected to the user’s driver license.
Voice recordings
When you decide to make use of our call centre, all calls are recorded for the purpose of checking the quality of the call and to train the call agents.
Location data
When you decide to use our Application on any mobile device you may or may not use the geolocation options that come with the mobile phone. However, when you decide to book any of our vehicles you are required to activate this option so that we can locate you with respect to the vehicle. You need to be in a certain distance of the vehicle to be able to unlock it. It is possible to turn off the geolocation option of your mobile phone at any time.
Poppy does not store this information. However, they may be sent to Google Firebase as a means of processing data and observing (anonymously) which countries users come from (we do not know where exactly the user was or is). This data is stored for 14 months.
Poppy collects, uses, and processes these data for the following purposes:
Execution of contract (art. 6, §1, b) of the GDPR)
a. Registration
During the registration, Poppy will process your data and verify it as a purpose of customer administration and to verify that you can be allowed to use our vehicles (e.g. you have a valid driver license).
b. Vehicle bookings and use of vehicle
Once registered, Poppy will process your data, such as identification information and location data, to process car bookings and allow the use of our vehicles via our Application (including the insurance Poppy offers you). We will also process your data for the purpose of accounting and any business transactions for vehicle booking.
Also, when you use a third-party platform (e.g. Skipr) to access Poppy services, Poppy might disclose some information to said third party for the execution of the contract you have concluded with them.
c. Customer service
We may process some data through our customer service when you need to contact us for help.
Compliance with legal obligations (art. 6, §1, c) of the GDPR):
We may also process your data in order to comply with the law, to complete all legally obligated paperwork in each country/region in which either you or Poppy is active or in case of illegal use when we receive orders from legal authorities.
Furthermore, our insurance requests some personal information such as your driver license or some judicial data. Those data are collected to insure you when you drive a Poppy’s vehicle as requested by the law.
Poppy may also use the personal data we collect to investigate or address fraud, claims or disputes relating to use of Poppy’s vehicles, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
Legitimate interests (art. 6, §1, f) of the GDPR):
Beyond the collection of your personal data to provide our services to you or to comply with legal obligations, we may collect and use your personal data for the following purposes:
a. Improve user experience
Tracking your use of the Application and/or the Website will allow us to personalize our services to your needs and process uploaded data related to your profile such as booking preferences, trips history or favorite addresses. It will allow you to correctly use the Application and/or the Website. This will also allow us to learn more about user preferences and general trends on the Application and/or the Website in order to improve the quality of the Application and/or the Website.
b. Improve customer service
Recording the incoming calls at the customer service has as a purpose to improve the service for our users by checking the quality of the calls and to train the call agents with the data and information that was collected.
c. Statistics/Reporting analytics
When you decide to provide us with further information through the form of a survey, call with our call centre, or Poppy usage we can decide to use these as a means of aggregated statistics. These will stay anonymous and help us at better understanding our users. We can then tailor content of our Website, newsletters, and other types of communication as precisely as possible to your interests and in this way offer you an improved service.
d. Distribution of newsletter/Marketing
The processing of your personal data for the purpose of the distribution of our newsletter is based on our legitimate interests. The user can stay informed of our upcoming events, products, and services from Poppy.
You can always choose to opt-out, at any time, of marketing promotions from us and/or email correspondence if you do not want your data to be used anymore for any of the aforementioned marketing purposes.
e. Sharing information with third parties
Some of your personal data could be disclosed to other companies of our companies’ group to improve our services (such as D’Ieteren and Lab Box).
Anonymous visitor information about our users and the use of our Application and the Website can be disclosed to third parties for marketing, advertising and promotional purposes as well as for statistical purposes for mobility trends.
Other processing:
We will ask for your consent before using any personal data for a purpose other than those that are set out in this Policy. However, if you decide to add or provide additional personal data to your personal settings which must not compulsorily be given through the
subscription process, by doing so, you give Poppy your explicit consent to process this additional personal data in accordance with this Policy.
This Website or Application may contain links to other websites. Although we try to only insert links to websites that share our own standards regarding data protection, we are neither responsible for the contents nor for the policy regarding data protection of those websites. This Privacy Policy only pertains to data processing by Poppy.
When you click on links on our Website, we strongly advise reading the privacy statements on the websites in question first, before sharing any personal data.
6.1 To payment providers
In order to process payment for your trips, Poppy shares your credit card details with its payment provider. Payments will be settled on a daily basis.
6.2 To law enforcement bodies
In the event that Poppy receives a request from the police services and when this request is lawful (for example regarding violations of the traffic legislation), your personal data will be shared with the involved police department.
6.3 To insurance parties
When you use Poppy, we will share your personal data with our insurance partner in order to verify your right to insurance, as we are legally obliged to do so.
Also, in the event that you would encounter a traffic accident while using a Poppy car, this information will be shared with our insurance partner to settle the claim.
6.4 To Group Companies
Poppy may disclose and transfer some of your personal information collected to its holding companies (D’Ieteren NV and Lab Box NV), any company that is a subsidiary of Poppy or any company that has a joint venture with Poppy or Poppy’s holding companies. The purpose of such transfer is to improve Poppy’s services.
6.5 To third parties’ platform
Should you use Poppy through a third-party platform (such as Skipr mobile application), some of your personal data might be transferred to said third party for the execution of the contract you have concluded with said third party.
Poppy protects the confidentiality, integrity and availability of your personal data. We use various technological and procedural security measures in order to protect your personal data from loss, misuse, alternation or destruction.
Poppy will not store your personal data longer than required for the above-mentioned operations.
As a general rule, the personal data of registered users are saved for:
Other periods of storing might apply for personal data processed in compliance with legal obligations.
Automated decisions are decisions about persons who are based solely on the automated processing of personal data without any human intervention and which produces legal effects that significantly affect the persons involved.
Poppy will track data subject’s driving behaviour through the use of a telematics box disposed in all of our vehicles. In case of repeatedly dangerous driving behaviour the involved data subject may be blocked. In the first instance this will always happen trough a manual intervention, it is in a second phase that this blocking may be the result of automated decision making. However, it will always be possible to bypass the automated decision making by human intervention and any final decision is taken by a human.
The data subject shall have the right not to be subject to a decision solely based on automated processing, including profiling and to exercise its right to object against automated decision making.
You have several rights regarding the personal data that we process. In particular, you have the right:
In view of the exercise of the above-mentioned rights, you can send an e-mail to privacy@poppy.be. You can also use this contact information if you wish to introduce a complaint regarding the processing of personal data.
Furthermore, if you think that Poppy did not act in accordance with the legislation concerning the processing of personal data, you can file a complaint with the Data Protection Authority:
Data Protection Authority Drukpersstraat 35, 1000 Brussel Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
E-mail: contact@apd-gba.be
If you have any questions regarding this Privacy Policy, you can contact us:
We can modify this Privacy Policy at all times. In order to keep you informed of the latest modification of this Privacy Policy, we shall adapt the revision date each time it is modified. The modified Privacy Policy shall enter into force as of that date.
Please consult this page regularly to keep informed of any modifications and/or additions. We will also proactively inform you about important changes to the Privacy Policy.
This Policy is governed by and construed in accordance with the Belgian legislation that is exclusively applicable to any potential dispute.
Any dispute arising under, or in connection with, this Policy shall be settled exclusively by the competent courts of Brussels, Belgium.