Privacy – Aimo Solution AB
To be able to provide our services to you as a customer (‘customer’, ‘you’), Aimo has to collect and process certain personal data about you. Your privacy is important to us and we are keen to be transparent about what data we process about you and why. We have consequently produced this Privacy Notice, which describes our processing of your data. Here we also explain your rights under the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Please read this Privacy Notice carefully and ensure that you understand it. If you do not want your personal data to be used as set out in this Privacy Notice, you should not register with Aimo or use our services.
NB! If you do not want your personal data to be collected and processed as described in this Privacy Notice you should not sign up to be a customer of Aimo or use any of our services.
1. Controller
Aimo Solution AB, corp. ID no. 559148-0941 (‘Aimo’, ‘we’, ‘us’ and ‘our’), of the postal address Warfvinges väg 30, SE-112 51 Stockholm, Sweden, is responsible (the data controller) for the processing of your personal data as described in this Privacy Notice. You may always reach out to us with any questions, queries or requests on matters related to our processing of your personal data via email to: privacy@aimoshare.se.
2. What information do we collect about you, what are our purposes and legal basis?
2.1 General information
It is important to us that you are aware of what information we collect about you, how it is collected and for what purposes. You may directly or indirectly provide us with information about yourself in connection with your visit to our website www.aimosolution.com (the “Website”), your download and use of our application (the “Aimo App”) or your use of our vehicle rental services (hereinafter referred to as our “Services”). What type of data we collect about you will vary, depending on whether or not you decide to create an account with Aimo. Please see below table to find out what data we collect about you and for what purposes.
Providing us with your personal data is not a statutory or contractual requirement. Nor are you obliged to provide us with your personal data. On the other hand, our possibility of entering into a contract with you, and subsequently performing our contract and also administering our relationship with you as a customer, will be affected if you do not provide us with your personal data.
If you register an account with Aimo, use the Aimo App or our Services:
Our purpose/purposes
Register you as a customer, provide you with a customer account and administer your account (including verification and log-in).
Type of data
- Name
- Personal identification number
- Driving license information (number, status and validity date)
- Customer account details (email address, and password)
- Contact details (email address, phone number)
- Identity and credit standing checks (details related to such checks such as BankID verification)
- Copy of driver’s license (in case of non-Swedish drivers license)
Processing activities
Setting up and administrating your account enabling you to access and use Aimo’s services.
Managing on boarding of customer, account log-in and verification in connection with log-in.
Verifying your identity.
Carrying out credit-standing checks, address and driving license verification against the relevant registers in order to ensure you have the right to gain access to our Services and capability to pay for them.
Legal basis
The processing activities are necessary for the performance of the contract between you and Aimo (necessary for Aimo to be able to provide you with a customer account and the Services as agreed in the contract to which you are a party).
Aimo has a legitimate interest to be able to identify and carry out necessary verification of customer’s identity and driving license and examine customer’s credit status before renting out a vehicle to customer, administer the contract and perform our obligations in relation to you as a customer.
Our purpose/purposes
Provide you with the Services, administrating your vehicle reservations and use of the Services.
Type of data
- Name
- Personal identification number.
- Driving license and driving license number, and, if applicable, a copy of your driving license.
- Contact details (email address, mobile number).
- Payment information (credit card number, billing address, transaction amount).
- Discount information (discount code, promotional code).
- Payment history and credit check report.
- Rental information (which vehicle is hired, time and place for vehicle pick-up and start of journey.
- Information about driving distance and electricity consumption.
- GPS position (only for congestion tax and bridge fees).
Processing activities
Provide you with the Services, administrating your vehicle reservations and use of the Services (including sending you emails and notifications concerning your use of the Services).
Handling of payment (including analysis of possible payment solutions which may include a check against payment history and collection of credit).
Keep track of distance, rental period and location of the vehicle in order to administer the Services.
Handling parking fines
Handling of complaints and warranty issues.
Check applied congestion tax or bridge fees during rental period.
Legal basis
The processing activities are necessary for the performance of the contract between you and Aimo (necessary for Aimo to be able to provide you with a customer account and the Services as agreed in the contract to which you are a party).
Aimo has a legitimate interest to be able to identify and carry out necessary verifications of customer’s identity and driving license and examine customer’s credit status before renting out a vehicle to customer, administer the contract and perform our obligations in relation to you as a customer.
Our purpose/purposes
Customer service and support
Type of data
- Name
- Personal identification number
- Contact details (email address, mobile number,
- Information provided by you in relation to your support request/message
- Support matter related information such as the time and place of collection of your vehicle, possibly defects, issues / complaints.
- GPS position
Processing activities
Identification.
Communication and response to any questions to customer service (by phone, email or in digital channels, including social media).
Investigations and support to complaints and requests associated with the use of our services, such as when we help you to solve a problem encountered when you rent a vehicle from us.
Legal basis
The processing activities are necessary for the performance of the contract between you and Aimo (necessary for Aimo to be able to respond to your support inquiries, process your requests for services identify the right customer, communicate with you about the services and your account as agreed in the contract to which you are a party).
Aimo has a legitimate interest to be able to administer the contract and perform our obligations in relation to you as a customer.
Our purpose/purposes
Fulfilling our legal obligations
Type of data
- Name
- Personal identification number
- Driving license information (number, status and validity date)
- Contact information (eg. postal address and email)
- Payment history
- Your correspondence (where applicable)
Processing activities
Accounting of economic transactions necessary for the fulfillment of our legal obligations under applicable laws, regulations or authority guidance/decisions (e.g. bookkeeping and car rental laws).
Handling of payment claims.
Handling of parking fines.
Handling of damage claims in relation to insurance companies and authorities.
Legal basis
To comply with our obligations to keep accounting records in accordance with the Bookkeeping Act (Sw. Bokföringslagen (1999:1078) and the Car Rental Act (Sw. Lag om biluthyrning (1998:492)) and other laws.
We also process certain data about your purchases in accordance with applicable sales or consumer sales legislation.
Our purpose/purposes
Communication and marketing
Type of data
- Name
- Email address
- Telephone number
- Address
- Age
- Gender
- Booking history
- IP-address
- Company (if corp. profile)
Processing activities
To communicate relevant information to you related to your use of the services and general information about the services such as updates to terms and conditions.
To communicate information of marketing character such as general information about Aimo e.g. press releases, newsletters and invitations to events.
To respond to questions from you e.g. when you contact us or ask us a question via the forms provided by us on our website, the Aimo App or by email.
To carry out targeted social media campaigns e.g. on Facebook. (As a user of social media platforms you always have the possibility to tailor and limit such activities.)
To provide marketing of products and services from other Aimo group companies
Legal basis
Aimo’s legitimate interest to communicate with you and to provide you with information about our services and about Aimo which we think is of interest to you.
You always have a right to choose not to receive information of marketing character (“Opt-out”)
Our purpose/purposes
Administering and managing admin accounts for corporate customers
Type of data
Name
Company
User data for your admin account (customer number, username, password)
Contact information (e-mail address, phone number, address)
Processing activities
Creating and administering an admin account for our corporate service
Creating targeted offers and discounts for your company regarding our corporate service
Legal basis
This processing is necessary for us to carry out our obligations pursuant to the customer agreement that we have entered into with your company with regard to the service we provide to your company and its users as well as to administer, invoicing, reminders, payments, claim and our accounting.
Our purpose/purposes
Customer surveys
Type of data
- Name
- Contact details (email address)
- Age
- Address
- Details about your recent use of the Services relevant for the survey (such as which vehicle you used)
- Information provided by you in relation to taking part in the survey.
Processing activities
Develop and analyse results from customer surveys or market research.
Compile statistics of usage of our services based on the personal data collected for the purpose.
Legal basis
Aimo has a legitimate interest to carry out customer surveys and market research related to the Services in order to improve our Services. Your participation in the survey is always voluntary.
Our purpose/purposes
Vehicle damage, security and claims management
Type of data
- Name
- Personal identification number
- Driving license and driving license number.
- Contact details (e-mail address, mobile number, address).
- Copy of driving license (where applicable)
- Information about your use of the Services/your rental.
- Information provided by you or someone involved in handling the case at hand.
- Claim matter number or similar
Processing activities
Managing claims and establishing insurance cover.
Communication with you to get more information about the case at hand.
Investigation of how an incident occurred including how vehicle damaged was caused.
Legal basis
The processing activities are necessary for the performance of the contract between you and Aimo (necessary for Aimo to be able to manage and respond to claims of vehicle damage and to communicate with you related to such matters).
Our purpose/purposes
Ascertaining vehicle location and route
Type of data
- Name
- Contact details (email address, mobile number, address)
- Vehicle GPS position
Processing activities
Ascertaining the current location of the vehicle in order to be able to show the next free and available vehicle for customer.
Record the destination, the start and finish times and the duration of the use.
Check where the vehicle is located such as in the event it has not been returned on time or if the vehicle is unlawfully parked outside of HomeZone or driven outside of permitted geographical. Communication with customer for the same purposes.
Legal basis
The processing activities are necessary for the performance of the contract between you and Aimo. Ascertaining vehicle location is a pre-requisite for the services.
Our purpose/purposes
Reporting of information to Biluthyrarna Sverige
Type of data
- Name
- Personal identity number
- Driving license and driving license number
- Reasons for reporting (in the form of a pre-set reporting code)
Processing activities
Reporting customer to Biluthyrarna Sverige for the purpose of registering customer on their specific car rental information list which is held and managed by Biluthyrarna Sverige with approval from the Swedish Data Inspection Authority (Datainspektionen). The purpose of the list is to provide affiliated car rental companies access to the information from the list with the recommendation not to rent vehicles to the listed individuals and thereby reduce the risk of damage and costs for car rental companies in Sweden. See section 3 below, information can also be found here: http://www.biluthyrarna.se.
Legal basis
Necessary to perform a task of public interest. Credit reporting activities are considered to be a task of public interest and in the same way reporting to Biluthyrarna Sverige is considered to be in the public’s interest because it is an important prerequisite in order for the car rental companies in Sweden to perform its business activities in a safe and secure manner.
Our purpose/purposes
Usage information (Aimo App and Services)
Type of data
- User ID
- Device and usage data such as language settings, precise location permission (non-continuous), page response times, content shown to you (your interactions with our App and Services)
Processing activities
To be able to provide you with the Services and to offer a better service such as by learning about what kind of content you may like or dislike. Some functions are different depending on platform.
We use precise location permission (non-continuous) to segment users when we communicate with them such as information about where the nearest vehicle may be available for renral.
The language settings are collected to determine in what language the App should be presented for you.
Legal basis
Certain processing activities such as basic app-settings are necessary for the performance of the contract between your and Aimo. Aimo has a legitimate interest in facilitating the functionality of our App, Services and detect, prevent and investigate security breaches.
Our purpose/purposes
Optimizing functionality, performance and customer experience of the Website, Aimo App and Services (through the use of cookies)
Type of data
Cookies (in the form of, for example, IP address, through cookies. Find out more about how we use cookies in our cookie policy available through the website.
Processing activities
Maintain, improve, and analyse our Website, Aimo App, and the Services we offer as well as to facilitate the functionality of the same and detect, prevent, or investigate security breaches through the use of cookies.
Legal basis
Aimo’s legitimate interest to optimise the functionality, user experience and performance of our Website, Aimo App and Services.
If you visit our website:
Our purpose/purposes
Optimising website functionality, performance and customer experience (through the use of cookies)
Type of data
Cookies (in the form of, for example, IP address, through cookies.
Processing activities
Maintain, improve, and analyse our Website as well as to facilitate the functionality of our Websites and detect, prevent, or investigate security breaches through the use of cookies.
Legal basis
Aimo’s legitimate interest to optimise the functionality, user experience and performance of our Website.
If a Website visitor does not agree to the processing of the data, the visitor can clear or block the use of cookies in their browser settings.
3. How we may share your personal data
Aimo will not, without your consent, pass on any information about you to any third party unless required by law to do so, or unless it is necessary in connection with a product or service you have requested or purchased from us.
Our service providers (data processors)
Your personal data is shared with our service providers that process personal data on our behalf (‘processors’). Our processors are our IT-and system suppliers and other suppliers providing us with services such as credit card and payment processing, website hosting and email communication.
We have entered into Data Processing Agreements with all or processors that regulates the processing of personal data on behalf of the data controller (Aimo).
Other entities within the Aimo group
Unless otherwise agreed during the registration process, Aimo is entitled to share your contact information with Aimo’s mother and sister companies, in order to give you information about any offers and activities those companies may have. You can at any given time withdraw your consent to Aimo sharing such information for marketing purposes whereby Aimo undertakes to not share any new contact information about you with above mentioned entities.
Creditsafe i Sverige AB
In connection with our performance of credit-standing checks, we share your social security number with Creditsafe i Sverige AB (“Creditsafe”), which will perform the credit check. Creditsafe is responsible for the personal data that the company processes in connection with it performing the credit check and you can read their privacy policy here: https://www.creditsafe.com/se/sv/product/privacy-policy.html
Biluthyrarna Sverige
We may report certain information about you (name, address, personal identity number and basis for reporting in the form of a reporting code) to Biluthyrarna Sverige for the purpose of registering you on their specific car rental information list which is held and managed by Biluthyrarna Sverige with approval from the Swedish Data Inspection Authority (Datainspektionen). The purpose of the list is to provide affiliated car rental companies access to the information from the list with the recommendation not to rent vehicles to the listed individuals and thereby reduce the risk of damage and costs for car rental companies in Sweden. Aimo may report information about you to the list if you (i) do not return the vehicle after the Rental Period, (ii) do not pay parking fines, iii) do not pay rent and other fees as agreed, iv) neglect the vehicle, v) are notified to the police for unauthorized use, or unlawfully let another driver manage the vehicle. Purpose of the transfer of personal data to the Car Rental. If you get registered on the information list you will receive a letter from Biluthyrarna Sverige with more information about this including the reason for registration and that the information will remain registered on the list for 24 months. More information can be found here: http://www.biluthyrarna.se.
When sharing is required by law
We may disclose your information if we are required to do so by law or other legal process.
When you request us to do so
Through your use of the Services you may choose to give us permission or direct us to share information about you with other companies such as social media service providers.
Transfers to third countries
We and our suppliers and cooperating partners generally only process your personal data within the EU/EEA. In the event a situation arise where the data must be processed in and thereby transferred to a destination outside of the EU/EEA by us or one of our suppliers or subcontractors we promise you that we will take all reasonable legal, technical, and organisational measures to ensure that your data is treated securely and with an adequate level of protection compared to and in line with at least the level of protection offered within the EU/EEA.
4. For how long do we save your personal data?
We will keep your data for the time necessary to provide the Services requested by you as a customer of Aimo or stated by our purposes of the processing as outlined above. This means, inter alia, that we will delete your personal data in our databases when a customer is no longer using our Services or when the information is no longer necessary for the purpose for which it was collected. Where we keep your data for purposes which are not related to our contractual agreement such as for purposes like legitimate interest, we keep the data only as long as necessary and/or required by law for the respective purpose.
We never process your personal data for longer than permitted according to applicable laws, ordinances, practice or official decisions. Personal data that we process for the purpose of performing our contract with you is processed as a starting point during the period it is necessary for us to be able to administer the contractual relationship, exercise our rights and perform our commitments in relation to you. However, we may save your personal data for longer in accordance with the following in order to comply with statutory requirements, because you have consented to us doing so or because we are entitled to do so upon a balance of interests.
- Personal data that we process for the purpose of performing our contract with you/the party by whom you are employed is processed as a starting point during the period it is necessary for us to be able to administer the contractual relationship, exercise our rights and perform our commitments in relation to you/the party by whom you are employed. If your employment with the customer or the assignment in relation to us ceases, we will stop our processing of your personal data as soon as we have been informed of this by you or our customer. Inactive contracts that include your personal data are saved for ten (10) years owing to the general time limit rules under the Limitation Act (1981:130).
- Your personal data that we process on the basis of consent is processed until you withdraw your consent.
- Your personal data that we process on the basis of legitimate interests for the purposes outlined above are processed for as long as the matters are ongoing and the purposes otherwise remains.
- Your personal data that we process on the basis of a legitimate interests for the purpose of marketing ourselves to you is processed in accordance with applicable national legislation and practice and varies depending on your relationship with us: a) if you subscribe to one of our mailings, we will process your data until you have notified us that you no longer want to receive our mailings (“Opt-out), b) if you have a customer relationship with us, and do not subscribe to any of our mailings, we will process your personal data for no more than one (1) year after your customer relationship has ended or until you have notified us that you no longer want to receive our mailings, c) if you are not an active customer of ours and have not subscribed to any of our mailings, we will process your personal data for no more than three (3) months or until you have notified us that you no longer want to receive our mailings.
- Personal data processed for the purposes required according to the Bookkeeping Act (1999:1078) is processed for seven (7) years in accordance with the Bookkeeping Act (1999:1078).
- The data we process about you and your purchases in accordance with applicable sales or consumer sales legislation is processed in accordance with applicable laws.
- Deadlines for thinning out data related to our use of cookies are specifically described in our Cookie Statement, which is available through our website.
5. Security measures
Aimo protects your personal data using technical and organisational security measures. To prevent unauthorised access and ensure data accuracy, Aimo have implemented strict guidelines for the organisation regarding the processing of personal data.
We try to strike a balance between the security of your data and your convenience. As a result, we may sometimes use a method of communication that is less secure than a less convenient alternative. For example, we may send you an e-mail or a text message in unencrypted form (i.e. instantly readable) because many of our customers are unable to access encrypted (i.e. coded) e-mail or messages. This means that our message, if misrouted or intercepted, could be read more easily than encrypted messages. Such messages may contain personal data. Please do not include confidential information, such as your credit card number or account passwords, in any e-mail or text you send to us or on any posting you make to a public area of a third-party social network page, especially since any such posting immediately becomes public.
6. Automated decision-making incl. profiling
Sometimes we use automated decision-making. It can e.g. be an automated rejection of a reservation. Usage of automated decision-making could for instance mean that you do not have the possibility to reserve certain vehicles based on your age or any vehicle based on your credit rating which you have provided or we which have obtained electronically without personal contact. This information is relevant since we made a risk assessment implying that it is not commercially desirable to rent out certain categories of vehicles to people under a certain age or with a low credit rating.
You have the right not to be subject to a decision based solely on any form of automated decision-making, including profiling, if the decision may have legal consequences for you or in a significant way affects you in any other way. However, we have the right to use automated decision-making if it is necessary for entering into or performance of an agreement between you and us or if you have given consent to the processing. You have the right to personal contact with us which means that you can contact us via the contact information provided in section 8 to express your opinion and oppose the decision.
7. Your rights
Right to access
If you wish to access information about how we process your personal data, please contact us at privacy@aimoshare.se. Your request will be processed promptly, and within no longer than 30 days. We will provide you with the information free of charge. For any further copies we reserve the right to charge a reasonable fee based on our administrative costs for such request.
Right to rectification
We make every effort to ensure that all data we process is accurate. If you discover that we have incomplete or inaccurate personal data about you in our records, please let us know and we will complete, or rectify this information immediately.
Your right to erasure
You have the right to request that we erase your personal data under the following circumstances:
- your personal data is no longer needed for the purpose(s) we collected it for
- the personal data is processed for direct marketing purposes (none-service-related information)
- your right as an individual override our legitimate interest to continue the processing of your personal data (where we rely on legitimate interest as the legal ground)
- the processing of your personal data is not in compliance with applicable law
- the personal data has been processed to offer information society services to a child
We will always erase personal data if needed in order for us to comply with a legal obligation. If we refuse your request to erasure, we will provide you with information regarding our ground(s) for such refusal.
Your right to restrict processing
You have the right to obtain restriction of the processing of your personal data:
- for a period enabling us to verify the accuracy of the personal data where you have objected to the processing or contested the accuracy of it;
- where the processing is unlawful, and you have opposed to the erasure of the personal data and request the restriction of its use instead; and/or
- where we no longer need the personal data for the purposes of the processing but are required to keep the data for the establishment, exercise or defense of a legal claim.
If we restrict the processing of your personal data per above, we will still store the data but not use it other than:
(i) with your consent;
(ii) for the establishment, exercise or defense of legal claims;
(iii) for the protection of the rights of another natural or legal person; or
(iv) for reasons of important public interest of the EU or of a Member State.
The right to data portability
Where we process your personal data by automated means with your consent as the legal basis or for the performance of a contract you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format (data portability).
The right to object
If you object to our processing of your personal data, including profiling, based on the purpose of our legitimate interests we will cease the processing unless we can demonstrate compelling legitimate grounds. We may also continue with the processing activity if it is necessary for the establishment, exercise or defense of legal claims.
If our purpose for the processing is direct marketing (none-service-related information), we will immediately cease with such processing upon receiving a request to objection from you per above.
You are also entitled to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen: www.datainspektionen.se) or other competent supervisory authority exercising supervision of the processing of personal data by a company if you have any complaints relating to our processing of your personal data.
8. Contact details
We hope that the above information is useful for you and provides you with clarifications on why and how we process your personal data. If you have questions about the processing of your data or wish to exercise your rights in accordance with the above, please feel free to contact us by email at: privacy@aimoshare.se.
______________________
This privacy notice was last updated on 27 August 2020